www.buttygirls.com/esus/multi/ms/7-216324/
200 OK 3.6 kB URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash cca3ee285691387c812356d830e6e057
4008eebe171accb24150d7c82e6f1ea472420bcf
16108acd591471f3e47e285fd2c2ea4a06f39816ae424566199bff4b7a9a1dbb
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/ HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 07:50:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Awm6fcXFwGvAJ9Fn6iUNcZg3pwdvis1BPyW9S%2Bk%2BZZUvfzJb8P60ER9bamqiPrlnt4sIwT67zZ57ByHUnvrXmqXwQussmjWdAHhH7ZHcejIyuBVndwkuFUzRILuZmxgfsROjNlg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77e7bef82ee5b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ede732d48f2c32ad5e3b899bb4348df9
15fa12733818b3ae39f3022a715ed0f431b28242
446c9bf6bc38a43f5758f6f44f89ad76eff44eb8779cf7e62bbfeb002b298dee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "446C9BF6BC38A43F5758F6F44F89AD76EFF44EB8779CF7E62BBFEB002B298DEE"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5847
Expires: Sat, 24 Dec 2022 09:27:52 GMT
Date: Sat, 24 Dec 2022 07:50:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d6a971d765338f107fe9d2c67fa4bbdf
a72bdf191446a37fa0420cc9d7c087aaff757cd6
dc5291c136b0b81621a02679a31f6b7c852e2803429d54c2a9afcc8edf031328
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC5291C136B0B81621A02679A31F6B7C852E2803429D54C2A9AFCC8EDF031328"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2871
Expires: Sat, 24 Dec 2022 08:38:16 GMT
Date: Sat, 24 Dec 2022 07:50:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 24 Dec 2022 07:34:51 GMT
content-type: application/json
age: 934
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f7f0ad5c2841a345f98197c2f1e86f4d
84cbfd91934a8715baba4a2da46451f35597c99c
be30540f2e06a3565c9b38bdbb9691f707d692b196bdcef5d671708aa9609795
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE30540F2E06A3565C9B38BDBB9691F707D692B196BDCEF5D671708AA9609795"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2371
Expires: Sat, 24 Dec 2022 08:29:56 GMT
Date: Sat, 24 Dec 2022 07:50:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 98z4SToiI6yR0rEZSxkPZYfSIqpTjYEzhkhbL/zADsLzpuApcEoRiVUX7b2Q5Zbm1VYup2rN+GA=
x-amz-request-id: C5699Q40ANSS0JMF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 24 Dec 2022 06:56:30 GMT
age: 3235
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 07:50:25 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
static.production.almightypush.com/mng/subs_window.css?ver=1644586917
200 OK 6.9 kB URL HTTP/2 static.production.almightypush.com/mng/subs_window.css?ver=1644586917
IP
Hash bd7dbae15f904a4e1213439ebfefddbe
9f7a33b3d6e7965d8b99f0ff56cbf2e2ebb8f78e
30c08f3bb42d9a16155c65fbc952430048e4a84be70b98cb989b2dc977b49f8a
GET /mng/subs_window.css?ver=1644586917 HTTP/1.1
Host: static.production.almightypush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 6945
last-modified: Mon, 05 Sep 2022 12:24:26 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Dec 2022 06:10:11 GMT
etag: "bd7dbae15f904a4e1213439ebfefddbe"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xiMO5adwtSJB4jQRK1ANeQYiVXYuYPimEdGnSTWi6wATJZKpA4EF9g==
age: 6132
X-Firefox-Spdy: h2
static.production.almightypush.com/mng/channels/init.min.js?ver=1644586917
200 OK 22 kB URL HTTP/2 static.production.almightypush.com/mng/channels/init.min.js?ver=1644586917
IP
Hash 2ea196bb9d9670ec138eb0c8c23e6696
b0876fd8c0c56c5d34368c16a829c040c23cbaba
1475c052ae8dbc220775cd44b20e508e38db9f09168c57d4a73e0a9027f252f7
GET /mng/channels/init.min.js?ver=1644586917 HTTP/1.1
Host: static.production.almightypush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 21924
last-modified: Mon, 05 Sep 2022 12:24:26 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Dec 2022 19:48:50 GMT
