Overview

URL www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
IP104.21.4.217
ASNCLOUDFLARENET
Location
Report completed2022-09-26 04:00:46 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed
2022-09-26 2 corehair.ru.com Sinkholed


Files

No files detected



Passive DNS (18)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS www.corehair.ru.com (35) 0 2022-09-14 05:53:12 UTC 2022-09-26 01:50:05 UTC 104.21.4.217 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-25 19:02:29 UTC 143.204.55.35
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-25 04:50:18 UTC 142.250.74.72
mnemonic passive DNS use.typekit.net (3) 494 2012-07-05 01:42:39 UTC 2022-09-25 04:52:09 UTC 23.36.76.122
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-25 19:39:53 UTC 93.184.220.29
mnemonic passive DNS www.schoolofsquirt.com (3) 0 2015-04-13 03:46:23 UTC 2022-09-21 16:17:23 UTC 74.121.205.60 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-25 05:07:25 UTC 35.82.48.240
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-25 04:26:31 UTC 34.120.237.76
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-25 05:42:52 UTC 143.204.55.110
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-25 04:51:16 UTC 34.117.237.239
mnemonic passive DNS www.google-analytics.com (3) 40 2012-10-03 01:04:21 UTC 2022-09-26 01:46:51 UTC 142.250.74.174
mnemonic passive DNS pixel.wp.com (1) 2545 2017-01-30 05:31:40 UTC 2022-09-25 06:18:35 UTC 192.0.76.3
mnemonic passive DNS www.google.com (1) 7 2016-08-04 12:36:31 UTC 2022-09-26 02:29:37 UTC 142.250.74.164
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-25 05:02:41 UTC 23.36.76.226
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2013-06-02 22:47:44 UTC 2022-09-25 04:50:19 UTC 64.233.162.154
mnemonic passive DNS www.google.no (1) 25607 2016-04-05 19:50:59 UTC 2022-09-25 07:10:10 UTC 142.250.74.3
mnemonic passive DNS ocsp.pki.goog (8) 175 2017-06-14 07:23:31 UTC 2022-09-25 04:54:16 UTC 142.250.74.3
mnemonic passive DNS p.typekit.net (1) 620 2012-05-23 14:28:57 UTC 2022-09-25 04:52:10 UTC 23.36.76.96


Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 104.21.4.217

Date UQ / IDS / BL URL IP
2022-09-26 04:00:46 +0000
0 - 0 - 35 www.corehair.ru.com/clicks/wts_ss2.php?sid=99 (...) 104.21.4.217

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-04 15:29:25 +0000
0 - 0 - 17 midus-travel.com/ 104.21.1.187
2022-12-04 15:29:10 +0000
0 - 0 - 4 europush.guru/sw/i13/ro_po/index.html 172.67.182.76
2022-12-04 15:29:02 +0000
0 - 0 - 4 wildfungames.com/land/rou?campaign=ThIi&web=1 (...) 172.67.70.29
2022-12-04 15:28:51 +0000
0 - 0 - 4 primeonlinesites.com/ 104.26.11.157
2022-12-04 15:28:28 +0000
0 - 0 - 1 ounceporcelain.cn/ 172.67.198.35

Last 4 reports on domain: corehair.ru.com

Date UQ / IDS / BL URL IP
2022-10-07 17:57:00 +0000
0 - 0 - 3 www.corehair.ru.com/clicks/chapter3/africaned (...) 172.67.132.133
2022-09-26 04:00:46 +0000
0 - 0 - 35 www.corehair.ru.com/clicks/wts_ss2.php?sid=99 (...) 104.21.4.217
2022-09-15 20:28:03 +0000
0 - 0 - 1 www.corehair.ru.com/jfmdowlsalp/pscr875210xfq (...) 172.67.132.133
2022-09-15 02:40:46 +0000
0 - 0 - 1 www.corehair.ru.com/zogpk/1w6cvngcwgtgjthb98c (...) 172.67.132.133

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-11 15:32:20 +0000
0 - 0 - 35 www.testjust.ru.com/clicks/wts_ss2.php?sid=99 (...) 172.67.139.114
2022-10-11 14:44:09 +0000
0 - 0 - 32 www.jamrush.sa.com/clicks/wts_ss2.php?sid=995 (...) 172.67.206.66
2022-10-11 14:40:12 +0000
0 - 0 - 31 www.upsigh.sa.com/clicks/wts_ss2.php?sid=9957 (...) 104.21.37.230
2022-10-10 05:39:36 +0000
0 - 0 - 36 www.jamrush.sa.com/clicks/wts_ss2.php?sid=995 (...) 104.21.58.188
2022-10-09 19:46:15 +0000
0 - 0 - 28 www.nopot.sa.com/clicks/wts_ss2.php?sid=99292 (...) 172.67.148.223


JavaScript

Executed Scripts (28)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (76)


