r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 405f8f149ccdf0005ca0d890c96a9cb4
64de3200cef76133dfad901d6709697d6842405e
3a10790c397a419450ac2c90b941fd20bc49af1dbaeb34678836306de8febfce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A10790C397A419450AC2C90B941FD20BC49AF1DBAEB34678836306DE8FEBFCE"
Last-Modified: Mon, 16 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5079
Expires: Tue, 17 Jan 2023 10:28:14 GMT
Date: Tue, 17 Jan 2023 09:03:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2258cd6b877a3aca8f4c84074e65ac4b
4e46c70941f8e497e8afc8d078644e7f81761a1c
faac4e0d123f2112b58953c104ea746cd53047fc1ada0ef5d669feecf78ddfff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAAC4E0D123F2112B58953C104EA746CD53047FC1ADA0EF5D669FEECF78DDFFF"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5087
Expires: Tue, 17 Jan 2023 10:28:22 GMT
Date: Tue, 17 Jan 2023 09:03:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d6e2abd68203014e8e24d4a9e20e980a
5edbbb1a36083d5077b90b82e7aa10049e90c5d6
88cf8dae194a5e92a8c36a4c54ae71a609eaaed6e99d3986b3834c40d2fceeaa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88CF8DAE194A5E92A8C36A4C54AE71A609EAAED6E99D3986B3834C40D2FCEEAA"
Last-Modified: Sun, 15 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5630
Expires: Tue, 17 Jan 2023 10:37:26 GMT
Date: Tue, 17 Jan 2023 09:03:36 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 17 Jan 2023 08:49:12 GMT
content-type: application/json
age: 864
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TT7XWhIxSbDalCQdb7K2TBX+a/+OgyFzeu0K1FiZeYOkV8eCVRLeieCAPTt+bm9PjZ5eIyuKQCY=
x-amz-request-id: 0E55X2GTCV52E9GA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 17 Jan 2023 08:44:56 GMT
age: 1120
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 17 Jan 2023 09:03:36 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.buttygirls.com/fr/multi/ms/1-131736/
200 OK 1.6 kB URL HTTP/1.1 www.buttygirls.com/fr/multi/ms/1-131736/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (516)
Hash 1f8c562abb9aa8cb927e7eac53bf4a67
fd8b5621c5c3d6188779efb0b52f24bcf2470366
c786884398a4e30113c335007026167c3691a651074fa9f3e82db4c5d427c880
Analyzer Verdict Alert fortinet Malware
GET /fr/multi/ms/1-131736/ HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 09:03:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=09VP%2FcMQK5ZChvwt2ujxQK%2B6SFgvRoUuTuLAQ9Ejm%2BFD6%2F7c0Pn8JMCF4KSAkwrhhLA6nGbxAaWX56fKpkPKdduObFitNr5iSRF%2BwJfhrEASsUWbOswhumsU4MJ3ib%2B%2FeJ3DDSk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78adeb285a200b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
static.production.almightypush.com/mng/subs_window.js?ver=1644584093
200 OK 20 kB URL HTTP/2 static.production.almightypush.com/mng/subs_window.js?ver=1644584093
IP
Hash ae593f4be1dd1f0710123918b49c4933
66fbe30bb873e0a47d3d72e737d68aa4b6916c26
fdf9ff3f74dcf11d0fa456dcd53cb21550f67f0cfdc11dc29bef595f07b56206
GET /mng/subs_window.js?ver=1644584093 HTTP/1.1
Host: static.production.almightypush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 19491
last-modified: Mon, 05 Sep 2022 12:24:26 GMT
accept-ranges: bytes
server: AmazonS3
date: Tue, 17 Jan 2023 07:07:16 GMT
etag: "ae593f4be1dd1f0710123918b49c4933"
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EIGY51WGQ6B2s_KVebYcNQ2jwPZVX__s__xlsNDiHj5CqjkoaQgFfw==
age: 6990
X-Firefox-Spdy: h2
static.production.almightypush.com/mng/channels/init.min.js?ver=1644584093
200 OK 23 kB URL HTTP/2 static.production.almightypush.com/mng/channels/init.min.js?ver=1644584093
IP
Hash 3b6653c5e8ba364d3a55401890bfcd78
ee999f16f02d41b93d1db2bf3a489fab1034e67a
a598ef0100e73e2d81969e0a59374e915ccfe7c312603b4b1375bbd0e75498d5
GET /mng/channels/init.min.js?ver=1644584093 HTTP/1.1
Host: static.production.almightypush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 22787
date: Tue, 17 Jan 2023 03:58:51 GMT
last-modified: Mon, 16 Jan 2023 12:23:14 GMT
etag: "3b6653c5e8ba364d3a55401890bfcd78"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HGEv0gm48KiFOHhVkH-PSVY-dUUFtmZWfnO-n-h-osZqvbPHGk8vfA==
age: 18286
X-Firefox-Spdy: h2
