Overview

URLxdesert3dgamex.com/Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=HD+Online+Player+(Focus+3+Full+Movie+Tamil+Dubbed+In+H)&s3=HD+Online+Player+(Focus+3+Full+Movie+Tamil+Dubbed+In+H)&s2=mmaa&s1=gfHsiY20iOiJNYWMiLCJzcyI6IjE2NTgyMTk0NzMiLCJycyI6IjI1OTAiLCJkcyI6IjEzMTU4NDAifXw
IP 188.72.236.136 (Netherlands)
ASN#35415 Webzilla B.V.
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-08-31 09:59:48 UTC
StatusLoading report..
IDS alerts0
Blocklist alert9
urlquery alerts No alerts detected
Tags None

Domain Summary (28)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-08-31 02:24:51 UTC 34.120.237.76
grehtrsan.com (3) 0 2022-04-08 09:05:55 UTC 2022-08-31 06:47:03 UTC 139.45.197.236 Unknown ranking
ptauxofi.net (2) 35628 2021-03-31 05:35:12 UTC 2022-08-30 23:57:02 UTC 139.45.197.250
go.ad2upapp.com (1) 566190 2016-06-11 11:42:08 UTC 2022-08-31 06:33:00 UTC 139.45.197.237
fonts.gstatic.com (9) 0 2014-04-02 10:51:04 UTC 2022-08-31 04:54:57 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-08-31 04:58:05 UTC 23.36.76.226
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-08-31 04:57:20 UTC 34.117.237.239
lassampy.com (1) 0 2022-06-30 15:47:18 UTC 2022-08-31 09:26:09 UTC 139.45.197.237 Unknown ranking
firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2022-08-31 05:00:35 UTC 143.204.55.27
tagstaticx.com (1) 246305 2020-11-07 07:01:39 UTC 2022-08-31 01:57:20 UTC 188.114.96.1
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-08-31 05:05:27 UTC 143.204.55.35
xdesert3dgamex.com (2) 0 2021-11-18 09:11:33 UTC 2022-08-31 04:48:39 UTC 188.72.236.136 Unknown ranking
my.rtmark.net (4) 9054 2015-02-04 09:54:57 UTC 2022-08-31 02:04:34 UTC 139.45.195.8
ocsp.pki.goog (17) 175 2017-06-14 07:23:31 UTC 2022-08-31 05:05:03 UTC 142.250.74.3
toapodazoay.com (3) 624090 2017-11-17 09:59:00 UTC 2022-08-31 06:32:52 UTC 139.45.197.155
tagdatax.com (6) 241117 2020-11-06 18:57:09 UTC 2022-08-31 00:58:30 UTC 139.45.195.253
fonts.googleapis.com (3) 8877 2012-05-23 12:41:44 UTC 2022-08-31 09:25:00 UTC 142.250.74.10
mybestclick.mobi (1) 0 2015-04-30 20:25:52 UTC 2022-08-31 00:58:28 UTC 174.138.110.129 Unknown ranking
ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-08-31 04:56:59 UTC 93.184.220.29
health-beauty.shop (27) 0 2021-02-03 18:57:52 UTC 2022-08-31 06:54:28 UTC 63.250.43.16 Unknown ranking
ocsp.sectigo.com (9) 487 2018-12-17 11:31:55 UTC 2022-08-31 05:12:59 UTC 172.64.155.188
go.deliverymodo.com (2) 672700 2016-07-21 09:52:46 UTC 2022-08-31 07:12:52 UTC 139.45.197.236
cpaleed.click (1) 0 2022-06-28 08:51:31 UTC 2022-08-31 07:26:43 UTC 95.217.113.164 Unknown ranking
www.mybestclick.mobi (2) 0 2015-03-15 13:57:22 UTC 2022-08-31 00:58:28 UTC 174.138.110.129 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-08-31 05:14:10 UTC 52.42.74.230
www.google.com (5) 7 2012-05-22 04:23:54 UTC 2022-08-31 04:56:20 UTC 142.250.74.164
pagead2.googlesyndication.com (1) 101 2012-05-21 07:15:40 UTC 2022-08-31 05:19:28 UTC 142.250.74.2
unphionetor.com (3) 54035 2022-02-11 12:53:49 UTC 2022-08-31 05:41:01 UTC 139.45.197.236

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-08-31 2 grehtrsan.com Sinkholed
2022-08-31 2 grehtrsan.com Sinkholed
2022-08-31 2 lassampy.com Sinkholed
2022-08-31 2 unphionetor.com Sinkholed
2022-08-31 2 ptauxofi.net Sinkholed
2022-08-31 2 unphionetor.com Sinkholed
2022-08-31 2 ptauxofi.net Sinkholed
2022-08-31 2 unphionetor.com Sinkholed
2022-08-31 2 grehtrsan.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 188.72.236.136
Date UQ / IDS / BL URL IP
2023-01-29 13:46:56 +0000 0 - 0 - 1 1writtedr.com/mTryA990542f9e62830d053ebeb60b2 (...) 188.72.236.136
2023-01-28 19:19:43 +0000 0 - 0 - 1 1writtedr.com/mTryA990542f9e62830d053ebeb60b2 (...) 188.72.236.136
2023-01-28 16:36:49 +0000 0 - 10 - 0 1anoth3rdoman1.com/mCrnl9d0745f9c8757824933c8 (...) 188.72.236.136
2023-01-22 10:24:01 +0000 0 - 0 - 2 1anoth3rdoman1.com/mCrnl9d0745f9c8757824933c8 (...) 188.72.236.136
2023-01-22 06:38:30 +0000 0 - 0 - 2 1anoth3rdoman1.com/mCrnl9d0745f9c8757824933c8 (...) 188.72.236.136


Last 5 reports on ASN: Webzilla B.V.
Date UQ / IDS / BL URL IP
2023-01-29 18:04:47 +0000 0 - 0 - 3 immediatesignal.pro/ 188.72.219.36
2023-01-29 17:44:23 +0000 0 - 1 - 0 pornlib.com/ 78.140.182.217
2023-01-29 16:14:40 +0000 0 - 0 - 5 majorcharacter.com/cdG-Ffzgc.zh9ik_akXlQm9nM- (...) 88.85.94.246
2023-01-29 15:25:41 +0000 0 - 0 - 3 arabia-mcdelivery.info/ 188.72.205.254
2023-01-29 13:46:56 +0000 0 - 0 - 1 1writtedr.com/mTryA990542f9e62830d053ebeb60b2 (...) 188.72.236.136


Last 5 reports on domain: xdesert3dgamex.com
Date UQ / IDS / BL URL IP
2022-11-07 15:55:07 +0000 0 - 0 - 2 xdesert3dgamex.com/Purb99d0745f9c8757824933c8 (...) 188.72.236.136
2022-10-25 03:54:15 +0000 0 - 0 - 2 xdesert3dgamex.com/Purb99d0745f9c8757824933c8 (...) 188.72.236.136
2022-10-22 23:19:58 +0000 0 - 0 - 2 xdesert3dgamex.com/Purb99d0745f9c8757824933c8 (...) 188.72.236.136
2022-10-22 21:52:41 +0000 0 - 0 - 2 xdesert3dgamex.com/Purb99d0745f9c8757824933c8 (...) 188.72.236.136
2022-10-22 13:38:41 +0000 0 - 0 - 2 xdesert3dgamex.com/Purb99d0745f9c8757824933c8 (...) 188.72.236.136


