Overview

URLwww.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152
IP 104.21.86.190 ()
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-09 09:28:20 UTC
StatusLoading report..
IDS alerts0
Blocklist alert5
urlquery alerts No alerts detected
Tags None

Domain Summary (14)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-12-08 17:20:00 UTC 52.42.148.177
zeniocloud.com (1) 0 2022-02-16 15:44:21 UTC 2022-12-08 14:01:52 UTC 167.114.67.56 Unknown ranking
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-12-08 15:50:00 UTC 34.120.237.76
fonts.gstatic.com (1) 0 2014-04-02 10:51:04 UTC 2022-12-08 17:14:55 UTC 142.250.74.35 Domain (gstatic.com) ranked at: 540
www.buttygirls.com (11) 0 2022-02-11 16:35:02 UTC 2022-12-09 04:44:08 UTC 104.21.86.190 Unknown ranking
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-08 17:14:01 UTC 34.117.237.239
ocsp.sca1b.amazontrust.com (3) 1015 2016-02-14 02:37:56 UTC 2019-03-27 04:05:54 UTC 143.204.42.158
static.production.almightypush.com (3) 214819 2021-09-25 16:34:18 UTC 2022-12-08 14:02:46 UTC 54.230.111.23
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-12-08 17:21:04 UTC 34.160.144.191
firefox.settings.services.mozilla.com (1) 867 2020-05-25 20:06:39 UTC 2022-12-08 17:12:32 UTC 35.241.9.150
ocsp.pki.goog (6) 175 2017-06-14 07:23:31 UTC 2022-12-08 17:12:01 UTC 142.250.74.131
fonts.googleapis.com (1) 8877 2012-05-23 12:41:44 UTC 2022-12-08 17:12:12 UTC 142.250.74.106
ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-12-08 17:15:52 UTC 93.184.220.29
r3.o.lencr.org (8) 344 2020-12-02 08:52:13 UTC 2022-12-08 17:12:06 UTC 95.101.11.115

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-09 2 www.buttygirls.com/fr/multi/ms/4-960189/css/main.css?1565875120 Malware
2022-12-09 2 www.buttygirls.com/fr/multi/ms/4-960189/js/steps.js?1565875110 Malware
2022-12-09 2 www.buttygirls.com/fr/multi/ms/4-960189/js/backoffer.js Malware
2022-12-09 2 www.buttygirls.com/fr/multi/ms/4-960189/images/1.webm Malware
2022-12-09 2 zeniocloud.com/JAIA.js?sub1=buttygirls.com Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.21.86.190
Date UQ / IDS / BL URL IP
2023-01-27 12:47:47 +0000 0 - 0 - 1 www.buttygirls.com/fr/multi/ms/4-960189/ 104.21.86.190
2023-01-27 04:47:33 +0000 0 - 0 - 1 www.buttygirls.com/de/multi/ms/8-466653/ 104.21.86.190
2023-01-22 11:01:16 +0000 0 - 0 - 11 www.buttygirls.com/esus/multi/ms/7-216324/ 104.21.86.190
2023-01-17 09:03:46 +0000 0 - 0 - 3 www.buttygirls.com/fr/multi/ms/1-131736/ 104.21.86.190
2023-01-12 09:45:05 +0000 0 - 0 - 1 www.buttygirls.com/fr/multi/ms/4-960189/?cep= (...) 104.21.86.190


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-01-29 13:30:33 +0000 0 - 4 - 0 mariowin.website/ 172.67.212.162
2023-01-29 13:30:37 +0000 0 - 2 - 17 whatqapp.top/ 188.114.97.1
2023-01-29 13:30:29 +0000 0 - 0 - 1 byh.ajn322bb.com/files/pe/pb1109.exe 104.21.25.158
2023-01-29 13:30:16 +0000 0 - 1 - 1 mnh.ajn322bb.com/files/pe/pb1105.exe 172.67.134.92
2023-01-29 13:29:56 +0000 0 - 1 - 1 ert.ajn322bb.com/files/pe/pb1117.exe 104.21.25.158