Request Response
                                        
                                            GET /clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 26 Sep 2022 04:00:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tp%2BIdHIXMXFZP3FAXdgedodwyrO9XHeEe8uV1lRMhvm4GGvDEI8QqYCB8SQd6alX4V1kVWGzAZlk4yE8W2AzNGdbUXe8v%2BLR2zpwo%2FrEaPaCzulbaDAimXZA8gPo8SBrPZGx%2F%2FvB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 750917ecb9420b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (14202), with CRLF line terminators
Size:   13870
Md5:    1dbfded6919180a0f94d6f61546aa860
Sha1:   8a1a996bcc6d72215dbc4bbd7d4b6aa46319c913
Sha256: 65cc26aa487092392465dd3883f0836ebe11d34966d043b64c96733057a1edc8

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 03:15:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CKTlG7T92hGoArqf2PQkQI7N0bKN9wkcmtItJbuw9ZTeh6Twn5fWCw==
Age: 2717


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8612
Expires: Mon, 26 Sep 2022 06:24:07 GMT
Date: Mon, 26 Sep 2022 04:00:35 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LsxMPOIlcJPTz9TB75s0-snmC2Aa9QkpThdTntgFDatmw8FkUXzOBQ==
age: 84321
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 26 Sep 2022 04:00:35 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /clicks/SquirtingSchool2_files/screen.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-484"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELs79G3OXIAK1xNwMjjgAylzvaPudovT1oEw1Najs9V%2FapuR8Ysxs7%2FKY0Qq0j2F67UHyqKpehtnwFv%2BiPBv9Ji4MRmZAcqMDiGTTUBlgH0WGhYdGiuQGyrE9LasrkgmEJblMOPo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef5c32b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1156), with no line terminators
Size:   451
Md5:    9cbb12ded165859b75441a829fb683af
Sha1:   1e85f7bd7f0fa9dbc53157bbead5eb703c502db8
Sha256: 3dba212407392e05ef866072e63f519c9ef7365ea376cb5a8824e77726a6759b

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/wp-emoji-release.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-3795"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iVgdzg4MlztX7LbdpkEV5rwUmiehGxpMXOipt9WSXs%2FHTZMLGFSSy1xDPoTqhifAO08p2RriYA4JufUz6%2F3FaprCjh9JSMAhM593E6hyh%2Br2f9niCbz7vxJ6DkHAkH8TvtkmE2nn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef5ae9b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (11272)
Size:   4657
Md5:    71b6d75cd4e93368516cec04a93790f8
Sha1:   d274862e4ee8bea24bf1d6d6f8f1e231abd778c2
Sha256: 7f1d272195370f3d6541779815b23d961b1cb9474d3bf57786f9844840083596

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/analytics.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-c001"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9cpBbGjvAHn7peSdJzlFV0kEMAFjXm8Xq0959eV4atXwlApqvsedlvM2iJN6caow8xd3JqZYwax5tWd7KPGpnwmuM1IjIGxKPH5U1DJQcux%2FNZi%2Febv3xoDdoGidKEDSVKJATcb5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef485cb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19637
Md5:    e05cd91b4da4b637a86022978482730a
Sha1:   2e496d2c1af77dab8b487a211516c4c774429abc
Sha256: 4372a296d6c3ad1e561a80e226b58d429199f0b174b4df22771c888a03bc87d1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/style.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-e33b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aVsHEdpEj0TrSqid6olYV5rCbi9yhQKAoQG6gAhDSWc57Y8EkN7gZn6KAIEdAvSjdDBcTI3qXlKdJo5Vi8hlnnCUu9L4mUB7t%2FZC%2BoUKPhL5MKAv17A%2F865ln%2FNUO%2FO1BqxuB2FZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef5c31b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (29677)
Size:   8609
Md5:    9fb5134f2a659735f48ff96b78196847
Sha1:   9c39894b8e981273e4a45754f8f3ad93e8955522
Sha256: 28d1eb4db568bac23b22b4f660dce0bbf0adbf2de7114fffa8249b4e2f59acc1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/gtm.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-1745f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OTRkVNTBkiY4If2q5H%2Bm%2BpNXT%2FdL0QvEBROSQOsBP8gCmr5eePPS89GbblhxCqFzXKvgc2bDqZZEdEPFowttO8GFYp5U0y0GPHk2%2Fsr9v3M%2BN0wSmhtagYX5%2FzT984%2BQ3un8DxIq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef4a730b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1769)
Size:   35077
Md5:    0836fe24cc27b8bb4487f54b58f02862
Sha1:   0d15857b796c032367c80f9896619f90d93e72dc
Sha256: ddb1db449d1988abbfe8e4a0aa6aa347ce62f14deeb486469691e324547dd72a

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 04:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /clicks/SquirtingSchool2_files/unsemantic-grid.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-3107"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XAc7%2FF1MaTEXwaU%2F5q50YM2GouWiCb5JMJjlDAMaQ%2BuyP8VeKlC3T7DxF9wLGGz%2FQzp3gMKRFXkwixDgEoos1Mm1yAYOwsi%2B0P3R8yKsGjHLs1Rj%2BxFGTAEoBNHWwe3RZt9M47Vh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f03c96b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (12551), with no line terminators
Size:   2214
Md5:    32b7e5a2b0fe6a7e72680d51da96ea2a
Sha1:   ef8af7f6261e77158293a4f6d9a012c33695c541
Sha256: 214a39b0b08579b9821d5c676de0d9c646786e5ce2a82c66cdfa4ba538efeb8b