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-09-10 10:04:37 +0000 0 - 0 - 2 ungroudonchan.com/4/4598789?ymid=WW75v8Gyet6K (...) 139.45.197.238
2022-09-09 10:20:29 +0000 0 - 0 - 2 ungroudonchan.com/4/4598789?ymid=XfkpiCCMzPKg (...) 139.45.197.238
2022-09-09 04:02:15 +0000 0 - 0 - 2 ungroudonchan.com/4/4598789?ymid=5bFEcNqFhest (...) 139.45.197.238
2022-08-31 07:58:25 +0000 0 - 0 - 6 rouonixon.com/4/4676791/ 139.45.197.238
2022-08-30 21:09:42 +0000 0 - 0 - 2 eu.gotbstgifts.click/sk/s22i13/brand/heureka/ (...) 164.92.232.111

JavaScript

Executed Scripts (26)

Executed Evals (1)
#1 JavaScript::Eval (size: 79) - SHA256: d80ca18a2f084b4418c038570e68c7ef5e5026992941be51f7e11c6ef3ecaeff
(() => {
    const a = async
    function name() {};
    window['i48im5ea73'] = true;
})()

Executed Writes (0)


HTTP Transactions (124)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 31 Aug 2022 09:02:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: H6-_1mUPHxtNH0ufgTfuJpvlvPYUxxw29daaa0IWjyg7_KT-14XHhw==
Age: 3438


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    99b7d23c1748d0526782b9ff9ea45f09
Sha1:   eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
Sha256: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "ECE269E8B9BE8A5839D75C1343823D68B96930C593C2E3E8D522999176EE3149"
Last-Modified: Mon, 29 Aug 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7850
Expires: Wed, 31 Aug 2022 12:10:27 GMT
Date: Wed, 31 Aug 2022 09:59:37 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 31 Aug 2022 02:27:05 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HiRy3-Vrc_5MAtXR1cGgGwht8s8vBXxFF4jQzcG4DhvndO_C9yU6YA==
age: 27153
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /Purb99d0745f9c8757824933c881516f6b51678e7f13f?q=HD+Online+Player+(Focus+3+Full+Movie+Tamil+Dubbed+In+H)&s3=HD+Online+Player+(Focus+3+Full+Movie+Tamil+Dubbed+In+H)&s2=mmaa&s1=gfHsiY20iOiJNYWMiLCJzcyI6IjE2NTgyMTk0NzMiLCJycyI6IjI1OTAiLCJkcyI6IjEzMTU4NDAifXw HTTP/1.1 
Host: xdesert3dgamex.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         188.72.236.136
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Wed, 31 Aug 2022 09:59:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bd_context=rXJj0/aH6+7z6DRB4DKVw8pcExF3IuT79P41nr4XWMgWo5G7x3ooWlIoCbnaqCHJAFpOb1vpi4XdYbs9e+ORTmFqaZgF2yJ/xo9bF0z43OmjJgRCrPN8QK2rCPX1qKBXQIsDhoJ0ImIuuW4ozvZcomaz/MNigrHIxqnA13dfHDVm+rJoiLyh9/8oWX6ugMPlTCSfI4YZi+U/GSvdkS0MWtX/UTxF+yzf1QHYlkmevp9/YOXa47AYPZ7/JjIFzcbh6x/3oCtrNAMz4r5UslKW2A7+iipJ2tdvMJboz5fWnZ75tU2B2Av7SC0MdYrlbCMIVms0hk2VoK1kAjNUqBA/FMjcvw==; Expires=Thu, 31 Aug 2023 09:59:37 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5397), with no line terminators
Size:   5397
Md5:    091899aa75a96a3160cfdb837086bd41
Sha1:   4dc771aad7fea15ea43d5a49350dd55430e4f972
Sha256: d8b1ba5e23fee46002f73d96965ad53e9750e930685b041b097e28b5e65cb341
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:37 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: xdesert3dgamex.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://xdesert3dgamex.com/
Connection: keep-alive
Cookie: bd_context=rXJj0/aH6+7z6DRB4DKVw8pcExF3IuT79P41nr4XWMgWo5G7x3ooWlIoCbnaqCHJAFpOb1vpi4XdYbs9e+ORTmFqaZgF2yJ/xo9bF0z43OmjJgRCrPN8QK2rCPX1qKBXQIsDhoJ0ImIuuW4ozvZcomaz/MNigrHIxqnA13dfHDVm+rJoiLyh9/8oWX6ugMPlTCSfI4YZi+U/GSvdkS0MWtX/UTxF+yzf1QHYlkmevp9/YOXa47AYPZ7/JjIFzcbh6x/3oCtrNAMz4r5UslKW2A7+iipJ2tdvMJboz5fWnZ75tU2B2Av7SC0MdYrlbCMIVms0hk2VoK1kAjNUqBA/FMjcvw==

search
                                         188.72.236.136
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 31 Aug 2022 09:59:37 GMT
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /track.php?aid=1803&oid=6179&source=35040&transaction_id=AAkxD2PgiAAAg1ICAE5PFgAMAKHZX9AA HTTP/1.1 
Host: mybestclick.mobi
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://xdesert3dgamex.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         174.138.110.129
HTTP/1.1 301 Moved Permanently
                                        
Location: https://www.mybestclick.mobi/track.php?aid=1803&oid=6179&source=35040&transaction_id=AAkxD2PgiAAAg1ICAE5PFgAMAKHZX9AA
Content-Length: 0
Date: Wed, 31 Aug 2022 09:59:37 GMT
Server: lighttpd/1.4.54

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 31 Aug 2022 09:17:12 GMT
Cache-Control: max-age=3600
Expires: Wed, 31 Aug 2022 09:39:09 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -1Hd6yA-ME477uzxZ6PGGFtwDcUcb2-Axxei8-gu-HEiQ85TDMLDBQ==
Age: 2546


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2053
Cache-Control: 'max-age=158059'
Date: Wed, 31 Aug 2022 09:59:38 GMT
Last-Modified: Wed, 31 Aug 2022 09:25:25 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F3E30EC5B58838F3E346C91D04F7C09BF172C2E532E6968C570B0788501555AE"
Last-Modified: Mon, 29 Aug 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9566
Expires: Wed, 31 Aug 2022 12:39:04 GMT
Date: Wed, 31 Aug 2022 09:59:38 GMT
Connection: keep-alive

                                        
                                            GET /track.php?aid=1803&oid=6179&source=35040&transaction_id=AAkxD2PgiAAAg1ICAE5PFgAMAKHZX9AA HTTP/1.1 
Host: www.mybestclick.mobi
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://xdesert3dgamex.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         174.138.110.129
HTTP/1.1 302 Found
                                        
X-Powered-By: PHP/5.6.40
Set-Cookie: prosearch_6179=23180000e1060000120700000a310f6320570f63; expires=Fri, 30-Sep-2022 09:59:38 GMT; Max-Age=2592000; path=/; domain=.mybestclick.mobi
Refresh: 1 ; url=https://grehtrsan.com/link?z=5066548&var=1803&ymid=3_23180000e1060000120700000a310f6320570f63
Content-type: text/html; charset=UTF-8
Content-Length: 0
Date: Wed, 31 Aug 2022 09:59:38 GMT
Server: lighttpd/1.4.54

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CU4VDI1NbfUSANPjIwNDzA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.42.74.230
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ip2mo4Hah4t14/+N3mvGu6REvIw=