Last 5 reports on domain: buttygirls.com
Date UQ / IDS / BL URL IP
2023-01-29 02:52:22 +0000 0 - 0 - 4 www.buttygirls.com/us/multi/ms/26-100739/ 172.67.136.26
2023-01-27 12:47:47 +0000 0 - 0 - 1 www.buttygirls.com/fr/multi/ms/4-960189/ 104.21.86.190
2023-01-27 04:47:33 +0000 0 - 0 - 1 www.buttygirls.com/de/multi/ms/8-466653/ 104.21.86.190
2023-01-27 02:14:41 +0000 0 - 1 - 10 www.buttygirls.com/esus/multi/ms/7-216324/?ce (...) 172.67.136.26
2023-01-25 03:40:34 +0000 0 - 0 - 2 www.buttygirls.com/fr/multi/ms/1-131736/?cep= (...) 172.67.136.26


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-07 21:42:58 +0000 0 - 0 - 1 www.buttygirls.com/fr/multi/ms/4-960189/?cep= (...) 172.67.136.26
2023-01-07 19:00:10 +0000 0 - 0 - 1 www.buttygirls.com/fr/multi/ms/4-960189/?cep= (...) 172.67.136.26
2023-01-07 05:44:50 +0000 0 - 0 - 1 www.buttygirls.com/fr/multi/ms/4-960189/?cep= (...) 104.21.86.190
2022-12-24 03:39:52 +0000 0 - 0 - 1 www.buttygirls.com/fr/multi/ms/4-960189/ 104.21.86.190
2022-12-24 01:13:59 +0000 0 - 0 - 1 www.buttygirls.com/fr/multi/ms/4-960189/ 172.67.136.26

JavaScript

Executed Scripts (9)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (45)


Request Response
                                        
                                            GET /fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152 HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         104.21.86.190
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 09 Dec 2022 09:28:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BoF13wypNF8UOFMmGkcvGyZj1Tze4Cqd8cdeN50V4VYAqrjw7Z98n1iVLYEorau2%2FP6wVeOVyQHQF9yJlAcM4K9xN%2Fj2GWKnGQtMNqbdo994sqoC01oapCSA0yKFQg26lPIubJo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776cb5824e751bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size:   1351
Md5:    d5eaef2a7723dbeca882077a787adaba
Sha1:   498c590c50eaed2819435aa4b80f3e8f8ba6a6b7
Sha256: abad3e8cbcac8bd96a2ae0a1dc0ec5f7c5b410fed20f87f14a335393e13a9a45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4816
Expires: Fri, 09 Dec 2022 10:48:25 GMT
Date: Fri, 09 Dec 2022 09:28:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13940
Expires: Fri, 09 Dec 2022 13:20:29 GMT
Date: Fri, 09 Dec 2022 09:28:09 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 09:08:17 GMT
age: 1192
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    bf0c602d32b3c14606f22a86183b5e3c
Sha1:   6eabd8d83475eba731968abe1a05a8bfd272f160
Sha256: 6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4253
Expires: Fri, 09 Dec 2022 10:39:02 GMT
Date: Fri, 09 Dec 2022 09:28:09 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: N1ZofQzo5KP98rGIjYwBjL8DH46V2n3GnogNwzh/dMmkeYOHQ7bUCie2xujqJ1VDuMTcSoWAcj5semcM+bSF3Q==
x-amz-request-id: PRT7N3F5FPN9YTKB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 08:48:16 GMT
age: 2393
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 09 Dec 2022 09:28:09 GMT
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=160119
Date: Fri, 09 Dec 2022 09:28:09 GMT
Etag: "6392bb4d-1d7"
Expires: Sun, 11 Dec 2022 05:56:48 GMT
Last-Modified: Fri, 09 Dec 2022 04:36:29 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NqWTXkWyTgZWAj1kQSIH9TfRHCOa_Jve96gzuMmA8JnKvgbuP-DO7w==
Age: 4819