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /gtag/js?id=UA-22484186-3 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 26 Sep 2022 04:00:36 GMT
expires: Mon, 26 Sep 2022 04:00:36 GMT
cache-control: private, max-age=900
last-modified: Mon, 26 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42242
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1720)
Size:   42242
Md5:    b1fbade1ef4528338579cfb55c2e8c8c
Sha1:   affd9453c993818c643f6aa1e14c66df3b2ca869
Sha256: d23db9fd1ad4083fed52e4aa1996cdd3e816eef86384582f4560a8c5cc9660ce
                                        
                                            GET /clicks/SquirtingSchool2_files/mobile.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-ec5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h36UXl9CXXd3wftf7S2YeDo48q4UjNRE1Dn4rLrjG2J8kL6NGsQlgDT0XGNyjr0FyXhy4vUZ7FwQGTdYQo%2FdCM4l9Kd0IGIXhCjT75p34MKIxnXMh49bb1UQpSWmXtnRL8b98411"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f0793cb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (3781), with no line terminators
Size:   1126
Md5:    776786ab3f58f5c0eb2ca63a9628e73c
Sha1:   7d74cddc365ed8bcd306d054655dfb2e9c38602e
Sha256: d456ed7b3f59cfe6efa0aa068ad0e382e9436f95c6287f17998d223c10215ca4

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/thrive_flat.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-62908"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2F3IUNgYLMAarvsjDaxbwdNKj0vnCL9Jy0HabaPFlTusW%2Bugof30EuSCxtVnHlZuDqG5T7BvycXNjPQy5fysDBsGb8vQCQfJk3eRMSJucHT6aW6hLnitIL5UQA5S8pFRaD5sD%2Bw5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef5e82b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   46653
Md5:    f948543f23ff3cfcea2c31d02f7b5fbf
Sha1:   93504a5f7f442e737257e5a1f0bb116b67c7c1b0
Sha256: 5402356a150943826eb706c1277d4da5045ae47bcb772494a0996d00d2744838

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/font-icons.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-ade"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OujXXFBq541mCXLcyE74o6%2BghLg7k47JyBgqK5l1CxdC9N4waMKR13XeXbL%2F8TDMf5cvqUEdaASFrBg6xIm4STJ7gKQhUDEuGGJtnR8TODBbK6Ls7Edu29Cc8HxV%2F%2FoOa0WMnwmS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f09cd0b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (2782), with no line terminators
Size:   747
Md5:    bd44afb37826464e574701ae847b16c2
Sha1:   8a5a06edf34aeadf78e755379f7d6be8bff5e048
Sha256: 1e26ba685f20d10f19b5bf8a9e354a6d09786a1a12b9f45b0767f73ae52fd490

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /clicks/SquirtingSchool2_files/style_002.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-556a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2wDcqQyHoUmDFVqoFp9N3BLSGWWM71yIra8jR9TBr1hzXV2AbV%2FSs%2BpdU5i5fbueg77GZQn2tx0FDo4z8LXe1DN%2BBEtneJyTamFFGqzAIp3cqrjLVFP%2FmGz9tVo91rARjUt3KXWh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f05b7eb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (21866), with no line terminators
Size:   5099
Md5:    83f8bf595ce89616b8f84b08029c4bf4
Sha1:   b96af70e68a3bae9b4f40a6f1f72387e63e075fc
Sha256: 9cd4310731c9a1edb3d464f1758bf914b91211f293144015e32eb17509b2a016

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/style_003.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-6b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TDOCO44Hb2AkSoEG4LrSeLi9F715JC5yLHIf1%2BUmEBRCsrx6GYjn3jSLkOwpeDfTsqFKxSrjCErfH0yKNMwwbTwYGoZO4hso5Q2Zh3cYZVTllcBdu120dLCt%2B9u%2BEzr5jBV2jnch"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f0bb020b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text
Size:   110
Md5:    c0ce07835cc3940928c3e6bd8d501dee
Sha1:   9da1f52b500128d489a43a63b6c40bd3c731be88
Sha256: cc7cee1a2fe3834abcd828389484f777ddaeda38f477091c8b7479057de799e1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/sticky.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-74d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZM05TEoxgDpyuOwdRbEPppDWh1drEqPfrBttx%2FUm1UA9ZGNW6GG3yZMzUiNk58b65kEPn7jyOP%2BHDyJic9oXZmp0J904mdwRXxl%2FFuQhyq7tFCsiGlrkgz7fRWFYLg9zWEpAT%2FKi"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f0fd02b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1869), with no line terminators
Size:   482
Md5:    72c3bf996dd5aef0ecb40d656c74088a
Sha1:   1afb023c6cbbad030079e8f640b9132e10305e30
Sha256: c1ca5b2f6c5f9b6f65cbba9cf8fe7b63c36c2d79b9c47df6c9dd6ee974989241