etag: "2ea196bb9d9670ec138eb0c8c23e6696"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Roejzr50TSC6cPin_REsuX7iIBamcD1hkwZSzfPsSFYPuyOCFXsyCg==
age: 43403
X-Firefox-Spdy: h2
www.buttygirls.com/esus/multi/ms/7-216324/css/normalize.css
200 OK 2.1 kB URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/css/normalize.css
IP
Hash 3a8aa2b923c16206db04bc6c69f1a58f
f2d28e1d8ce197bbfbebf4314949ef8cb3e5d58e
1a75f821f5beaf52dd5466522392998eaf1b150047fb58b144c001f14dd0a174
GET /esus/multi/ms/7-216324/css/normalize.css HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 07:50:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:27:25 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gi0fHgl3kGgDrOZlkAVlndl%2BYm1Q7e5DXH3nzq51uaEsPKHOY3JD2Stg%2B65ujuX19g5wz0ld%2BKpoaygE25M%2FpsxeNPlPmvgHyqw1RiqJrk%2BW5dJuZaaoqZTWGUx%2FIOBV3XpwK8o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7befb38b3b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/css/style.css
200 OK 1.8 kB URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/css/style.css
IP
Hash 7eded0c259bed040a6838742da7f82fd
d7448cfc776a4fdc8fb6cd953bd77c72b1f3fe0c
f6b82e40f5b4eefbb63fa076d9f25c22dac47dab1b7302abfa63f9cc29dab356
GET /esus/multi/ms/7-216324/css/style.css HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 07:50:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:27:25 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cUjolQuv3Rxx1KVukcOf4PM7RjBKYiXi5oYTQ2fgIF0YE1mnFAdBGG3fEL86Vjuqw%2FsVhPYQfYrfo53uR8NTzC%2BcbFF29BsriRCmh%2B16O%2Bporf5eivdUjqAM6uOY6YL9C2Wbcf8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7befb39320b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/js/jquery.min.js
200 OK 33 kB URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/js/jquery.min.js
IP
File type ASCII text, with very long lines (32047)
Hash 681f5acb09e41b111a796c7a4eddfe73
8793aadb0e45567d84f2c4bd03e9ff49e615e3cc
d9a28a18def7d05077f968ad00a30534a017a097134f6da9c924862d93aa62ca
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/js/jquery.min.js HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 07:50:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:27:26 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rycyZZt1WLaXzi74fESOQG87vLGT%2BSuPZScuikr6ne84KWk6RzPQsnYeH3iqtelnzIuxQbOSvvupTBjVV1ENo4mJfP3cwRLRsfEIOBJq2QR1sGgMMO8psI%2Fj%2F4Va%2FNJ4zyJwp4k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7befb3f72b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/js/inline_video.js
200 OK 1.3 kB URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/js/inline_video.js
IP
File type ASCII text, with very long lines (3011)
Hash ab03e3a189486b315c2e0bc4de293527
59aa7f71eedcf7642f22a9c50ae955292cb3ea39
b1d4e79daa51c97053fa4b2da8a5001ec23c2f7c9322ee7426bc2a16b2f34f5c
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/js/inline_video.js HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 07:50:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:27:26 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OEvqlZyYyCI24fOSjOmxeplhnBT31RGBaAIAJzVthuN2Sqt7Hzr1c2gJdhOcYXES4exnxW4ZmBTbFV1tIQY8KQBX9Nkb5hZgwBcjTC2WpUFc7EExMDuPh4LvSR1BYpnDl1kc15U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7befb4e3efac0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/js/ip_api.js
200 OK 354 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/js/ip_api.js
IP
Hash 792f5be3a6ab4b300b164593323d05b1
b86d12ba7693b0d14bd5c59677eb4bc68265f17e
f2aa9bae5d96991cbdf05bff51bc3606354a430c19dea760e4e1bbf3d28d8789