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.mybestclick.mobi
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mybestclick.mobi/track.php?aid=1803&oid=6179&source=35040&transaction_id=AAkxD2PgiAAAg1ICAE5PFgAMAKHZX9AA
Cookie: prosearch_6179=23180000e1060000120700000a310f6320570f63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         174.138.110.129
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Accept-Ranges: bytes
ETag: "3886009543"
Last-Modified: Thu, 19 Feb 2015 16:20:20 GMT
Content-Length: 3829
Date: Wed, 31 Aug 2022 09:59:38 GMT
Server: lighttpd/1.4.54


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   3829
Md5:    94ef1ad99964f1819256ed1ff2eea701
Sha1:   6d8bdf8410a6b178449687f2d04172783874f814
Sha256: 5c00d954319944b33d6e8ef3e7c2fe3dcf5af5cc8cab098322a9fc12da813eb5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "12BC5FBBAF66DBB3D778DB71B1158C6CF2C1A92F7E4DC95AFD45EFBD48C9639E"
Last-Modified: Wed, 31 Aug 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17863
Expires: Wed, 31 Aug 2022 14:57:22 GMT
Date: Wed, 31 Aug 2022 09:59:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13382
Expires: Wed, 31 Aug 2022 13:42:41 GMT
Date: Wed, 31 Aug 2022 09:59:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13382
Expires: Wed, 31 Aug 2022 13:42:41 GMT
Date: Wed, 31 Aug 2022 09:59:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13382
Expires: Wed, 31 Aug 2022 13:42:41 GMT
Date: Wed, 31 Aug 2022 09:59:39 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5079
x-amzn-requestid: 3b19c77a-2e9b-499f-890b-36fc4ee72ba7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XslOVEtZIAMFv1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e825b-01b7b71617b59f7414a0e5e5;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 21:34:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: zYT0vF7Bxa5m84D12jI2w_A-MzR3wIMBOb0ubTEdNMlpYUes5aYdlQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 21:48:04 GMT
age: 43895
etag: "288b82ad8f924eb9570ae1c55da84d041f862366"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5079
Md5:    5c3b7580a37e6eb7e5bd18491f1d4dd6
Sha1:   288b82ad8f924eb9570ae1c55da84d041f862366
Sha256: 046d1ef76448c53446068ef5f8315b7299484996cdebfd9d1e749b4ded9c7d3c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19ba8fe3-457c-4bad-b2a1-6d51a1c61b94.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7276
x-amzn-requestid: 65f026f1-3c03-4850-a952-0a252a007a3e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XsxjcG-HIAMFYxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e9615-402b9de3357e992e0d81f28f;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 22:58:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Z4NjBTgda9hxusXkOFt6AnCM7YCDHTU3h7eADkO80uFlSozsiNOtbw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 23:32:44 GMT
age: 37615
etag: "6f0e90a4c1b89a94a4da6aab989843d9b05196dc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7276
Md5:    1d7da3cad988387f5022b58246cf134a
Sha1:   6f0e90a4c1b89a94a4da6aab989843d9b05196dc
Sha256: 0924da916c2f32a40d27b6e45cfa794c00e5e27df45da0ee7a81bb920cf5ded5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5b5a9a-050c-4a84-9e0d-dfa84795640f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8009
x-amzn-requestid: 6d716dae-efa3-449a-a505-fb5f3d99c2df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XsvlaFEaoAMFwDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e92ef-708228ce7e1fb3cb770cb490;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 22:45:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 03y3JoF38R7gjBYS3gHyOsivob68ykKlwvAIFEwiat2FjYfKWh-afA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 00:33:08 GMT
age: 33991
etag: "98e27f0dafd7b1b49e159ee038b41a811096a2d0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8009
Md5:    6b2c036e67f8c39c136f6c69b0922eb1
Sha1:   98e27f0dafd7b1b49e159ee038b41a811096a2d0
Sha256: 9dc9e00e6f63a22dd85f54ba26326a9733f6c1d7a19c7b1636f14fca2722e6eb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d2b8cd4-2da8-44e6-9499-b1190e129379.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6266
x-amzn-requestid: 82231f45-328a-479a-b346-108fe6a0c190
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjU6bEP5IAMFaGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630acea8-6545154a39b44bb04d3bc18c;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 02:10:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P_a-E2SVJUpYrlOzoX9kDtHoAeyEpcqEXau-5wDupR-9AAk3gQgaHQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 12:26:10 GMT
age: 77609
etag: "ff6de19656bc0ee5649c1367448116a9576a690a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6266
Md5:    9843fcd5eb49c75b942e3dd042f3a931
Sha1:   ff6de19656bc0ee5649c1367448116a9576a690a
Sha256: 8e9679e05e1b2194e44a962a19f226793b5d7fc2334df64f8dd560498532ad3a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9551c30-d090-4465-bc2a-10ab11908481.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7878
x-amzn-requestid: b7dd5cd0-da71-4d3b-92d6-2e2d154ffa24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XslO_GkpoAMFU4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e825f-484871e9771f18a2127724eb;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3xpKEY0NjCfFzwUA4snDIuswFul-vUMJiageR55gmsnDzmDEZXLomQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 21:48:21 GMT
age: 43878
etag: "90810a5992bfb6e6706b5c8e3e90f81b5cb95d62"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7878
Md5:    64210c7890c4bffddca12e968ca8aeab
Sha1:   90810a5992bfb6e6706b5c8e3e90f81b5cb95d62
Sha256: 75f4ac933160807d3a459e734263d2c39414134c1a3d0d1982dc4a790e1f338c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4a0e321-c414-4af7-9075-ed1965872194.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5911
x-amzn-requestid: ff3b12df-1798-40bb-bf02-ad198710da96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XdcGHFGYoAMFw_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630873c0-00cd86e97d0687c702a49ecb;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 07:18:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Cye1gqpeY74FmJV8LaYt9HN_CHH0l-OhkdHM35WydK61gQm50CrMVw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 18:11:33 GMT
age: 56886
etag: "18d7ffa17365f5f43f3ed702ef2ba80d9a7a12cb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5911
Md5:    084c7b9f1244ec72236ab517787af1e2
Sha1:   18d7ffa17365f5f43f3ed702ef2ba80d9a7a12cb
Sha256: 2ea7697ebc332bec201ffeaed54a738869b6c64784916574db2c7e6a7990fb3f
                                        
                                            GET /link?z=5066548&var=1803&ymid=3_23180000e1060000120700000a310f6320570f63 HTTP/1.1 
Host: grehtrsan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         139.45.197.236
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:39 GMT
content-length: 0
location: https://tagstaticx.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5066548&axcusid1=1803&clid={ymid}&r=http%3A%2F%2Fgrehtrsan.com%2Flink%3Fz%3D5066548%26var%3D1803%26ymid%3D3_23180000e1060000120700000a310f6320570f63%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 3064ba74a50cb0ae0ea761858ad0460f
link: <https://tagstaticx.com>; rel="dns-prefetch preconnect"
set-cookie: OAID=2799796940574ce4a5aa3ba6cb75b397; expires=Thu, 31 Aug 2023 09:59:39 GMT oaidts=1661939979; expires=Thu, 31 Aug 2023 09:59:39 GMT phpckd5066548=true; expires=Thu, 01 Sep 2022 09:59:39 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 29 Aug 2022 06:25:19 GMT
Expires: Mon, 05 Sep 2022 06:25:18 GMT
Etag: "d20d93c4ed1b30a5e65d3a37c8873836a2e5c291"
Cache-Control: max-age=418537,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7434ea2bcbc2b509-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 29 Aug 2022 09:40:14 GMT
Expires: Mon, 05 Sep 2022 09:40:13 GMT
Etag: "e48161521067fa952753e1c13ff9c63efdcf0871"
Cache-Control: max-age=430232,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7434ea2bcb86b4f9-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 29 Aug 2022 09:40:14 GMT
Expires: Mon, 05 Sep 2022 09:40:13 GMT
Etag: "e48161521067fa952753e1c13ff9c63efdcf0871"
Cache-Control: max-age=430232,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7434ea2bc8100b4d-OSL