static.production.almightypush.com/mng/subs_window.css?ver=1644584093
200 OK 6.9 kB URL HTTP/2 static.production.almightypush.com/mng/subs_window.css?ver=1644584093
IP
Hash bd7dbae15f904a4e1213439ebfefddbe
9f7a33b3d6e7965d8b99f0ff56cbf2e2ebb8f78e
30c08f3bb42d9a16155c65fbc952430048e4a84be70b98cb989b2dc977b49f8a
GET /mng/subs_window.css?ver=1644584093 HTTP/1.1
Host: static.production.almightypush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 6945
last-modified: Mon, 05 Sep 2022 12:24:26 GMT
accept-ranges: bytes
server: AmazonS3
date: Tue, 17 Jan 2023 08:02:02 GMT
etag: "bd7dbae15f904a4e1213439ebfefddbe"
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UGHdIb4wAjCpG2XMucTgCENRLuvfKi6RtBu5O_vBIqpmW_cb-we4VQ==
age: 3712
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 17 Jan 2023 08:33:47 GMT
age: 1789
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.buttygirls.com/fr/multi/ms/1-131736/main-style1.css
200 OK 3.6 kB URL HTTP/1.1 www.buttygirls.com/fr/multi/ms/1-131736/main-style1.css
IP
File type Unicode text, UTF-8 text, with very long lines (492)
Hash 57236fe6b47627cb0e18d567e944bdba
b2684b138548cee269d5a750fa34451010ade492
cdfd0faa5ad4501b232905731660fd21591670e703d2d621e1faf2deb1338259
GET /fr/multi/ms/1-131736/main-style1.css HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/1-131736/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 09:03:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:36:38 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BsMDMpjCjBA4JDbAuQI8%2Bf0Qm38qltPhE0WvX0yP2SGm2gm8o5nmRJi1SQdkrooeZBZapifAbFqCt94MOcViVn5arvnp%2BsLTSU9aTCkXUj%2BoRVgrskke7ludQNI5GaLAUh0whwY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78adeb2c0e480b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/fr/multi/ms/1-131736/js/backoffer.js
200 OK 230 B URL HTTP/1.1 www.buttygirls.com/fr/multi/ms/1-131736/js/backoffer.js
IP
File type ASCII text, with very long lines (430), with no line terminators
Hash d1d761e3721375472889577260906f9c
c5e6e54e8b6b84af216d867dca79eb00c2819e42
de8798dd7447b4651ec2d44931c15ceb0d3e5099997b2ddc2452d3f95092a1a2
Analyzer Verdict Alert fortinet Malware
GET /fr/multi/ms/1-131736/js/backoffer.js HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/1-131736/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 09:03:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:36:41 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FvK374%2BZg1%2FgrNE1W53XU%2BCQonDNZzCL8YRUpg3PpYYJr5Es9sm1b6o3%2BH3ulfgD7ZEXCYIyokt6DCWW49lx9IM9EgV0U8lGa1aB2hW6snvCh%2Bexnh8VJBrT94gPn5mylQ1xyH8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78adeb2c08deb512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 04bf663bb28fae82befd6205f2222f16
cabcb8fb93b3185d9423d52736f77d46e8ecab9b
d5236d20329dde4a4f4bde8da7e827577e0d9075f191e3c6ddf85881cd37d424
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5236D20329DDE4A4F4BDE8DA7E827577E0D9075F191E3C6DDF85881CD37D424"
Last-Modified: Sun, 15 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3252
Expires: Tue, 17 Jan 2023 09:57:48 GMT
Date: Tue, 17 Jan 2023 09:03:36 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 1b2e51abfd12507b00ebd8b7afda6308
4d3d5fa49e007714dd37da7da25d9d490d05bd0a
85a04d4cf987fcc2d087ab815a8d373e164a2adf2bf478e7a5c1fae3e109ba26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 09:03:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash d03545e1fc5a8876441094039811aac5
99fcc840f3516298625c528e9b408132f7fcbb9c
166fa7c7bb716b2cd02a47884ee00df31030dfb4b2a6fdae7b59b19f87739123
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5930
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 09:03:36 GMT
Last-Modified: Tue, 17 Jan 2023 07:24:46 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 1b2e51abfd12507b00ebd8b7afda6308
4d3d5fa49e007714dd37da7da25d9d490d05bd0a
85a04d4cf987fcc2d087ab815a8d373e164a2adf2bf478e7a5c1fae3e109ba26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 09:03:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UNwa6Uq5Y9Nes6V/Ho5Bkw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: M5FvU3CIObeEZUiMpBWHkd+rwgs=