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=157196
Date: Fri, 09 Dec 2022 09:28:09 GMT
Etag: "6392bb4d-1d7"
Expires: Sun, 11 Dec 2022 05:08:05 GMT
Last-Modified: Fri, 09 Dec 2022 04:36:29 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FwTpFQ7ONlUskmO3KygLCasFmGl3iy81kT341fDrccVNEdzrrT6TeA==
Age: 1896

                                        
                                            GET /mng/subs_window.js?ver=1644584093 HTTP/1.1 
Host: static.production.almightypush.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.23
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 19491
last-modified: Mon, 05 Sep 2022 12:24:26 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 18:26:15 GMT
etag: "ae593f4be1dd1f0710123918b49c4933"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: f7l6dti9cMcxqXKASKppYu0g3GeJU1k9hdbuhHL_qBqqeK_mVCnE8Q==
age: 54181
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   19491
Md5:    ae593f4be1dd1f0710123918b49c4933
Sha1:   66fbe30bb873e0a47d3d72e737d68aa4b6916c26
Sha256: fdf9ff3f74dcf11d0fa456dcd53cb21550f67f0cfdc11dc29bef595f07b56206
                                        
                                            GET /mng/subs_window.css?ver=1644584093 HTTP/1.1 
Host: static.production.almightypush.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.23
HTTP/2 200 OK
content-type: text/css
                                        
content-length: 6945
last-modified: Mon, 05 Sep 2022 12:24:26 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 01:53:29 GMT
etag: "bd7dbae15f904a4e1213439ebfefddbe"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: t5udknioFYxxgahiXI_bvQHZF0fulXezOe-MZ0zIpAOGGr663R2mDA==
age: 27409
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   6945
Md5:    bd7dbae15f904a4e1213439ebfefddbe
Sha1:   9f7a33b3d6e7965d8b99f0ff56cbf2e2ebb8f78e
Sha256: 30c08f3bb42d9a16155c65fbc952430048e4a84be70b98cb989b2dc977b49f8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C7589A0E95CCFF68233A60278D6CF0FB5F72884095F649377C6A33ADFD411F7A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7537
Expires: Fri, 09 Dec 2022 11:33:46 GMT
Date: Fri, 09 Dec 2022 09:28:09 GMT
Connection: keep-alive

                                        
                                            GET /fr/multi/ms/4-960189/css/main.css?1565875120 HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Fri, 09 Dec 2022 09:28:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:38:04 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7PUsiZKU7sNIP5k6qYM%2Foo3qHJqeKEFAAgP5d1xLbEmDMAaiPJOEHR%2BTQHgKqOBXtkiyPZsPEdxRQ7yfCfdbt9k6gG6VxYM7ecZK9OeYEYbzRM4W8JHzYYfqL%2B27BIrWGNvdGws%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776cb584a85d1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text
Size:   2003
Md5:    f6b74770fa71565e3b4387c4e1d8662b
Sha1:   f07b17faed55070d28009e9e9603171bdd841316
Sha256: a1680fb2f450b91ef4c7cb13f43bc4080c87e6b6ca814b8ae8e6fa273a510aeb

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=155300
Date: Fri, 09 Dec 2022 09:28:09 GMT
Etag: "6392bb4d-1d7"
Expires: Sun, 11 Dec 2022 04:36:29 GMT
Last-Modified: Fri, 09 Dec 2022 04:36:29 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 55F6wee9uP_ZnOkvmPOBUrGtnOUG5Uc4HHkXuV0rVsmsLz-aK_sMzQ==

                                        
                                            GET /fr/multi/ms/4-960189/js/steps.js?1565875110 HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 09 Dec 2022 09:28:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:38:07 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2B4eP%2BoS9JuhzNR7gOznsK%2BJuCHyfaEhHpigKp%2BMB5qSCbFCGS2QoMO7kn67PPY4KkQylx5tE0pGXBVSph2vRgHiJaJD%2B0hUQA2GBNvw%2Fxpw5PgYKODCnLfLb%2FqscLmEsP%2FatdA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776cb584aef11c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1884)
Size:   1384
Md5:    96a287b528ee2ce1a9cdbdaaad162747
Sha1:   6bba83663005bae9258a25503be47b31ddde706d
Sha256: d48eb547bc6719dd952ab9149c371261c0aa582fff967865cc87d7a02faf2f7d