                                        
                                            GET /gid.js HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Origin: https://tagstaticx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:40 GMT
content-length: 65
access-control-allow-origin: https://tagstaticx.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=54659acf52bb442182046beaf79bb524; expires=Thu, 31 Aug 2023 09:59:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    f30bd50944da13118cdb39effc5f5fec
Sha1:   af404b5991814c10bf92bb875e66a27beed83a8c
Sha256: fa634e9e49154a527331ce1c6a525946dd533efaaf3aabacf1ec8a03421550dc
                                        
                                            POST /ir/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 361
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            GET /ws?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tagstaticx.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wftdRIoVtIZ6TiRMKRsnxg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         139.45.195.253
HTTP/1.1 101 Switching Protocols
                                        
Server: nginx/1.19.10
Date: Wed, 31 Aug 2022 09:59:40 GMT
Connection: upgrade
Upgrade: websocket
Sec-Websocket-Accept: MVh/HTlErhKm9tTnu1QeL69IWgk=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 29 Aug 2022 09:40:14 GMT
Expires: Mon, 05 Sep 2022 09:40:13 GMT
Etag: "e48161521067fa952753e1c13ff9c63efdcf0871"
Cache-Control: max-age=430232,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7434ea2bcf46b518-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 29 Aug 2022 09:40:14 GMT
Expires: Mon, 05 Sep 2022 09:40:13 GMT
Etag: "e48161521067fa952753e1c13ff9c63efdcf0871"
Cache-Control: max-age=430232,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7434ea2bce330afe-OSL

                                        
                                            GET /version.js?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.19.10
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 57
Connection: keep-alive
Cache-Control: private, max-age=63072000


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   57
Md5:    baab2895259cc26e532de205a53e4361
Sha1:   20401aed6ad15bb49bf7eccea4a18ec1721b14e8
Sha256: 9f14cfbea310d21db1098062fe3cd79ac7ed1a2aaa0dbb8c5f9908006ad44461
                                        
                                            GET /pix.jpg?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Origin: https://tagstaticx.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx/1.19.10
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: ETag
Etag: 9a29f694-09d0-4a8f-821d-9d2c99382641
Cache-Control: private, must-revalidate, proxy-revalidate


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   28
Md5:    160988f32f3a9fc12fd2958350f5a758
Sha1:   ea0e78c6b9e28345b0c69748ed7b4a6dca96c711
Sha256: 3c72e06c040c15327faa313315f1d6f4b2c9159267051c3e173336efa4cd7a18
                                        
                                            POST /etag?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 382
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 5969
date: Wed, 31 Aug 2022 09:59:40 GMT
expires: Wed, 31 Aug 2022 09:59:40 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced\012- data
Size:   5969
Md5:    8f9327db2597fa57d2f42b4a6c5a9855
Sha1:   1737d3dfb411c07b86ed8bd30f5987a4dc397cc1
Sha256: 5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826
                                        
                                            GET /images/branding/googlelogo/2x/googlelogo_color_272x92dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 13504
date: Wed, 31 Aug 2022 09:59:40 GMT
expires: Wed, 31 Aug 2022 09:59:40 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 544 x 184, 8-bit/color RGBA, non-interlaced\012- data
Size:   13504
Md5:    80fa4bcab0351fdccb69c66fb55dcd00
Sha1:   26f471f6ebe3b11557506f6ae96156e0a3852e5b
Sha256: 262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d
                                        
                                            GET /images/branding/googlelogo/2x/googlelogo_color_160x56dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 7048
date: Wed, 31 Aug 2022 09:59:40 GMT
expires: Wed, 31 Aug 2022 09:59:40 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 320 x 112, 8-bit/color RGBA, non-interlaced\012- data
Size:   7048
Md5:    d6b993cd3a71d84e8dd51dc9bf01f537
Sha1:   41f57a52be2447b7b4ee458887e860a702150396
Sha256: 9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f
                                        
                                            GET /images/branding/googlelogo/2x/googlelogo_color_90x40dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 3934
date: Wed, 31 Aug 2022 09:59:40 GMT
expires: Wed, 31 Aug 2022 09:59:40 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 180 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size:   3934
Md5:    c198051c3b22e6fa2e26712e855da980
Sha1:   6cac1226aff75d94809534c373f43a28253879da
Sha256: a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b
                                        
                                            GET /images/branding/googlelogo/2x/googlelogo_color_120x44dp.png HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tagstaticx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 5087
date: Wed, 31 Aug 2022 09:59:40 GMT
expires: Wed, 31 Aug 2022 09:59:40 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 240 x 88, 8-bit/color RGBA, non-interlaced\012- data
Size:   5087
Md5:    8d2b7f3d00f50b8aebb7d1c002c64ca1
Sha1:   b3d5a78c18020868d322a0ac54c9d8e45a59a3b3
Sha256: 29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa
                                        
                                            HEAD /pagead/js/adsbygoogle.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.2
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Wed, 31 Aug 2022 09:59:40 GMT
expires: Wed, 31 Aug 2022 09:59:40 GMT
cache-control: private, max-age=3600
etag: 10988148502263560154
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1 
Host: tagdatax.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tagstaticx.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://tagstaticx.com
Content-Length: 1981
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://tagstaticx.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: grehtrsan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grehtrsan.com/link?z=5066548&var=1803&ymid=3_23180000e1060000120700000a310f6320570f63&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576
Cookie: OAID=2799796940574ce4a5aa3ba6cb75b397; oaidts=1661939979; phpckd5066548=true; allcnt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         139.45.197.236
HTTP/2 204 No Content
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:40 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:40 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 29 Aug 2022 06:25:19 GMT
Expires: Mon, 05 Sep 2022 06:25:18 GMT
Etag: "d20d93c4ed1b30a5e65d3a37c8873836a2e5c291"
Cache-Control: max-age=418537,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7434ea2fa878b4f9-OSL

                                        
                                            GET /img.gif?f=merge&userId=2799796940574ce4a5aa3ba6cb75b397 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grehtrsan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:40 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2799796940574ce4a5aa3ba6cb75b397; expires=Thu, 31 Aug 2023 09:59:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "503FECCCF2621BF18D17C3353D663DFE884D8DD8BCCC129DDE9C831AB376BD1E"
Last-Modified: Mon, 29 Aug 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11114
Expires: Wed, 31 Aug 2022 13:04:55 GMT
Date: Wed, 31 Aug 2022 09:59:41 GMT
Connection: keep-alive