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/js/ip_api.js HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 07:50:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:27:26 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EkHNqF8z891zQVACeUJV0P6xvCL%2B9hy61VtcXa8nmlc%2BRR5wRLicHhwwftkzCEudzl2dE1gsQOkOxJ%2BYW6G1%2Fbqk9xiAnMOGEJ4jCLVX5dcLX%2BtGC9cJsBAzvGG85QqajYXeHdI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7befb3baa0b06-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash dc2725df0fb812e32298bb7faaf0c231
4ce4ac649b05b8eedab5bda51f4baf5f98417689
1a60eb1f9b71718c2061dfeb9de8241bef6fecab5d48adbc8ce3a89d1dddb8f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 07:50:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.buttygirls.com/esus/multi/ms/7-216324/js/backoffer.js
200 OK 230 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/js/backoffer.js
IP
File type ASCII text, with very long lines (430), with no line terminators
Hash d1d761e3721375472889577260906f9c
c5e6e54e8b6b84af216d867dca79eb00c2819e42
de8798dd7447b4651ec2d44931c15ceb0d3e5099997b2ddc2452d3f95092a1a2
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/js/backoffer.js HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 07:50:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 15:27:26 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLF8lCS%2BdSHTw1m98GTh%2FJTIZqshuPrxLDKwTrZLdalaKRq28Zd023a%2B0hLdjBdnPRLGhK3CpSw2BzFBQ%2FqWJKmNhcc3c3iO6NX%2BV7J1TLO3K5s1C71Rp8%2Ff9ywQX7lYS10B3v0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7befb89af0b3d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash dc2725df0fb812e32298bb7faaf0c231
4ce4ac649b05b8eedab5bda51f4baf5f98417689
1a60eb1f9b71718c2061dfeb9de8241bef6fecab5d48adbc8ce3a89d1dddb8f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 07:50:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d2bf6fe221d399351ea55cd1df5e81cb
8e013f2614172acc898d49036e2c480588ac0cf9
45c0ba5a59dddefddd842cccb8b7bd8d6d3e814e58395c43ae6adc024e783f0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45C0BA5A59DDDEFDDD842CCCB8B7BD8D6D3E814E58395C43AE6ADC024E783F0F"
Last-Modified: Thu, 22 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2393
Expires: Sat, 24 Dec 2022 08:30:19 GMT
Date: Sat, 24 Dec 2022 07:50:26 GMT
Connection: keep-alive
ip-api.com/json
200 OK 277 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 47abdf32b87fc82ed4160af504891507
290f0d4d0cef4cd5983db4bfe53c02a3f4193a6e
9df7a6b6ab363f5e4b96012311150f647cc5b24830f32f9cb621ddfbfab0d823
NIDS Severity Alert suricata medium ET POLICY External IP Lookup ip-api.com
GET /json HTTP/1.1
Host: ip-api.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.buttygirls.com
Connection: keep-alive
Referer: http://www.buttygirls.com/
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 07:50:25 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 277
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 24 Dec 2022 07:33:25 GMT
age: 1021
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash df00b86b62a09d9b6982d6d4e701b729
fd3d524998a8db4271304c6be3af39cb336ecc57
8047768025dcdd36cdb42658fb155c582d8d7a04824ddc3aee287ac6b137e91e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 24 Dec 2022 07:50:26 GMT
Etag: "63a5304a-1d7"
Server: ECS (dcb/7EA2)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Z9buotl7Y-A9Kbvm660gsYimWUbv5BSkPQc6cAht7oS9LRa5IzJBHw==
static.production.almightypush.com/mng/subs_window.js?ver=1644586917
200 OK 20 kB URL HTTP/2 static.production.almightypush.com/mng/subs_window.js?ver=1644586917
IP
Hash ae593f4be1dd1f0710123918b49c4933
66fbe30bb873e0a47d3d72e737d68aa4b6916c26
fdf9ff3f74dcf11d0fa456dcd53cb21550f67f0cfdc11dc29bef595f07b56206
GET /mng/subs_window.js?ver=1644586917 HTTP/1.1
Host: static.production.almightypush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 19491
last-modified: Mon, 05 Sep 2022 12:24:26 GMT