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /j/collect?v=1&_v=j90&a=631485282&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corehair.ru.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D994355%26h%3Days9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o%2Fs6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=aEBAAEABEAAAAC~&jid=655960382&gjid=1368406968&cid=1198797786.1664164834&tid=UA-50355398-1&_gid=385159970.1664164834&_r=1&gtm=2wg5c1WQK7ZT&z=986507402 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://www.corehair.ru.com
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST /j/collect?v=1&_v=j90&a=631485282&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corehair.ru.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D994355%26h%3Days9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o%2Fs6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=aGDACUABFAAAAC~&jid=1096197724&gjid=1898205999&cid=1198797786.1664164834&tid=UA-22484186-3&_gid=385159970.1664164834&_r=1&gtm=2ou9l0&z=1078918317 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://www.corehair.ru.com
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    cc7a1e792bca8ccb1946b7a07f6dbc03
Sha1:   11a2757082428311f587b7664fa9840376137f80
Sha256: de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
                                        
                                            GET /clicks/SquirtingSchool2_files/menu-logo.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-678"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TF4aZOrGrhbzB5i946LwqLjRxYjImfyrDtLiJSlGR9ZWzj2bZGHfTH0XhYpwjx4ZweeMXKE0WJV8PqArg8u7OIRF%2FlzA0WQl8gA3B5suI0pnu4bYhIfF2pwO7ZxS9Qor1rHnOAv3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f159ccb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1656), with no line terminators
Size:   504
Md5:    20c4b619c52f48f55d451eebf6c7ad4e
Sha1:   4796ec4c04c717364aa60b8c0b249caa309ececf
Sha256: d56b5b82cda9c72fa1bb91012f2a50da264453411fe661580e4b7df2199d5b50

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/jquery-migrate.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-2bd8"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rH9n9l3z8%2BuAs%2BmpvLaG4krkhLhL2VP3Ktm8YdaMvp6rE8bCh1XVUJ079XASh4N5T%2FK8ZnkMZVtDDwU5k1DTW8NTVA8BSThmkjXr3AgccIKXvndURbH6fOr2b07hFzDji1RZcRdR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f17c4bb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   4165
Md5:    0d5bb2a36d1fc2e095235bc201eb5579
Sha1:   98f0154e2ed5322a9f65077f954868d6c800b337
Sha256: fe6382620c35c12aa4f3f96fe395e5813defe330c1d95fd3de1e94f8f5d1f0a5

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/edc2avj.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-cae"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgZnALlRLmrGd494E%2Bf2OsL4L9pCwrVeS4Kgz2gYssuEl%2B6tpjE4KVx3m5IXOhMuFPt1T87XQGS6JzSuG3%2BKUmnjWmtct55KSv%2BaOis%2BxTqKwHkOvu2Xqg9ErtFP5mh14P47vPfP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f17b570b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (516)
Size:   705
Md5:    74bf8e45d66b7014769ab20b05350661
Sha1:   ad1ef70c0dc132a6b3ff0f89be04d4bc4115b91a
Sha256: 752723aeb62873f2e7dd0a681e2d14b7ba1c3e1ff02c0058c87a7cd1da2c3c56

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /p.css?s=1&k=edc2avj&ht=tk&f=139.140.175.176&a=13090676&app=typekit&e=css HTTP/1.1 
Host: p.typekit.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.36.76.96
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
etag: "613bee4d-5"
last-modified: Fri, 10 Sep 2021 23:46:21 GMT
server: nginx
content-length: 5
unused62: 8096267
date: Mon, 26 Sep 2022 04:00:36 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   5
Md5:    83d24d4b43cc7eef2b61e66c95f3d158
Sha1:   f0cafc285ee23bb6c28c5166f305493c4331c84d
Sha256: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /clicks/SquirtingSchool2_files/sticky.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-2115"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ixYbQSHlMCbM72HyQ%2Fzc7F5Kp2Hs0g8A5AXGDZH%2Fu9aiF41GBmspEdZM8%2FtlVtDbVTIsz9f%2FsppCXQ%2FDdXs3Zi7d4eXOsgy4RGa%2B8zUIin87zPLP2%2BcxU92m%2FNZKbvTeFWXmU9if"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f1cd78b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (8469), with no line terminators
Size:   2819
Md5:    b5d19bcf0259c2672bb81ec36eaa4c77
Sha1:   7ffd39fc7bc7926fcbc704551df51815874f968e
Sha256: dd35600463b936d97c84767bf47133249495d6ad9adfa2fb9df30b7907e8e384

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/jquery.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-15d98"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KY9dH%2Fsi4XSQPritlNwKCiiqoB%2FSN9qDAh1PnNYOaj2xz3zA9U9DV%2Bcgvrb6wB0ueP%2FAT0WBmK6p%2F7TGQMtaQ54zwaDtAHtRvZxFFL0cV8MMTCZTSoXeMCBIWnwK6Slh%2FpbIHSLN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f16d44b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30908
Md5:    de51a7f2c2c244ceb7103216144f03dc
Sha1:   9545e4547e01b6fcabebdfa08c2d75089808fbee
Sha256: 10b58517301b7a47ed1354030c9b652a1d96259d24e1e1b4c4b1aa33b94682ee