                                        
                                            POST /?z=5066550&syncedCookie=true&rhd=false HTTP/1.1 
Host: lassampy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 612
Origin: https://grehtrsan.com
Connection: keep-alive
Referer: https://grehtrsan.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         139.45.197.237
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:41 GMT
content-length: 0
location: https://toapodazoay.com/?l=qCqekRDLtEBTXwP&s=588781555489706464&z=5066550&g=NO&svar=1661939981&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1661939981&ssk=31a6bd361973f4715ea4801a6ccf6129&svarok=1&b=79056&oaid=c05c06e00e7242f5b1b621f574287701&rdk=rk3
x-trace-id: f899358f02a4b153728540991effaebe
link: <https://toapodazoay.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
access-control-allow-origin: https://grehtrsan.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=c05c06e00e7242f5b1b621f574287701; expires=Thu, 31 Aug 2023 09:59:41 GMT; path=/; secure; SameSite=None oaidts=1661939981; expires=Thu, 31 Aug 2023 09:59:41 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9A35EDD04D4E8F85DDB0F248C8F75A0EEB382891BAE2E3A562B29FD724EBFF15"
Last-Modified: Mon, 29 Aug 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14298
Expires: Wed, 31 Aug 2022 13:57:59 GMT
Date: Wed, 31 Aug 2022 09:59:41 GMT
Connection: keep-alive

                                        
                                            POST /?l=qCqekRDLtEBTXwP&s=588781555489706464&z=5066550&g=NO&svar=1661939981&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1661939981&ssk=31a6bd361973f4715ea4801a6ccf6129&svarok=1&b=79056&oaid=c05c06e00e7242f5b1b621f574287701&rdk=rk3&mprtr=1 HTTP/1.1 
Host: toapodazoay.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=5066550&rsz=5066550&rid=
Cookie: reverse=5dza4PVQU5ou1I0tGILJfxT7d34l-JbEXQ44s01kvrs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

search
                                         139.45.197.155
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:41 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3A93DF2BFBA1A8C7006201BF004C84D4D748775ECBBB32B4598C267A85CD3ECB"
Last-Modified: Tue, 30 Aug 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5411
Expires: Wed, 31 Aug 2022 11:29:52 GMT
Date: Wed, 31 Aug 2022 09:59:41 GMT
Connection: keep-alive

                                        
                                            GET /fv.js?t=56193&cb=471537636 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.197.236
HTTP/2 200 OK
content-type: text/javascript; charset=utf8
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:41 GMT
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 6e748d1691e98ff482909dfa52d4a3c9
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2225
Md5:    3d67162482fbe7412f87ec14c9a9a731
Sha1:   67910de544fd74fc268cdc4008d13af43161a009
Sha256: 8b3fec447235a3dab04184999597d98817bf2a68a317792001bfdc11b6682ac3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: toapodazoay.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=5066550&rsz=5066550&rid=
Cookie: reverse=5dza4PVQU5ou1I0tGILJfxT7d34l-JbEXQ44s01kvrs
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         139.45.197.155
HTTP/2 204 No Content
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:41 GMT
strict-transport-security: max-age=60
x-content-type-options: nosniff
X-Firefox-Spdy: h2

                                        
                                            GET /pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319 HTTP/1.1 
Host: ptauxofi.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:41 GMT
last-modified: Mon, 22 Aug 2022 12:18:11 GMT
etag: W/"63037403-1a25a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   39702
Md5:    8274c8ab40a63725eaea36328e73623f
Sha1:   9988424ec5626624fd309844039cb2c030aad400
Sha256: ddead33b9b08257be8efa25e28183f6bc8edd2360fe55ec7c9388ef5eb048b20

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /vbl?t=56193&bid=79056&aid=588781555489706464 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

search
                                         139.45.197.236
HTTP/2 204 No Content
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:41 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: c5b5908820bebbeff58aed7930acec08
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /zone?&pub=0&zone_id=3683319&is_mobile=false&domain=toapodazoay.com&var=qCqekRDLtEBTXwP&ymid=&var_3=&dsig=&action=settings HTTP/1.1 
Host: ptauxofi.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toapodazoay.com/
Origin: https://toapodazoay.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:41 GMT
content-length: 768
x-trace-id: eb39c6b7e23eab961244a908bf7e811a
access-control-allow-origin: https://toapodazoay.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (767)
Size:   768
Md5:    9bf9bbd85296d593d9bd7f63dcbec3a9
Sha1:   b23699652b01d370d9ab30d185c7e317a22bb854
Sha256: 4482800131bcf31b798f55203bf300b3ef45eefd8b14c2a62c857b9d274dabd8

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:41 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 29 Aug 2022 06:25:19 GMT
Expires: Mon, 05 Sep 2022 06:25:18 GMT
Etag: "d20d93c4ed1b30a5e65d3a37c8873836a2e5c291"
Cache-Control: max-age=418536,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7434ea363b2b0b4d-OSL

                                        
                                            GET /gid.js?pub=0&userId=&zoneId=3683319&checkDuplicate=true&ymid=&var=qCqekRDLtEBTXwP HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://toapodazoay.com/
Origin: https://toapodazoay.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:42 GMT
content-length: 65
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=fa9d597a619749f387cb0ce23a665fa5; expires=Thu, 31 Aug 2023 09:59:42 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   65
Md5:    fb89570620154387113c1b704f978306
Sha1:   b885f33476e0d6028c35390eea826ee79f203005
Sha256: ecd1093bf0b6ccc196a00144e06d6aa4cf2a6fd7955b06246d78e8eae0bbf906
                                        
                                            GET /afu.php?id=792658&rt=1 HTTP/1.1 
Host: go.ad2upapp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         139.45.197.237
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 31 Aug 2022 09:59:42 GMT
Content-Length: 138
Connection: keep-alive
Location: http://go.deliverymodo.com/afu.php?id=792658&rt=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   138
Md5:    aff950cab4c0265e21d401db15f1026d
Sha1:   f03e18461817f7a6546c8bf8fa8d686d7e30aca0
Sha256: 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
                                        
                                            GET /afu.php?id=792658&rt=1 HTTP/1.1 
Host: go.deliverymodo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         139.45.197.236
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
                                        
Server: nginx
Date: Wed, 31 Aug 2022 09:59:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 8de1ef1ccf11db14fae77f06baedd540
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://cpaleed.click>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=4c47a35bb43a44708c031bbf58910f4a; expires=Thu, 31 Aug 2023 09:59:43 GMT; path=/ oaidts=1661939983; expires=Thu, 31 Aug 2023 09:59:43 GMT; path=/ syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (377)
Size:   824
Md5:    385bf10b6f4d96c1917b4676c15dc652
Sha1:   eb15de6d7e011cccb06b3414a4fc22a7da792990
Sha256: eb6c9e690c8649ceaa6031b740b2a5098d60d25c77d8ad1f4fbc5880d819564b
                                        
                                            POST /vb?t=56193&bid=79056&aid=588781555489706464&tp=2084 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

search
                                         139.45.197.236
HTTP/2 204 No Content
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:43 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d07b0e81bb034562bd39ac0df71983b5
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: go.deliverymodo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=4c47a35bb43a44708c031bbf58910f4a; oaidts=1661939983

search
                                         139.45.197.236
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Wed, 31 Aug 2022 09:59:43 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:43 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 29 Aug 2022 06:25:19 GMT
Expires: Mon, 05 Sep 2022 06:25:18 GMT
Etag: "d20d93c4ed1b30a5e65d3a37c8873836a2e5c291"
Cache-Control: max-age=418534,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7434ea3f5cb7b518-OSL