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8b4c80fca9a7bc1b84369cdb60024668
91427b4fd16fa613fb83f053b271f00396b36e90
07bb6c4b267a5f46a15cca9ad9644ca38af67daa1448ad67f583f58e3c8dfcc1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 17 Jan 2023 09:03:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 12956, version 1.0\012- data
Hash 1c772d9d0531b187db80bcfc199c1786
c0c04fb334190e10dffed0dcc5c817c2a6041a15
122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.buttygirls.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12956
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 10 Jan 2023 15:42:42 GMT
expires: Wed, 10 Jan 2024 15:42:42 GMT
cache-control: public, max-age=31536000
age: 580855
last-modified: Wed, 27 Apr 2022 16:54:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
zeniocloud.com/JAIA.js?sub1=buttygirls.com
200 OK 804 B URL HTTP/2 zeniocloud.com/JAIA.js?sub1=buttygirls.com
IP
Hash 24ade2bbcf1b780f71e8321f3df1b47c
6de896da82604187fc969b3591557895c8771e60
816900b42608faf62ad25736b560b78d0ac7cd68ad4803fd5cadf7a0ca8036b1
Analyzer Verdict Alert fortinet Phishing
GET /JAIA.js?sub1=buttygirls.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Tue, 17 Jan 2023 09:03:37 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
X-Firefox-Spdy: h2
www.buttygirls.com/fr/multi/ms/1-131736/age.png
200 OK 4.7 kB URL HTTP/1.1 www.buttygirls.com/fr/multi/ms/1-131736/age.png
IP
File type PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 46cb3edc4a2ea526989b8c22ba6144bb
307edaf289185e85a5af9f777dade274c8e381b5
af583d4b34b8c7ea070531ba08a688388d35f9184891041edf6203a49d745bc3
GET /fr/multi/ms/1-131736/age.png HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/1-131736/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 09:03:37 GMT
Content-Type: image/png
Content-Length: 4652
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:36:39 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gsHDlT2mkpo47CYfSH1YTObtdMWs9J1fWwrmBZtRLatYFDtN91Cf6hzGw7nhWoknp%2F4h6YVkMDb8E9yazEA6dKZ%2BHy4Aq1HJi17mRV%2Fep8W3cRLpKqzj5Z2NmTtWM4%2BWXrVE2Jw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78adeb30dfc7b512-OSL
alt-svc: h2=":443"; ma=60
www.buttygirls.com/landings/115403/1540306501/images/bg2132131.jpg
404 Not Found 238 B URL HTTP/1.1 www.buttygirls.com/landings/115403/1540306501/images/bg2132131.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
GET /landings/115403/1540306501/images/bg2132131.jpg HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/1-131736/main-style1.css
HTTP/1.1 404 Not Found
Date: Tue, 17 Jan 2023 09:03:37 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6xkZ%2BQdicvdGRVFK2COS7g9WHWXy%2FZRm%2BNXk4ajlK6A3Yi5HsHM6ijwqPp2jWxoBqUmv6rsTQ9jtOyMPGll%2FAJo%2BEjq%2F41RoE%2FGA%2FD%2BJi2wXjNJWTOGWpsQXQJFS6bmZaCz8lys%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78adeb30da4d0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/fr/multi/ms/1-131736/overlay.png
404 Not Found 238 B URL HTTP/1.1 www.buttygirls.com/fr/multi/ms/1-131736/overlay.png
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
GET /fr/multi/ms/1-131736/overlay.png HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/1-131736/main-style1.css
HTTP/1.1 404 Not Found
Date: Tue, 17 Jan 2023 09:03:37 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5PL2XaP0cyARscgqYOTMXdiSYDGHf%2BQdGuHzcThd56PaWwtj%2FwzJd0H0QvJAjLL6JL44EM4XeJbO2V%2FdzbU3KbmseuJTJj7DWkpABv6RfiFhDRfZ9xehawAGAF3c%2FSLHe%2BKkxF0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78adeb30dabab523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
alexatracker.com/jscode/JAIA.js?sub1=buttygirls.com&sub2=&sub3=&sub4=&sub5=&prid=
200 OK 0 B URL HTTP/2 alexatracker.com/jscode/JAIA.js?sub1=buttygirls.com&sub2=&sub3=&sub4=&sub5=&prid=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /jscode/JAIA.js?sub1=buttygirls.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 17 Jan 2023 09:03:37 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