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /mng/channels/init.min.js?ver=1644584093 HTTP/1.1 
Host: static.production.almightypush.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.23
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 21924
last-modified: Mon, 05 Sep 2022 12:24:26 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 04:26:06 GMT
etag: "2ea196bb9d9670ec138eb0c8c23e6696"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zqo3LH5uz43ETJJCKcrsZZtiAGJDLb-678UfXWv-_XH6Vll1803jTA==
age: 18172
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   21924
Md5:    2ea196bb9d9670ec138eb0c8c23e6696
Sha1:   b0876fd8c0c56c5d34368c16a829c040c23cbaba
Sha256: 1475c052ae8dbc220775cd44b20e508e38db9f09168c57d4a73e0a9027f252f7
                                        
                                            GET /fr/multi/ms/4-960189/js/secondofferv2.js?1565875120 HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PTy8ZrvlItRhn5JMXMMRitcJn3UhHHhC1iAghsU6%2FIjgZCkj5VOwaAx0AVB2YvdFoh5IgPyJy8D8onQ0afYEXWe7knhphAn0WQEV1VhNukG8vswGWlo3A1F1WbvRPTA5VPpX1ZQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776cb584aa29b4f1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   238
Md5:    f5945c4d5e4298d818d50d70865f2857
Sha1:   f35c3593933af2db1933093809ef78f45b9b7144
Sha256: d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
                                        
                                            GET /fr/multi/ms/4-960189/js/MBDTRTP.js?1565875120 HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flyv%2BG0c94t81xLvPM1BdiyeZ300wF8z1kNG3u7ODQ8nfGht2huqGGTY96h8gNPiMkHJEHAafntvTWjAwLfzphhRz9CzESQrSxZLuaOyMRX%2FrnWp7%2BrjG5LRa%2BIcKlTqQrDnk0g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776cb584a88ab4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   238
Md5:    f5945c4d5e4298d818d50d70865f2857
Sha1:   f35c3593933af2db1933093809ef78f45b9b7144
Sha256: d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /fr/multi/ms/4-960189/js/jquery-2.2.4.min.js?1565875120 HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:38:06 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XtNnYMdZLlghn5v4jfjkJrympwzEh9YFaeBCo3ddfHkZ%2FnlsG5VyalKTGQnaeEHR4Qs2xlLbJGxHis9gYryfwDyK7LaSve8o2htMkVy8Issir0MJ2CPWcQNmhP7Iuof%2Fp8a%2F1c8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776cb584af180b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (32065)
Size:   29866
Md5:    0a3d901cd2f878519ca82a740e2f08b4
Sha1:   9ed9e91d3506c23ebbbe37c11688b724e8bc7d34
Sha256: 9dd3fefb398b7d40e8d76f12a9de2780d842df0625f0bdb2f204a83854481ef7
                                        
                                            GET /fr/multi/ms/4-960189/js/backoffer.js HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:38:06 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u38s67dl6iRhCKgb3rhyug64TNzds0J21k%2FtcD90RZkT6SstEv3M7s7Sq6%2BD%2FDxdPG2%2BDghGvzt2m9dFubPwnfMnnd1A67WHFXo%2FsS0EhUwVgwqe48%2BzpCr9s7M8ir2bcttfOic%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776cb584acd90b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (430), with no line terminators
Size:   230
Md5:    d1d761e3721375472889577260906f9c
Sha1:   c5e6e54e8b6b84af216d867dca79eb00c2819e42
Sha256: de8798dd7447b4651ec2d44931c15ceb0d3e5099997b2ddc2452d3f95092a1a2