                                        
                                            POST /img.gif?f=merge&userId=4c47a35bb43a44708c031bbf58910f4a HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:43 GMT
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=4c47a35bb43a44708c031bbf58910f4a; expires=Thu, 31 Aug 2023 09:59:43 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            GET /cjr3l9k.php?key=8cj6p1uut81rmpkmpo4e&visitor_id=588781563525992885&cost=0.000165&zoneid=792658&campaignid=5977930&device=desktop&browser=firefox&os=linux&osversion=other&country=NO&language=en&isp=blix%20group%20as&user_activity=high&rdk=rk1 HTTP/1.1 
Host: cpaleed.click
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         95.217.113.164
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.22.0
Date: Wed, 31 Aug 2022 09:59:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=x9fvvcgm; expires=Thu, 01-Sep-2022 09:59:43 GMT; Max-Age=86400; path=/; secure; SameSite=none uclickhash=x9fvvcgm-x9fvvcgm-17vr-17vr-16bl-slwj-slvr-321500; expires=Thu, 01-Sep-2022 09:59:43 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://health-beauty.shop/simple-chicken-sausage/
Strict-Transport-Security: max-age=31536000

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:44 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:49:49 GMT
Expires: Wed, 07 Sep 2022 09:49:48 GMT
Etag: "17e4cc5957ab3e4a4b3c1425a61b028d9c35e913"
Cache-Control: max-age=603603,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7434ea43899f0afe-OSL

                                        
                                            GET /simple-chicken-sausage/ HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:45 GMT
vary: Accept-Encoding
x-pingback: https://health-beauty.shop/xmlrpc.php
link: <https://health-beauty.shop/wp-json/>; rel="https://api.w.org/", <https://health-beauty.shop/wp-json/wp/v2/posts/12>; rel="alternate"; type="application/json", <https://health-beauty.shop/?p=12>; rel=shortlink
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 10115
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Size:   10115
Md5:    0c58e3f6c81e9ad7e9ccd433bfc375eb
Sha1:   cfab89a05fecd90b540c7112e5102156f512e826
Sha256: 54fe30c1f3b55038ad610084df2750ba47f1703dfe32c7c7a1e5ac83fbc8069d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:21:01 GMT
vary: Accept-Encoding
etag: W/"62f4f42d-15b64"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 11683
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   11683
Md5:    88f413500303dc21250157a6aa913a32
Sha1:   ca138ec102d96e6d7b30bf83b7dab60a16f0b5d6
Sha256: 65e072ca8d53bf38d5dde355a039a61f6c7204206a9a58ded75d2d2730cc0999
                                        
                                            GET /wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.11 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:26:26 GMT
vary: Accept-Encoding
etag: W/"62f4f572-121"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 201
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CR line terminators
Size:   201
Md5:    defa99f71ec3ae214e291b8538bc3312
Sha1:   979abd43365a35b2e2cfd9e50d434d785ed4e13f
Sha256: a30f387093fbab843cf9d43be1e3b80320060196a16b6fa78c81726a15bbb1b2
                                        
                                            GET /wp-includes/css/dashicons.min.css?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Wed, 15 Jun 2022 13:01:57 GMT
vary: Accept-Encoding
etag: W/"62a9d845-e688"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 35749
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (58981)
Size:   35749
Md5:    8feeb31c2c2b1eac8f5dac3b20f6016d
Sha1:   9d9797e1a9e800bb6f9c5aea9eb9a0a1172a11fe
Sha256: ea7991c406d76572a7d81ea53e3f78d70b4327fd50f759fd941047d66bf9b754
                                        
                                            GET /wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:28:19 GMT
vary: Accept-Encoding
etag: W/"62f4f5e3-a99"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 652
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   652
Md5:    4e37be0c8c25be4f6179bcc153976542
Sha1:   91f476f1fad3fdccdc1a9f14203c92eb854d4331
Sha256: cd5c1f1dcaf44b74b63c4135a4c647fcae6c9d07a866f2c0bad7b7bf416c92bc
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/css/bootstrap.css?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-31136"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 22592
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (683), with CRLF line terminators
Size:   22592
Md5:    6bfe6c7964f87384f0d68848f159cb18
Sha1:   7e2f24e13a168b4f9eb0c5ff58d1f4c625f18ed7
Sha256: ccec13b28d842e62156a0e25a082ce34708bbd6715943ea272b11bf5b94abeba
                                        
                                            GET /wp-content/themes/beauty-hair-salon/style.css?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:08 GMT
vary: Accept-Encoding
etag: W/"62f4f68c-1f9c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 2885
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1230)
Size:   2885
Md5:    26f406ec298d45be5ba9129c00f7c627
Sha1:   9082b17bf53ce9581528d8f3dd2013483764d4da
Sha256: f0c5bdf7b91ac4ff03d7b5c86f22aba134bd99f79fb8ca7c6e0236f02f6824c0
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/css/fontawesome-all.css?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-b350"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 8016
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (317), with CRLF line terminators
Size:   8016
Md5:    054efa1802af22243322b59a1de3bbd6
Sha1:   938af2c96e1e642e914778b9708d0351b47b00bc
Sha256: b4c23870b85c156d53b2be88d100d6b9d40f4e252474b2e48f73f778ce8c146b
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/css/owl.carousel.css?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-1288"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 1387
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1387
Md5:    c4f140e9c23c8fea3e35a73aaf166d20
Sha1:   da5e7d62ee8a1ca5b6f47d84d39a0336e6a9e72b
Sha256: 9df7553202b710155aeb66167d387ee65e8a96b7fe1323a73bcd89e2a733d040
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/css/blocks.css?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-3ab8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 2961
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2961
Md5:    aeec3fede7ecfbe79c590e05cc016472
Sha1:   5c8f4c8d31eaaeaa6a6afcf54be1c6414e4e6bca
Sha256: 15901bc2935db1cc4f8fd28fca477d37606e7131557790886e26a57c0eab318d
                                        
                                            GET /wp-content/themes/beauty-salon-spa/style.css?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-89d4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 8391
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (988), with CRLF line terminators
Size:   8391
Md5:    363aa5d23afe58dab1fe9cf273ca70af
Sha1:   b2aae406befba44b1f548579071d3685eb527f90
Sha256: bc92d72731cdca152d2b6fbecb119f0ddfc332057c429c124e50ebd4a4c17d3c
                                        