set-cookie: trbarid=480e095459f0946217878a61474ba3a3697cd877be89654b7984e0b145922c2aa%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A7644512330755499113%3B%7D; expires=Tue, 21-Jan-2025 09:03:37 GMT; Max-Age=63504000; path=/; secure; HttpOnly; SameSite=None
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kd7U0sWViPFNYQaobvb5ccFcsnscVlcHk8%2FegL5c8TE01m7lbvywVQhh389uJ7bvFRSAXGPm17ADAFROUM7yQ6yv4r1lSL%2FsIt9A01kSu%2BtifA4h6gyT10rwziqasYT3GSO6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78adeb30f8e1b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.buttygirls.com/fr/multi/ms/1-131736/favicon.ico
200 OK 4.0 kB URL HTTP/1.1 www.buttygirls.com/fr/multi/ms/1-131736/favicon.ico
IP
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash a51793fe0317686ba089709c57a35b1a
61575816c708298644a9c26859edc3a17ae91ebd
b81a8f8301df8f22e0ca12689afd9855d710026631f486c9538fdb08b129b084
GET /fr/multi/ms/1-131736/favicon.ico HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/fr/multi/ms/1-131736/
HTTP/1.1 200 OK
Date: Tue, 17 Jan 2023 09:03:37 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:36:38 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PNWQ6%2BYPH0UVBmdLn7%2FhMbIMsyc32UH%2BsQV85k0qCkyrbkgiQjm8goJph3NRRomig8mxsU17AM1hEHz9VnZnsVIF0R1CfL5M%2FEIrRge%2BSbNP2zu2eSwvKqlYri98Y2BoS442tsg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78adeb3249efb512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11475
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 09:03:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11475
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 09:03:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6b6a65d2536cc8f99e68793ae265b595
f65e75f8419bd83e26f49def7fa2604db5f77b4d
94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11475
Expires: Tue, 17 Jan 2023 12:14:53 GMT
Date: Tue, 17 Jan 2023 09:03:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47377411-4225-4a7f-9b29-bac47746e2af.jpeg
200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47377411-4225-4a7f-9b29-bac47746e2af.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 01321bb31aac6393ee3150260d0f91e9
fc182e84ad2b7909716478769b7d13f71bc38321
3c9e95d5cabd35ce0b5b5c3722b1df2b1a3c6e5cb7a98f48bc4957fd4a0abd3a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47377411-4225-4a7f-9b29-bac47746e2af.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6527
x-amzn-requestid: 43b20702-cb08-4060-9281-7d6dfaf0e712
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enh-fF40IAMFzgQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bfb05c-7bb3633b4c52e447419a72fb;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 07:01:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iSG746JBnvmdq2ooyVhli9dVoyxdPICN9JVzZE3G_SYX5-oXl0dtKg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 20:52:28 GMT
age: 43870
etag: "fc182e84ad2b7909716478769b7d13f71bc38321"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F385b83d3-24b4-4a2f-b857-c5ad36c6c6f1.jpeg
200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F385b83d3-24b4-4a2f-b857-c5ad36c6c6f1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dcaf94e244d0b492c26d4964836f4913
fde259440056930606a16b88e6d87e2edc420bd6
6cc207b89ceda6a27a0c9905a3284044984af07cdf5eb91a84b93bc56e414806
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F385b83d3-24b4-4a2f-b857-c5ad36c6c6f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3027
x-amzn-requestid: 9599f603-0ef7-40c7-aa0e-699a82057dc8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2tr0GvUoAMFfmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c318-3d11e6404c85fcb737852aaf;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: w9U7jKrDbganO37QtU-I_g8A9G3XEHtsj-z6s0UF419IdEj_Zw1-uw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:46:15 GMT
age: 40643
etag: "fde259440056930606a16b88e6d87e2edc420bd6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad391a3-52d8-4a92-ab46-4ad076c43cf8.jpeg
200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad391a3-52d8-4a92-ab46-4ad076c43cf8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad210f0ba6ce6930724549cbba76e83d
e4badc3fbca9913bc11d968dac5cad1f900ff492