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /css?family=Montserrat&subset=cyrillic,latin-ext HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 09:28:10 GMT
date: Fri, 09 Dec 2022 09:28:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /fr/multi/ms/4-960189/js/MBDTRTP.js?1565875120 HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gnRqDgSVXIXmD3tg721xjXH6GUrUYJTehkvRp5KRPWdL5uTlReYYdLTABVYfhVlfNY9SqPJoaGxZy536%2BbaePfhZ6Pc%2BxfPmfxDG8tx4b919q15hFiJEwi%2FwRKzYcj5bbltUZBc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776cb587aa020b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   238
Md5:    f5945c4d5e4298d818d50d70865f2857
Sha1:   f35c3593933af2db1933093809ef78f45b9b7144
Sha256: d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
                                        
                                            GET /fr/multi/ms/4-960189/js/secondofferv2.js?1565875120 HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byLoBqSwV93wBeigklvCLel8IUJ3TbR2xcF2g1tJHktHWNRWJ6GV2y387ztY3b1rjWw%2Fu0dhGSav1Yt8Ve1AW%2BCOIVtiiJtzx8cRvZc0i%2Bd%2BhJLZeDK4vtgqWv5sbWCcCnh8lj8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776cb587ea490b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   238
Md5:    f5945c4d5e4298d818d50d70865f2857
Sha1:   f35c3593933af2db1933093809ef78f45b9b7144
Sha256: d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3948
Cache-Control: max-age=89070
Date: Fri, 09 Dec 2022 09:28:10 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:12:40 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.buttygirls.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Dec 2022 14:42:14 GMT
expires: Sun, 03 Dec 2023 14:42:14 GMT
cache-control: public, max-age=31536000
age: 499556
last-modified: Mon, 11 Jul 2022 18:55:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12708, version 1.0\012- data
Size:   12708
Md5:    b4a68b1e743ee317eaaf0bbadd131571
Sha1:   f24f7823d4e3830c7cfa5bcb33733d2897c00f13
Sha256: ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
                                        
                                            POST /s/gts1p5/Ixty6-fFKeo HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /fr/multi/ms/4-960189/images/1.webm HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 206 Partial Content
Content-Type: video/webm
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Content-Length: 46805
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:38:05 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Content-Range: bytes 0-46804/46805
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G8Bn6sH%2BO8O8fhJBgTIQNfLL4Tvmc9jJVlOu7wvEZeghYBgiqaYC2QGgKGytLZvg4XCxlyExqak7c5mCvcZIDxwbF%2BJQL%2FxhS8qy%2BD6JrmHA9%2FOypM5Bl7sSuQGs3ztRD%2FaCmwY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 776cb5891b8b0b55-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  WebM\012- EBML file, creator webmB\20\012- data
Size:   46805
Md5:    dbc0bd6387ccdb214b5e1c784caee90b
Sha1:   56cea5e233a6d815bdde278be1bcdc614928c074
Sha256: e041901dfd63077a7a66dea1cf1bfe10b5b6fae17ac6fc776ddcefb27fbd5bb4

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MhcS65vTf8vNneNpIcrpPA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.42.148.177
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VjZ5/vJuwjqhdQM4aB3iSnC6SPM=

                                        
                                            GET /JAIA.js?sub1=buttygirls.com HTTP/1.1 
Host: zeniocloud.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         167.114.67.56
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.18.0 (Ubuntu)
date: Fri, 09 Dec 2022 09:28:10 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   333
Md5:    b5d830af9fe611315c601ebdecffb9d1
Sha1:   12e233c843bf814830bc5a27c3c34e606bf53541
Sha256: 070586051e420c92680062d2ce14e609e4685546317f4fa048c86cf0ffdbd6f2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fr/multi/ms/4-960189/images/favicon.ico HTTP/1.1 
Host: www.buttygirls.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/4-960189/?cep=25aNViNmowR1XCCyaa9dxEM_QefZiiK6Tbk1_GiLrMA7xh_dseWSlaOBRryqY_tl2E2P5jvakfs8gfeo_naXSY483XS0UCoiMCemfrGXWv2CXIpEGiGUmhwFoibRJfmPA26wp3cxeBXKD7qQkjdsIjSRdhLJ5N6CnA4TF13TvqjUfPC-PbrOWg2Kr5dq1NlIjnlYoMIIaYySl5lp7444o8LXz7Ta2sL_nL-Up3hrY6ZnSWuyPEFrcquQglJVfd1CmNPH_FMEfVZosopJjubm7n5gbNHGFlJjctGuU59wD6nC7ECd4xk5a93b_RcjYH9fwS1gbmX0HMGopu2myFOIPgPSH03YbPKyultrMwyt3t2PyL1SPt12TOWVXZixq3P5&lptoken=169b70f5572798791152