                                            GET /wp-content/themes/beauty-hair-salon/style.css?ver=1.0.0 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:08 GMT
vary: Accept-Encoding
etag: W/"62f4f68c-1f9c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 2885
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1230)
Size:   2885
Md5:    26f406ec298d45be5ba9129c00f7c627
Sha1:   9082b17bf53ce9581528d8f3dd2013483764d4da
Sha256: f0c5bdf7b91ac4ff03d7b5c86f22aba134bd99f79fb8ca7c6e0236f02f6824c0
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Wed, 15 Jun 2022 13:01:59 GMT
vary: Accept-Encoding
etag: W/"62a9d847-15db1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 30953
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   30953
Md5:    7a6e4a1e4a67fac0cd39ca1dd1982f47
Sha1:   a8bf880e5db17a703293d5a3c92623a97d5a1df1
Sha256: daf4bcb15594deb268cc05f030ccaf8dfe4acab417758dd16a6f3b2d86d2908f
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/js/navigation-focus.js?ver=1 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-34a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 297
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   297
Md5:    83ccd1442ed5f4579e9abd431fb8e634
Sha1:   3ea3353dce5ec61b31cde641146f5e97e489584d
Sha256: 71f317cb49c692e649892068e0e917f9bf2eb210104c67d6fdace9ab764673cd
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/js/theme-script.js?ver=1 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-70d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 747
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   747
Md5:    bc784af37368d27155b10b97ee6ff7d2
Sha1:   a87098e2d9341d2a8e0eeb9f40b8b8973a9ab162
Sha256: c238fc854d45bf7535e3697852634f5dc82c02c541349a5304e434f480b56736
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/js/jquery.superfish.js?ver=1 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-1cff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 2374
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2374
Md5:    4e7f1acf05fa3d3a9d72be0e99e67175
Sha1:   fbb0007cd42b62def2964b686a6c6c1d4d4bc3bb
Sha256: dbc9638fef407f34f63c8f6f8ca6ca85a47a0fd8fbe43e397d34a1c034c4f2bd
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Wed, 15 Jun 2022 13:01:59 GMT
vary: Accept-Encoding
etag: W/"62a9d847-2bd8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 4169
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   4169
Md5:    5629711d7fdd5b28441bac39b851299f
Sha1:   4e0bf2b7383097f7c352023a1b1b1b48a50356b6
Sha256: 44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
                                        
                                            GET /wp-content/plugins/wp-automatic/js/main-front.js?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:28:20 GMT
vary: Accept-Encoding
etag: W/"62f4f5e4-3f9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 381
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   381
Md5:    12eb5e9944774d723d7f904df78ce3eb
Sha1:   613234a194e8af7fa0f5075050d88bd50ab9ae7e
Sha256: 1648ddca27333bb1d731f1f00ca98d7e52d369ebb5b02431e1562d3deabac2d4
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Wed, 15 Jun 2022 13:01:59 GMT
vary: Accept-Encoding
etag: W/"62a9d847-48b9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 5004
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   5004
Md5:    1b982d290af16dac5885f21a198aaa66
Sha1:   f847ca85d23c2f240938bbde0135f3de97925759
Sha256: 0b6e238cc0728a0bace390dfff472ff8bb5a5fd4714bcfcdac7c28621d67b8dc
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/js/bootstrap.js?ver=1 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-1c168"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 20137
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (315)
Size:   20137
Md5:    48b6be0ac1d4aae497460b9771ac2f1d
Sha1:   7c1fa4d111a7f4550dcce43e9fde8b37429e8ba3
Sha256: d99acc64cea134434a73bee0320f94ac648f81c0344ffb6983656d14af15292c
                                        
                                            GET /wp-includes/js/comment-reply.min.js?ver=6.0.2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Wed, 15 Jun 2022 13:02:00 GMT
vary: Accept-Encoding
etag: W/"62a9d848-ba5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 1351
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2946)
Size:   1351
Md5:    28214bc78b9edfcfbc9c7b651fb4f56c
Sha1:   fb0847abdb33dd943a2dcda4c4b905fb5cdd116c
Sha256: 11691bc1acc1f3a7ab8ef7c67fb720ca58fb72e52f510009f7b0cbc2589d45e0
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/js/owl.carousel.js?ver=1 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:46 GMT
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
vary: Accept-Encoding
etag: W/"62f4f68d-15f88"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 34858
x-cache: HIT
accept-ranges: bytes
content-length: 20036
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (360)
Size:   20036
Md5:    2ccae3d4019f7d40f7561012198bd48b
Sha1:   27f38c196a1e5bbc33d63021bc9465cf0483c17f
Sha256: 4a3f7203a8450a16408aa0479ef5898ba87a911f1cfc00381aed3e194ef02872
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKeiunDXbtM.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://health-beauty.shop
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20968
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 Aug 2022 21:24:19 GMT
expires: Tue, 29 Aug 2023 21:24:19 GMT
cache-control: public, max-age=31536000
age: 131726
last-modified: Mon, 18 Jul 2022 19:02:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 20968, version 1.0\012- data
Size:   20968
Md5:    726ce483f9627699bb178e053afbd3a4
Sha1:   3840d4461253413a4d71d2702c39cf4edfb89753
Sha256: 6454829f91def11ae630252985f686e8553c439ee0ee4d20b0e6dda0429fd30d
                                        
                                            GET /s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7mwjIjVBNIg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://health-beauty.shop
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10004
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Aug 2022 18:12:56 GMT
expires: Fri, 25 Aug 2023 18:12:56 GMT
cache-control: public, max-age=31536000
age: 488809
last-modified: Mon, 11 Jul 2022 20:29:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 10004, version 1.0\012- data
Size:   10004
Md5:    7b618847fabc711601b771e3043b4afd
Sha1:   db1c40088181c6591b841b5a69ac20747946299d
Sha256: 7fc2f305a921527b2ab30ca18ae847de10bef47debd8c499e6240e78e3193e9c
                                        
                                            GET /s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7myRJTVBNIg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://health-beauty.shop
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10012
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Aug 2022 06:11:42 GMT
expires: Fri, 25 Aug 2023 06:11:42 GMT
cache-control: public, max-age=31536000
age: 532083
last-modified: Mon, 11 Jul 2022 20:35:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 10012, version 1.0\012- data
Size:   10012
Md5:    ad57e7c303c98c098069883f76c6f4b6
Sha1:   67e09576458b4f21321fdc9715844b0a9d020841
Sha256: c99aaa9d35986f17f4b940fdb18ad3eb19eaa6afca98f0ca60b3477c4bd0f819
                                        
                                            GET /s/jost/v14/92zJtBhPNqw73oHH7BbQp4-B6XlrZu0FBIokng.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://health-beauty.shop
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10628
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 Aug 2022 20:05:23 GMT
expires: Tue, 29 Aug 2023 20:05:23 GMT
cache-control: public, max-age=31536000
age: 136462
last-modified: Mon, 11 Jul 2022 20:33:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 10628, version 1.0\012- data
Size:   10628
Md5:    adb5032769548ba53a787c6f1c19d540
Sha1:   ddd897593f80fe89d714c4107321a541fb5ef5aa
Sha256: f462b8de6ec84d417324d2c283a34b70c115bc56311fd363cff8bb37d083cd0c
                                        
                                            GET /s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://health-beauty.shop
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 Aug 2022 22:46:25 GMT
expires: Tue, 29 Aug 2023 22:46:25 GMT
cache-control: public, max-age=31536000
age: 126800
last-modified: Mon, 18 Jul 2022 19:06:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 19860, version 1.0\012- data
Size:   19860
Md5:    a95e391373ad634c3b7dbaf77de3f40e
Sha1:   ddc4638bc28c21a400fcd2df94448743f198a257
Sha256: fa3d5a0422c9b413abb4c78f8ff80de8a8ed58766f7110c82febf5296e899b47
                                        
                                            GET /s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7myjJTVBNIg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://health-beauty.shop
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Aug 2022 15:33:42 GMT
expires: Sat, 26 Aug 2023 15:33:42 GMT
cache-control: public, max-age=31536000
age: 411963
last-modified: Mon, 11 Jul 2022 20:29:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 9028, version 1.0\012- data
Size:   9028
Md5:    62922dbbe2094d4609ebeff8e841bbf3
Sha1:   c6eb565c83de92b2fb2bc7321d2a92fa32373f65
Sha256: a25da21fa46f9ef2ca9d169f57fbf9f605c976f9dfe924a27706900dc3228a8b
                                        