ad5f754d5dbe870feabfe090a46838614e96d72e78b9a2a8010ab339c67130be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad391a3-52d8-4a92-ab46-4ad076c43cf8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9529
x-amzn-requestid: 56f2b9a5-91c6-421a-ad84-165376e23dcf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2tm6Fm-oAMFrDQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c2f8-67a0c1fe6aad6e6b71e50463;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mzmFGVDfMuZte5CJUmchEQIVAuDUKdGfUpm7PRTUqnsP44IcDmbl8A==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 21:46:15 GMT
age: 40643
etag: "e4badc3fbca9913bc11d968dac5cad1f900ff492"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe32b9b2c-d57e-40ba-bdaa-0cad85d59f33.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe32b9b2c-d57e-40ba-bdaa-0cad85d59f33.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e29bab4151d6c143d3cf16e7a34b0390
38f5261653926d95074fa5550af5d77a25ebd74e
84bbdf1850d2d76ebb06c7a84446e4723e62a9d9b8e459ec6b833e5892ef66fb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe32b9b2c-d57e-40ba-bdaa-0cad85d59f33.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8488
x-amzn-requestid: 5e260260-bd4b-44a5-919a-a6085a057c0e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eq1xkHSiIAMF9zA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1033d-2e4e00dd43f10f0e0a3e0ac4;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 07:07:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jMMpXVZv5S99cInAAttvwEAoUcEDjzHChJMj1dJdVeQFOQEtX5C-cA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 00:27:28 GMT
age: 30970
etag: "38f5261653926d95074fa5550af5d77a25ebd74e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f84f3a0-4f01-4cfe-bde0-a7d64664f3d7.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f84f3a0-4f01-4cfe-bde0-a7d64664f3d7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ec0e283376914297c3fb2464ed15a31b
acd84e057b6c618fd3b31915983998c00fe21dc4
3d02b82d8f6a00703de7594f5b34baf0010294c1a7023818344ca341e4ac203c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f84f3a0-4f01-4cfe-bde0-a7d64664f3d7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10660
x-amzn-requestid: ac5d6edc-5228-4318-a99f-c08d3265aa87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3HXpH4PoAMF78Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5ec30-044bf7c40e44de637c0c2dba;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 00:30:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkEloLsB0trkJ9t_rqIbVsZmUi9ytfJ9JdQ-zjs7ZM5smU4xVwvkxA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 17 Jan 2023 00:31:58 GMT
age: 30700
etag: "acd84e057b6c618fd3b31915983998c00fe21dc4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93fda3d0-f25d-4038-bce9-349d25d63a74.jpeg
200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93fda3d0-f25d-4038-bce9-349d25d63a74.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd54f560a77956e0ffb9645ba786c193
0a67ed30b7b9c66a6ccd2a72cd0de27b0fd38509
359fd1bdac8f7106b2d1dc71136ddca2bb70e95fab441af114e24d04fa69afe7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93fda3d0-f25d-4038-bce9-349d25d63a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7847
x-amzn-requestid: 15cc6d5b-0805-4828-9bdc-5067a2d542d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: evbCYETXoAMFVqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c2d875-5ff79c917007ccbd40957aa3;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 16:29:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4MTdWQGgqXhGjGRJbtMqJPn__CZJyfhtbDU81Ay-SaZE2CGJ55s8Lw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 12:04:57 GMT
age: 75521
etag: "0a67ed30b7b9c66a6ccd2a72cd0de27b0fd38509"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Source+Sans+Pro:300
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Source+Sans+Pro:300
IP
GET /css?family=Source+Sans+Pro:300 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 17 Jan 2023 09:03:36 GMT
date: Tue, 17 Jan 2023 09:03:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
104.21.86.190
34.117.237.239
93.184.220.29
167.114.67.56
23.33.119.27