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Dec 2022 05:57:16 GMT
etag: "ae593f4be1dd1f0710123918b49c4933"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: z1cEMRVqyaw0w18YfVbOHlVPWhVWdyEm9hdNHJxjaaM0SIc1UA4R6A==
age: 7190
X-Firefox-Spdy: h2
www.buttygirls.com/esus/multi/ms/7-216324/images/frame.jpg
404 Not Found 238 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/images/frame.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
GET /esus/multi/ms/7-216324/images/frame.jpg HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 404 Not Found
Date: Sat, 24 Dec 2022 07:50:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8htJUQHNagNUwor4mPCwbhEIta6mzQS6TLX9S6%2Bk9uK9Up7tc7KAFnT%2FlQE8X%2FJlCYwJdxoDzC5v6kmXfzXUr66nXn5I4LIe7efO7npFWv1YdSlHVq25bcnHsRq1BC0wg%2F62RwM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7beff2b0c0b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/images/loading.gif
404 Not Found 238 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/images/loading.gif
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
GET /esus/multi/ms/7-216324/images/loading.gif HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 404 Not Found
Date: Sat, 24 Dec 2022 07:50:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E9LVBm%2BOsf8op4dQ4o0JqPncVDC2ZgnNoxdmxD%2B%2Be%2F1OotiHrZgjmACoiCiGIUy7J8vf5Rw5%2BOZBJ7ZMbgWHQ%2FIEdkHSobQ1yaczWtPNCJYmoszWKKSedK%2FQLUcztUMnBzWlPtg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7beff2a8cb4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/css/CenturyGothic.woff
404 Not Found 315 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/css/CenturyGothic.woff
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/css/CenturyGothic.woff HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/css/style.css
HTTP/1.1 404 Not Found
Date: Sat, 24 Dec 2022 07:50:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Y1RWPVsEsnrxw3W9Yw2CbeglyFEcqEnrUC3EoE3oUfjVW4WVGUDzicFU554gUhR0fsO5DrX5kALj519rNQrYvXNixTV%2Fzbvnwn4JU8gr%2BXdk04znhpBQ2%2BdypPE4cYMlizLdIo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7beff7fd9fac0-OSL
alt-svc: h2=":443"; ma=60
zeniocloud.com/JAIA.js?sub1=buttygirls.com
200 OK 804 B URL HTTP/2 zeniocloud.com/JAIA.js?sub1=buttygirls.com
IP
Hash b70ed730df4eaee67003cd01c380b125
b004f4ed65d10646ddb13d9001f7db4ee6caff0e
74e3a7f7637624df9f06016edfdb74c038cb536d485fcc3f639c417810dc3dfe
Analyzer Verdict Alert fortinet Phishing
GET /JAIA.js?sub1=buttygirls.com HTTP/1.1
Host: zeniocloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 24 Dec 2022 07:50:26 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
X-Firefox-Spdy: h2
www.buttygirls.com/esus/multi/ms/7-216324/css/CenturyGothic-Bold.woff
404 Not Found 315 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/css/CenturyGothic-Bold.woff
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/css/CenturyGothic-Bold.woff HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/css/style.css
HTTP/1.1 404 Not Found
Date: Sat, 24 Dec 2022 07:50:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rVcvtgtdzO0MxhDfGFT%2BBV3A9UHL44VM9VR1y7%2BcjKaPd%2Fo2A4FKyhgieSXcvwQJcS5VPHiCKQ673FA%2F2%2B23e9n1cwME89Ih70tsSFsUKrrN8KZzodUwuo43GE9c7VAro4i3CzA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7beff7d680b06-OSL
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/images/girl-v1.webm
404 Not Found 315 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/images/girl-v1.webm
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/images/girl-v1.webm HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 404 Not Found