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&gjid=1898205999&_gid=385159970.1664164834&_u=aGDACUABFAAAAC~&z=1710546446 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         64.233.162.154
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://www.corehair.ru.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    48c0473b7821185d937e685216e2168b
Sha1:   3743e47f8a429a5e87b86cb582d78940733d9d2e
Sha256: 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
                                        
                                            GET /clicks/SquirtingSchool2_files/front.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-17cb"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Y4B74ujr4bjAEwb1ReVnLI8mWMknFzpX1HguN0RpojlI2oJ2WIFZkPtX%2BnnAt9obCQmVEE39IsxCCPdPck3BZoM3MTJZ8Myt7t%2Bv0aumki0yHHT1VWgp4uQwD2yrjD1neG%2Bi8g1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f22a3cb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (6091), with no line terminators
Size:   2339
Md5:    4f4a997bc181498157d148ba9b649949
Sha1:   87ff26f8385fcf11c28fcc40c2e5619a8138f44d
Sha256: fe722eb1adc5eb6c3642f87ba188bfb0b899130719fd73381712d6d710d3ed4b

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/jetpack.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-12f9f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EeBROeCz7SdRMb%2BQhphU%2B7WX6yErzb6oKSoJkjqjz5KtaAGtXwDLbFlqgwHDNcECE74Gq4FCWF1EQHjgbSztgFlFSvxgEP%2FoWc97TBxKguv5TXrF14pKgAWkS70BBLlTLt1ASdq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f15f88b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (21094)
Size:   13743
Md5:    fa0206609d148e4d384589bd7a57cdfa
Sha1:   d9a87ad4fec075a6c03ead16f5ee5c72a85d1d5f
Sha256: c1d6b2d7e92a2d4499ddbb71d3810ae3acd7efe3500f45972e8f07c0da46f403

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/imagesloaded.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-15fd"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mHkLtOuOYtYjNgwseXwJVGQxoOO6Pd%2FKafQ0sNajhC2pI8FmejcxMPfoOzokg6oYhd%2FgZ194zAvFPqrejbLXl57XmKXYtTnMFc%2Bkj3cfdrJC3zYtT3CfZ2QdpVixLNFN0%2BAr%2FGLu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f24cdbb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (5477)
Size:   1831
Md5:    5bc847fcae1a1a6c4b7f79c00d2b7e29
Sha1:   b2237db0dd679c2c8e397e833f04df00d43165e7
Sha256: bfa7a74e5830c0c26da7ccc50b8e44b401ce1ee8604fceb62e6c1310c47ddb2a

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 03:04:17 GMT
Expires: Mon, 26 Sep 2022 03:22:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sh5HMDB8nkp4ulMMWJ1V51Xpl1luwU6Fh17asMosjTeVIj_V0lKJig==
Age: 3379


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /clicks/SquirtingSchool2_files/jquery_002.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-71b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pj%2BFAVtYZZkZTZQ7suUAdssqOS0JFYFVGLmEa4pl9JzLxuviHa5ocQ0p4fML3WmLcjQddRnoTDl8pnLrYaQVk5TNhlqKzteanrDZRFAcWMFZRXlaxtiLb%2FEJdsECGsabkk9U6ZAK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f2ade5b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1626)
Size:   715
Md5:    46cfee7a6b6ed76c0fd609b98415e886
Sha1:   27a59318b05327183e1b7807e2071626f4a08419
Sha256: 21245efcfeb0ee1d850f895f472eca45c5d471e10f03e8f10e826218be1c356a

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/masonry.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-5e4a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1g3ptvseTNpEwCLa445OIJlxAlwD%2BAf4eRfVL%2FAxoOBdL7dd1E4KInYtBVubVsAO%2BAbuAVqy9EAtY602trZbVDqT0d%2FFGDTRGRs%2FuqP5%2B%2B%2BOuzPNLPYWTVYNGyc2gustM4%2BMnIPw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f24bd00b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (23966)
Size:   7368
Md5:    6ce3f21f929ba0582a1aebcac0392fe6
Sha1:   b328e3a868d0e515fecd0b9c1fe273ba893d9cc0
Sha256: 7cd5ef9624b8a0425c875c005df78cb5626b23c4a9526b0668ec278cd17e4517

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/main.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-1c98"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LYkvIT%2FyS%2BWccHRuaqkPkjQmvr21vlI4ZrkxUaHdO1FYvBElqPI1nN1LN%2B25snwF%2BALH%2FUYHjwAicSuxSur2elX6KHC2j5Rjgp7PgBKLW2VGacYRQNEegjk6sKVgi8y78x9xCfIT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f2eab8b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (7320), with no line terminators
Size:   1752
Md5:    7675b9cdce538b3351d44c317fc8bcd8
Sha1:   98e14e7d933d89799603e78eb68175196b119b7c
Sha256: 23d60748f50065e6664f663e339999277f3fdad54a104e3581395a197bbf74b9