search
                                         104.21.86.190
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:38:05 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oahMeblrXMJ055I9Op0HR40cBEgJmXoedaKhtNVaakeF1NxuYFav9NLfxejmCQPl5WU4U4P7EjGgoPzNaRp9Ld0xQbAkTLKd18iH76fWHF0vI%2Bgv3gO8DNo1owkxtw1RhYLS8bM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776cb58acd090b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size:   4016
Md5:    a51793fe0317686ba089709c57a35b1a
Sha1:   61575816c708298644a9c26859edc3a17ae91ebd
Sha256: b81a8f8301df8f22e0ca12689afd9855d710026631f486c9538fdb08b129b084
                                        
                                            POST /s/gts1p5/Ixty6-fFKeo HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 09:28:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8247
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 09:28:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8247
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 09:28:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8247
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 09:28:11 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8247
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 09:28:11 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47563cf2-d887-4c1d-a3b9-0b5151226171.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8709
x-amzn-requestid: 8c5094d3-3286-44db-bd3f-9369cd8220eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c2LYGGm6oAMFn1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63925900-2ea563bc1b5aa87a0ebd6251;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oHNHICPfq1U2qYhNmrtf5_56-jtn-zOMPGvBdhXICE493RfJ1cFCvA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:59:55 GMT
age: 41296
etag: "cac4e03ae9857def8b094e005647c3e49c34d686"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8709
Md5:    0321199622f614202a646f925521ace7
Sha1:   cac4e03ae9857def8b094e005647c3e49c34d686
Sha256: 042494598add540a49650d5556d33bf53f647d77e64fbf13f3d881ebf251a525
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 20785
etag: "7558222788f06623ddae6e883413e38e1146281e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7897
Md5:    8c3214044657f3b876d1f1848bca5684
Sha1:   7558222788f06623ddae6e883413e38e1146281e
Sha256: e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 1584
x-amzn-requestid: 7743c8a6-118c-4c69-b833-a9e2f5561a54
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw5VEGV8IAMFcOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903c20-41fdf6d004b388f51fa70833;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:09:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: whmRQYshKD6d2Pz3Z0ZCCFr_MEPR1rEek7nVZqf5XeiWpt1LIcjvBQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:35:35 GMT
age: 6756
etag: "9ad22ea868f3b72832243fd11315c68117c7542b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   1584
Md5:    4f6cfc43170be4dd0264f2b0b6bcc329
Sha1:   9ad22ea868f3b72832243fd11315c68117c7542b
Sha256: f5cc67d46241c2f5aebc2515bf8828889f8ceda8112b78cdf925a260b82fd833
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H067kZXU_djWxbWO34bYMqa0xZ-WF9ntEBhZ-kV_TDoJFXQL_J1hqQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:34:27 GMT
age: 21224
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6578
Md5:    8546542f00ea29ef4df6ab8d3c7c2164
Sha1:   5c8ffe91490006a9890188b53f875568c2b6bd8f
Sha256: 7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 13:49:59 GMT
age: 70692
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12748
Md5:    730ba1a8edb79ba6f83b46d1ba5aed7b
Sha1:   55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
Sha256: f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7Dp35PIr_WYUI1bBa21AvmCMEPi0d3jnhuS8eEk3Q3CXRcGWAnkD8g==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 17:01:04 GMT
age: 59227
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5188
Md5:    fba9a3854df65740512f96efe7442e58
Sha1:   8fbff7725c842d70e047c635a725723a9dc9c55a
Sha256: 6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9