Date: Sat, 24 Dec 2022 07:50:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g5KIB0W6hk189LegNFBvXBxPUjkpFMIgiBlK3uJoYzDEZGFnIXIdkMQoN66sblJTCGmwZRNN6nhm1YW7vVuffXegvS%2BU%2BFwQNw%2B%2FLDSxzSTrmlUnqnCI4fdGfvtcVJNMGyGyrXE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77e7beff8c440b3d-OSL
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/css/CenturyGothic.ttf
404 Not Found 238 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/css/CenturyGothic.ttf
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/css/CenturyGothic.ttf HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/css/style.css
HTTP/1.1 404 Not Found
Date: Sat, 24 Dec 2022 07:50:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RofSBpCT7x%2BwAdLMiB%2FABZO%2FP4G669hQK%2Fte2q2gNE35Xk4jMxriLYr0kDH9ivN7e56dc7rjvZFQ0aDqJ1CBV8pZy6xTADmuMRjYulQpihflzHFVb2ci04wiitnGgDxtkj6wgI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7beffcb21b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/css/CenturyGothic-Bold.ttf
404 Not Found 238 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/css/CenturyGothic-Bold.ttf
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
Analyzer Verdict Alert fortinet Malware
GET /esus/multi/ms/7-216324/css/CenturyGothic-Bold.ttf HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/css/style.css
HTTP/1.1 404 Not Found
Date: Sat, 24 Dec 2022 07:50:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2FZd3wtG5CownKRBHvs9BMkEB3ZuCK3oe6Z87kn8BHcj3pJwnEODE4nf048gAANT3AJupBf8JCPHm3gYlGkdn%2BFR3v9ZPWP6jtSj4RgDWlP%2Bvm%2Bcf6vGA1pcyRXW%2F9Ki9K3uBTg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7bf000b680b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
alexatracker.com/jscode/JAIA.js?sub1=buttygirls.com&sub2=&sub3=&sub4=&sub5=&prid=
200 OK 0 B URL HTTP/2 alexatracker.com/jscode/JAIA.js?sub1=buttygirls.com&sub2=&sub3=&sub4=&sub5=&prid=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /jscode/JAIA.js?sub1=buttygirls.com&sub2=&sub3=&sub4=&sub5=&prid= HTTP/1.1
Host: alexatracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Cookie: trbarid=e9db5496642b96a40a01341d62c2e1a8be3acec33539b594755956a0cc9c9e2aa%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bi%3A8481043063750698574%3B%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Dec 2022 07:50:26 GMT
content-type: application/json; charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=asw3Ml9k4G%2FOz3iBOICyvgHBkBuhsI93GaQnGQQJ1VK0a78uEPxHjd0bu%2Fux435kkr8gUP7dObdETV6n%2Bkng4jS1SwrBPe8mXBw7JqjnjQoA3FmTi%2B%2BeiJbMtu9FV6jPjvUE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77e7beff5f42b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.buttygirls.com/esus/multi/ms/7-216324/images/android-chrome-192x192.png
404 Not Found 238 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/images/android-chrome-192x192.png
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
GET /esus/multi/ms/7-216324/images/android-chrome-192x192.png HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 404 Not Found
Date: Sat, 24 Dec 2022 07:50:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjhwDJ17rEbY1AMaGEGBP6rpOsDzsatIxCLYfRorlpL5w0IHaw2ij5BFWAvPEsUPSM4UxnyPbNWqwFUsj0oXJlqemijql8CPCv3tpHK8bV2pWXNLdIrt7EUo8G2SH2WYJmaL1H8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7bf009bc2b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.buttygirls.com/esus/multi/ms/7-216324/images/favicon-16x16.png
404 Not Found 238 B URL HTTP/1.1 www.buttygirls.com/esus/multi/ms/7-216324/images/favicon-16x16.png
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f5945c4d5e4298d818d50d70865f2857
f35c3593933af2db1933093809ef78f45b9b7144
d2a3f46998410a6fa09375f2813da63aa04bbc6caae20e770da12530ba881b38
GET /esus/multi/ms/7-216324/images/favicon-16x16.png HTTP/1.1
Host: www.buttygirls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.buttygirls.com/esus/multi/ms/7-216324/