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         23.36.76.122
HTTP/2 200 OK
content-type: application/font-woff2
                                        
server: nginx
content-length: 33660
etag: "a0f35f91fdc2ca0a90c8288c08c20681c1aecfcf"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Mon, 26 Sep 2022 04:00:36 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), CFF, length 33660, version 1.0\012- data
Size:   33660
Md5:    e21953c87f09ca307fea4132455a059a
Sha1:   08b07c629dc5407c6f9dfa375279d53af4bf2727
Sha256: a2b997da567762896061490c3c08e506b2e5b936978560fc12251dd245140b32
                                        
                                            GET /clicks/SquirtingSchool2_files/wp-embed.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-592"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CYxYBfs8WrMLGGBhiF5NZy8e4eZW0RBogx44uDWbkf%2FVB59TDyGGkkeOjugQ%2Fh06Imk%2B11FiSRd3ioMfQk%2B20M68NdDQIJCpDnB7X%2FFMRaJPH3kwYfjr1rW0WxnzNr52a7l2Ty84"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f30d53b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1391)
Size:   769
Md5:    82e67f050afdb38c20ac6eb305f97c17
Sha1:   df1349df76d66a9cf64377cf335c67c337d85470
Sha256: 5f6c33116e2106cd0f2f28c16062f1d584e74b8539a14ed45e17957634d71b7e

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /af/6aec08/00000000000000003b9b0935/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3 HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         23.36.76.122
HTTP/2 200 OK
content-type: application/font-woff2
                                        
server: nginx
content-length: 34380
etag: "98ea2e3888e90196090ca6bc7ddc5345e1871a7a"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Mon, 26 Sep 2022 04:00:36 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), CFF, length 34380, version 1.0\012- data
Size:   34380
Md5:    96c6233bf95dee5352747935713f423f
Sha1:   81951f395017eb00aae5aaa6c89c5963a1cd06e7
Sha256: a0acc524b541f57df4024b039206425fbcc49c7b3cba369bc0b4a57cfc0e9629
                                        
                                            GET /clicks/SquirtingSchool2_files/frontend.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-728"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3BZ2qGWrtF944tu4cUXq3bse2dZqAQNLgDHm9Ckx2O7Nut66XI7kH%2F%2FrxiwwvimhZfhDPcWd53zT7Vvq%2FSYsCFBtqueDVmpnTwuHYYC62adXPdBHyD4SCbAZClKkNeYIfXbmCZiK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f308b0b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (1728)
Size:   906
Md5:    1eb2d85be572c4156f592d1598abbec7
Sha1:   6e28faaea39603f81049ff7668cf771cd1c591cb
Sha256: 0fdded1df72c99324bfb42c29ba15b752740e12a2960899506262c120bd3e7ba

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/e-202115.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-230c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sx75J5MHAS%2FJ4lAQr10Xr7%2BaWEU%2BCnn0EX0mJ0NE8ML9saLgfeN1Me2Csq8pUxSkKO5xXK8o73pwiO3n4bfwEu%2FRIeofjg09KwkeV442P%2FpR5XaL2IKmLVy2OjVzlJruzwqJG5oN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f36e4eb50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (2692)
Size:   2987
Md5:    59b791e299f9a3a35fc01011197f480c
Sha1:   76147580053e798533dbb2c9c4e2604893572ee6
Sha256: 1f126b8513afe8102ffb9299bdfff3673dd55601524b17bbc9d0b641b7fe6d77

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/frontend_002.js HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-115cb"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EpKIOCOaJnTI7RfmNzHOC3ciCqI1M23jUekz1VWY4YwWs1dWolsqtRFm9rhmRRrpG%2BPu1Mo4fInocpIBrKRDFX0Y9GctPhnnlYbF7ub6fRCGt49Ed2g0utv2ePTZ4H1UgXFBJeK2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f2cdf9b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65426)
Size:   20571
Md5:    dfdcfe6740fa68f6c6df8dbbc2638dd2
Sha1:   78a7b518f0ff63f68916104730cbe061937126df
Sha256: 11b2106c59812ee4971ed5c761a28f7e05a746cf4d3e49506896c39ca7353a0c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/sos-logo-tiny-1.png HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Length: 5807
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: "62e82401-16af"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FoWV%2Bt5wQv7EMlX80%2BfE2ljfG45rYmxBkVScPDya3saq9qNe2ZjTsOP7wHqqdsQ9sss8E8cs4mh9qlXrCeuznjo8RwbiBN%2FFxltA%2Fah4FR89ykSGBzJuW%2Ffx7wRKET2cFJeJELz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f39cb50b59-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 270 x 51, 8-bit/color RGBA, non-interlaced\012- data
Size:   5807
Md5:    913a8e7cdbb3f0ce0a4300407f002398
Sha1:   f7723bc907647cd05a92516f722fe4a24cd33b63
Sha256: 970d7e7b687bbb122c2418af225ecc6e6d3d39057fcd9f467757462d3064f90d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/1f609.svg HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-49f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rq7ehJcPYlow%2FJiqzZHSMNBco0cTX4QrV92s%2FZGwLir8CWwqJiy8Oczr%2BEjmH0f7Fbsy4joPnPQSoJCt%2FXEEXOb4HB2fOMpiwPMsV677g%2FMVSd7TSyrfgqmx9ZJCfM5c4ZD7cFcu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f3cb59b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1183), with no line terminators
Size:   642
Md5:    9da946d07a4a0ad9700e04d664961c8d
Sha1:   dfb1c2d95d5ea16a3bb6d385c5652822cb494944
Sha256: 7dd7886faa058fa153e825e57ccbe1095a134aa1fb5a46c3941865406f1f5be2