                                            GET /s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7mx9IjVBNIg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://health-beauty.shop
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10012
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Aug 2022 15:27:32 GMT
expires: Sat, 26 Aug 2023 15:27:32 GMT
cache-control: public, max-age=31536000
age: 412333
last-modified: Mon, 11 Jul 2022 20:29:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 10012, version 1.0\012- data
Size:   10012
Md5:    880a1bad36ccfed8ea3eb3b2fb5ba20c
Sha1:   31ecbb6a948bf16d99ac6eeba0cd57d8c80f5369
Sha256: 2761f1c34d9535a6c31ebfdfd28eaad9c3e43af682a36cbe40aca17fbece0174
                                        
                                            GET /s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7mxEIjVBNIg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://health-beauty.shop
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Aug 2022 21:59:14 GMT
expires: Sat, 26 Aug 2023 21:59:14 GMT
cache-control: public, max-age=31536000
age: 388831
last-modified: Mon, 11 Jul 2022 20:35:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 10056, version 1.0\012- data
Size:   10056
Md5:    f62ba83f3cfa9202fb0b9b5817aa8825
Sha1:   ee75dafa8d03afdcd5cfe59f390b11e9626885a8
Sha256: 50e9b11979e71bd4f39d607163bc058e2a01b250fc259944ccd7b061067f01f5
                                        
                                            GET /s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKebunDXbtM.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://health-beauty.shop
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21172
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 Aug 2022 21:30:52 GMT
expires: Tue, 29 Aug 2023 21:30:52 GMT
cache-control: public, max-age=31536000
age: 131333
last-modified: Mon, 18 Jul 2022 19:06:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 21172, version 1.0\012- data
Size:   21172
Md5:    0020e4d3674b3f5932555041a49fc908
Sha1:   52e67d4a4413eb048653a73950db8cef3db90844
Sha256: a9f91ad2b8f5bf5fac0387ac411ed3429bf9fc6d22d37784bb8aeceb68101434
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 31 Aug 2022 09:59:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 204 No Content
content-type: image/png
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:49 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
age: 34855
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/images/icon1.png HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://health-beauty.shop/wp-content/themes/beauty-salon-spa/style.css?ver=6.0.2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:47 GMT
content-length: 184
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
etag: "62f4f68d-b8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 34857
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   184
Md5:    cae36e5b16d723c2c14d300c1ff74c62
Sha1:   8edb8549c3e15282f627d39eab67ca249d18b3d0
Sha256: 1c584f2ff1482b5ef9e40734e47c528d06c35dc49fbd02cbe08196c34f32f83e
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/webfonts/fa-regular-400.woff2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://health-beauty.shop/wp-content/themes/beauty-salon-spa/assets/css/fontawesome-all.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: font/woff2
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:47 GMT
content-length: 12220
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
etag: "62f4f68d-2fbc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 34857
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12220, version 1.0\012- data
Size:   12220
Md5:    032ba2e0f134a35ed87df1564936d352
Sha1:   92ff7d462421c5a70520d3fe1403e57a5d044b34
Sha256: a36d4f83add2176a3c6243bd57a32a387a1906227e286689530ff878de1994eb
                                        
                                            GET /wp-content/themes/beauty-salon-spa/assets/webfonts/fa-solid-900.woff2 HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://health-beauty.shop/wp-content/themes/beauty-salon-spa/assets/css/fontawesome-all.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: font/woff2
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:47 GMT
content-length: 38784
last-modified: Thu, 11 Aug 2022 12:31:09 GMT
etag: "62f4f68d-9780"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 34857
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 38784, version 1.0\012- data
Size:   38784
Md5:    f9b85c9463af7103b9b24bbbf09a06ed
Sha1:   d28d7222bcbeb8ea701a771e85f7efe006e62fb1
Sha256: 62554277d07b20c6bfae7c6267b3198b4846f604a37d4085bf9f54c392210b56
                                        
                                            GET /css?family=Playfair+Display%3Aital%2Cwght%400%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B0%2C800%3B0%2C900%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700%3B1%2C800%3B1%2C900&ver=6.0.2 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 31 Aug 2022 09:59:44 GMT
date: Wed, 31 Aug 2022 09:59:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5066548&axcusid1=1803&clid={ymid}&r=http%3A%2F%2Fgrehtrsan.com%2Flink%3Fz%3D5066548%26var%3D1803%26ymid%3D3_23180000e1060000120700000a310f6320570f63%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576 HTTP/1.1 
Host: tagstaticx.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         188.114.96.1
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 31 Aug 2022 09:59:39 GMT
last-modified: Thu, 04 Aug 2022 15:17:25 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=izIUFAzYYDQ4S4%2B6hZK7CKuW9CoLDSSeEUIhuObwMukKictRGkt5saz%2BBoMwHcM%2BVQDpsaVINGQM7GrX4%2BIQqC1RtpVhdj2E5P%2BiZTetdQm%2B%2FcJ806wwWtfzFXStjuJliQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7434ea29ad1db527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /link?z=5066548&var=1803&ymid=3_23180000e1060000120700000a310f6320570f63&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=5576 HTTP/1.1 
Host: grehtrsan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: OAID=2799796940574ce4a5aa3ba6cb75b397; oaidts=1661939979; phpckd5066548=true
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         139.45.197.236
HTTP/2 200 OK
content-type: text/html; charset=utf8
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:40 GMT
x-trace-id: f70585ce865dd68cc235cdf985431aa5
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=2799796940574ce4a5aa3ba6cb75b397; expires=Thu, 31 Aug 2023 09:59:40 GMT; path=/; secure; SameSite=None oaidts=1661939979; expires=Thu, 31 Aug 2023 09:59:40 GMT; path=/; secure; SameSite=None allcnt=1; expires=Thu, 31 Aug 2023 09:59:40 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /?tt HTTP/1.1 
Host: toapodazoay.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Content-Length: 27
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=5066550&rsz=5066550&rid=
Cookie: reverse=5dza4PVQU5ou1I0tGILJfxT7d34l-JbEXQ44s01kvrs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         139.45.197.155
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 31 Aug 2022 09:59:41 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Playfair%20Display%3Aital%2Cwght%400%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B0%2C800%3B0%2C900%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700%3B1%2C800%3B1%2C900%7CJost%3Aital%2Cwght%400%2C100%3B0%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B0%2C800%3B0%2C900%3B1%2C100%3B1%2C200%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700%3B1%2C800%3B1%2C900 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 31 Aug 2022 09:59:44 GMT
date: Wed, 31 Aug 2022 09:59:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Jost%3Aital%2Cwght%400%2C100%3B0%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B0%2C800%3B0%2C900%3B1%2C100%3B1%2C200%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700%3B1%2C800%3B1%2C900&ver=6.0.2 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 31 Aug 2022 09:59:44 GMT
date: Wed, 31 Aug 2022 09:59:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-content/uploads/2022/08/salpicao-de-frango-simples.jpg HTTP/1.1 
Host: health-beauty.shop
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://health-beauty.shop/simple-chicken-sausage/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         63.250.43.16
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Wed, 31 Aug 2022 00:18:47 GMT
content-length: 92346
last-modified: Thu, 11 Aug 2022 12:56:38 GMT
etag: "62f4fc86-168ba"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 34857
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---