HTTP/1.1 404 Not Found
Date: Sat, 24 Dec 2022 07:50:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9CxP1nIMldv2taJi3XMWlGB4uChiFf3rps5eeKPKjJV19EWMy8ndKQhCtSWZY1hXlONPL1M4yWhr9GKBME9ybZkfvaiYahUwXO3VxpxuLzmFxWyKbOvkO9oCSlBco1m8E%2BiDTks%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77e7bf009bae0b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3KTYoDNHUXMGLTP9WgOMRQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NWI02EqCWdo2ucUcdF2jIN1A3Xg=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6ce699bd0db3ee9d3a4ef6dcf941f9f1
14d813942d74d801024c42e2a4628ecd9306d2ad
060de67922db1f612b7f4c173f11e8714c8329d20fbec45a421bcefe7451f388
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060DE67922DB1F612B7F4C173F11E8714C8329D20FBEC45A421BCEFE7451F388"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16836
Expires: Sat, 24 Dec 2022 12:31:04 GMT
Date: Sat, 24 Dec 2022 07:50:28 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6ce699bd0db3ee9d3a4ef6dcf941f9f1
14d813942d74d801024c42e2a4628ecd9306d2ad
060de67922db1f612b7f4c173f11e8714c8329d20fbec45a421bcefe7451f388
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060DE67922DB1F612B7F4C173F11E8714C8329D20FBEC45A421BCEFE7451F388"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16836
Expires: Sat, 24 Dec 2022 12:31:04 GMT
Date: Sat, 24 Dec 2022 07:50:28 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6ce699bd0db3ee9d3a4ef6dcf941f9f1
14d813942d74d801024c42e2a4628ecd9306d2ad
060de67922db1f612b7f4c173f11e8714c8329d20fbec45a421bcefe7451f388
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060DE67922DB1F612B7F4C173F11E8714C8329D20FBEC45A421BCEFE7451F388"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16836
Expires: Sat, 24 Dec 2022 12:31:04 GMT
Date: Sat, 24 Dec 2022 07:50:28 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6ce699bd0db3ee9d3a4ef6dcf941f9f1
14d813942d74d801024c42e2a4628ecd9306d2ad
060de67922db1f612b7f4c173f11e8714c8329d20fbec45a421bcefe7451f388
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060DE67922DB1F612B7F4C173F11E8714C8329D20FBEC45A421BCEFE7451F388"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16836
Expires: Sat, 24 Dec 2022 12:31:04 GMT
Date: Sat, 24 Dec 2022 07:50:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg
200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a63236113546a7bfb369d741c2b76e2
737f6730f63deff51a39ef094fa1a263b91db89b
b811838126a7d3e814415c3b869f9f224361ef468c08c4c7d5e385371149263a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8078
x-amzn-requestid: 0fa11c0d-584a-4790-83fe-d10780dd6df9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnncXGjDIAMFvfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f82-452f8acd148122756a8f0230;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZsYREhlLzv_oHiB1qgGuelsC8t99SUMILEGgU42tKWeugQUU5iFgBA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:47:42 GMT
age: 36166
etag: "737f6730f63deff51a39ef094fa1a263b91db89b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,400italic,700italic,900italic&subset=latin,latin-ext
200 OK 11 kB URL HTTP/2 fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,400italic,700italic,900italic&subset=latin,latin-ext
IP
Hash 9bfb594b51151898e5566042d473d23e
82a5126e344eefa9fee18c33c48e4fed1e698713
3e4e89ac823e1972d0599e3fa42d3f281d5037e79222d03f22747edf35b47e30
GET /css?family=Source+Sans+Pro:400,700,400italic,700italic,900italic&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.buttygirls.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Dec 2022 07:50:25 GMT
date: Sat, 24 Dec 2022 07:50:25 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a3141db-c19d-4305-bc5b-a3a8f7e9bdd7.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a3141db-c19d-4305-bc5b-a3a8f7e9bdd7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 207ccd76f1cb9ad0bde74cc9441c518b