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2539
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 04:00:36 GMT
Last-Modified: Mon, 26 Sep 2022 03:18:17 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /g.gif?v=ext&j=1%3A9.6.1&blog=64496574&post=4228&tz=1&srv=www.schoolofsquirt.com&host=www.corehair.ru.com&ref=&fcp=1203&rand=0.9459621585752884 HTTP/1.1 
Host: pixel.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/

                                         
                                         192.0.76.3
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Length: 50
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5\012- data
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
                                        
                                            GET /clicks/SquirtingSchool2_files/g.gif HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Length: 50
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: "62e82401-32"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L1UVtgUAdbR77Sha4uDoX0yDMSxZCVVhBluvSIYrs4lHkg7TLiH7NGMwEuHul0TWFecImlPwImlm9cGXpI2oknFMwtedDsbkSMciKTGw2mMna2AoqQg77SEtrvIifbA1nZwQgS3V"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f3dda9b51b-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5\012- data
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 HTTP/1.1 
Host: use.typekit.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         23.36.76.122
HTTP/2 200 OK
content-type: application/font-woff2
                                        
server: nginx
content-length: 32688
etag: "852dacc5cd2685c187708b882b28635465e17bd0"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Mon, 26 Sep 2022 04:00:36 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 751 x 545, 8-bit/color RGBA, non-interlaced\012- data
Size:   336086
Md5:    a6ba1ef263c5585fa00644e28ddd917d
Sha1:   2bc5c2849d8df5e48f7023f367286f7cbf284acc
Sha256: 69d8acb1d591a05de8ee50e77ce8f6872cc5cdd120125d8aa386eb31ccf98ec8
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/

                                         
                                         142.250.74.174
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 19826
Date: Mon, 26 Sep 2022 02:20:52 GMT
Expires: Mon, 26 Sep 2022 04:20:52 GMT
Cache-Control: public, max-age=7200
Age: 5984
Last-Modified: Sun, 11 Sep 2022 13:50:09 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /clicks/SquirtingSchool2_files/blank.htm HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
Cookie: _gcl_au=1.1.665811313.1664164834; _ga=GA1.3.1198797786.1664164834; _gid=GA1.3.385159970.1664164834; _gat_UA-50355398-1=1; _gat_gtag_UA_22484186_3=1
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lnxvC5GL22NFVSnwGn6A1dvXo0C44ugqVd%2Fvdr4jVzvcFWjcvC1NSJkPtjaVzcu3jzCPtBMuVXN9CJtBA1mKxfIfr1sG6rzfiWasledmdCdHXlLYcLFHs%2FookeYrIqcFX5u%2F7%2FHa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 750917f47ee1b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1254), with CRLF line terminators
Size:   553
Md5:    fcc2aac26c8f2e24c08a07743d61bd7a
Sha1:   d165057b97b580849985a07de5203d1202e27e9e
Sha256: 0099e29fe77dd7debfef7707645956f1d458ba99c81799c08c52c78b5ceac42f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&_u=aGDACUABFAAAAC~&z=490847310 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&_u=aGDACUABFAAAAC~&z=490847310 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.3
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /clicks/SquirtingSchool2_files/blank_data/inject.css HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/SquirtingSchool2_files/blank.htm
Cookie: _gcl_au=1.1.665811313.1664164834; _ga=GA1.3.1198797786.1664164834; _gid=GA1.3.385159970.1664164834; _gat_UA-50355398-1=1; _gat_gtag_UA_22484186_3=1

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-f28"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7OoYwlpUux2tOYSmVY665dC1uNfVA%2BdKSF4hE7V2NuDwgkrNGo5oM%2FE304gQTWwXcL%2BqaOacjADlXi9pSbfuNeB1I%2FrJgg%2Bq1AcMVoFEwaNMQ9oIKiFFASGgyiBZgghfws4E1vp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f56f78b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   928
Md5:    e1c22e631b7cce42e3ef13cd9bb02ff5
Sha1:   6c6c2b15c56e776d9eac10babf3a6c4a2bd964ae
Sha256: 93950a736308fe62073a44a76b8ec05b9a651062f6ecee4782059d0718aab6dc

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /clicks/SquirtingSchool2_files/wap-chrissy-small.jpg HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
Cookie: _gcl_au=1.1.665811313.1664164834; _ga=GA1.3.1198797786.1664164834; _gid=GA1.3.385159970.1664164834; _gat_UA-50355398-1=1; _gat_gtag_UA_22484186_3=1