bcacbdc5dc63a1f016714de2a83c9c78e7913ac7
8a7934b7f0d20934e910f5ae50f76d23dc1c1e2ef298fa10884a2e3ddeea54aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a3141db-c19d-4305-bc5b-a3a8f7e9bdd7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9401
x-amzn-requestid: 6c3b78d2-034c-4579-b0f1-a3beaf911d76
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnqjFAeoAMFskg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61fdc-023251092fc027c120416809;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:38:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: f6REEIwmL3eWV9SGfFIuQu8VpV2ylFASGZXCmFNJWAhKJMGMuAGdKw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 22:33:04 GMT
etag: "bcacbdc5dc63a1f016714de2a83c9c78e7913ac7"
content-type: image/jpeg
age: 33444
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e2b934b-5ce2-4527-9045-0c21a0cb3c1e.jpeg
200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e2b934b-5ce2-4527-9045-0c21a0cb3c1e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 885ea70b7f230ba182421dff4eb89290
8879e5e0de5f1c6f335b0203df702f47228c419c
2afc037337633f7719987895560054abfca5131edaa46efbd368b43b792231d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e2b934b-5ce2-4527-9045-0c21a0cb3c1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5486
x-amzn-requestid: bb87d523-5b92-421e-939b-c6aee5e1f508
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnb5GZzoAMFvUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f7f-1579233177ef1c2a5a9161f9;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 05V-4C6Ct736BnbNiuDQz4mB6SSTujnZcAowJAz2ZtYYiYylWxFvsw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:52:31 GMT
age: 35877
etag: "8879e5e0de5f1c6f335b0203df702f47228c419c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa38f10fa-e28a-4f22-9537-13ffbe227fba.jpeg
200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa38f10fa-e28a-4f22-9537-13ffbe227fba.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8baae04b740bed3179080c11cde8ff6f
b85c6dc73fbf5b4310c79db2b8e9f565b9f6565b
ec09fca4de28d27232ae104605ed60d62b7e71970f41cb259999c53a07406dde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa38f10fa-e28a-4f22-9537-13ffbe227fba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6899
x-amzn-requestid: 34fb1770-87f1-4b1a-ab5a-078649d4b0f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnbDEwBoAMF5fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f79-6db6657c76b5c2de36399317;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:36:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: M_bS5-sR65aF2-yQi0XCGaEkSbUxT9QIu1x5VpbfoOnyUZLp6V37BA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:53:04 GMT
age: 35844
etag: "b85c6dc73fbf5b4310c79db2b8e9f565b9f6565b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38cc82b5e5d8c2fee6f51021e156ec81
eafb4e029313caabcdbdc1002abcab95f66e91b1
b8cad011e1a98ee4e896f00263495aab7f9cab986736a7a5b4187b8e94c46493
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11939
x-amzn-requestid: a00e5ab5-ad16-4576-b046-381e36456998
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dkUhqE94oAMFu5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a4ce0a-28687ad51eea1f6f3ce8cc86;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 21:37:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uIDvI3BVK0v68x1jkgw9GB0U1i3l2kyW81q2Kiy3ZDREqQmyUTXCnQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:38:32 GMT
age: 36716
etag: "eafb4e029313caabcdbdc1002abcab95f66e91b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
104.21.86.190
35.241.9.150
104.21.86.190
167.114.67.56
23.36.76.226