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Length: 46067
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: "62e82401-b3f3"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gsJ6dlJ8k9%2FOlMCwe6R0yNf3w9mGNh2SU9VSmD2aNlbUazjeB2v5TIT5YJOlZcq9RsGZNRx%2B2Lv2mZqx52JXFDKhRkOd1ItWTrKR3dIwm6BTsui%2BFzg45dd1QjK4AKSyig%2B8UjgK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f52c43b518-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x525, components 3\012- data
Size:   46067
Md5:    dcb5160c3e0035ab522e4dfcf57eed80
Sha1:   f0f43bcf335a2c157f8b4a3b70ed04f51de7d8ab
Sha256: 13065c081312f094ed752e74f9f9fb71244f4975efdf707f57dddb7b17fa819f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /clicks/SquirtingSchool2_files/wap-megan-small.jpg HTTP/1.1 
Host: www.corehair.ru.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
Cookie: _gcl_au=1.1.665811313.1664164834; _ga=GA1.3.1198797786.1664164834; _gid=GA1.3.385159970.1664164834; _gat_UA-50355398-1=1; _gat_gtag_UA_22484186_3=1

                                         
                                         104.21.4.217
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Length: 42485
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: "62e82401-a5f5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSIq9RSk1sSkEDtHtK009SXL0JN3%2FiWQ34Ae23SEa5yH72WQrqrPq3Mhnn3Ef1s4L1lMGzyUs09dUtDs8g8fzIyxrPrzvQ3MOqDhJup0kRu8zipXLuMp38GAjaaDGmXeuaHElda1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f52a1db511-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x525, components 3\012- data
Size:   42485
Md5:    10a269b27f69da15e769372192690830
Sha1:   4b31832b672026725b5fbb2e1b54e9bb172e9cc0
Sha256: b6abed458bcfd5c4bab5cea2f84ad8fdad9a4488ca5b949f34020f7077053bb0

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2016/08/cropped-tablet-logo-220x220.png HTTP/1.1 
Host: www.schoolofsquirt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         74.121.205.60
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 26 Sep 2022 04:00:36 GMT
content-length: 31334
last-modified: Sun, 20 May 2018 16:30:52 GMT
vary: Accept-Encoding
etag: "5b01a2bc-7a66"
server: nginx centminmod
x-powered-by: centminmod
x-hosted-by: BigScoots
cache-control: public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 220 x 220, 8-bit/color RGBA, non-interlaced\012- data
Size:   31334
Md5:    0f493980b2a11680f438ce45634fb8f4
Sha1:   cfc51ded8ed9c4e7a5889090826c0f7281230918
Sha256: 4b2ed7f914385667420f472a97b65e6e101c3a952f07b2c6224019784b2d4e70
                                        
                                            GET /wp-content/uploads/2016/08/cropped-tablet-logo-80x80.png HTTP/1.1 
Host: www.schoolofsquirt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         74.121.205.60
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 26 Sep 2022 04:00:36 GMT
content-length: 7307
last-modified: Sun, 20 May 2018 16:30:52 GMT
vary: Accept-Encoding
etag: "5b01a2bc-1c8b"
server: nginx centminmod
x-powered-by: centminmod
x-hosted-by: BigScoots
cache-control: public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size:   7307
Md5:    3f6f4d3000c82b5b5dbdd203c5c785f6
Sha1:   c79a0ce49734d3700b30eddacce322fbcda5960d
Sha256: 1b123d2a958e40670495ab3f9133df0d13c825a5728ccb69c272886578fc960f
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pR9FSWEYD4B7AwB2+/e64g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.82.48.240
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tB9jhSqr68FbELtmjtQEvMhQktk=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6443
x-amzn-requestid: b6f3be01-6086-4fc1-8bec-c4caa1fe806c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSKMG04IAMFRxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330ca41-5452d1805d3f4d71303142c9;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tx-lL61dT3iakJd8VZw31hzMklubUDBQxE6LBhxsJUqyMM0bqCk73g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:07:18 GMT
age: 21200
etag: "36310320605833289e78cd248c45915363a0a0c3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6443
Md5:    3a75be68e82e6a0ba74932fbe74c7b30
Sha1:   36310320605833289e78cd248c45915363a0a0c3
Sha256: 56d709b77802037254b7922e3f85d1b1652b70dfc4b6c65b03e4149d3b1f22ca
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bd5ecd8-fafe-452d-ae17-9df7d4cb5682.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8931
x-amzn-requestid: 9255ee80-ae19-4b47-882b-01e663e857ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG-EmZoAMFyWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-70cc0bc87ed2480879ba081a;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dKd7twQASH_A1tvi8WwaArQfizf3FoLq-gIMvmcz0RAAPXLdhpK5Bw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:19:32 GMT
age: 20466
etag: "6ff5d7ce0608a8c1b1f4c731a94295e7a56dfe50"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8931
Md5:    720fc80bd0ff9b71f20c8e0c13e1084e
Sha1:   6ff5d7ce0608a8c1b1f4c731a94295e7a56dfe50
Sha256: e84bcabd01425354050fe8ba5f4b29a97f05e6f5f15d26d0706c174136de30e6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11728
x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUCGGw7oAMF3wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZRG0Axnhc5RY5rDbnnbauco9dpPeFdkP01UxkpNYI5pgSbfGKWcikw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:16:26 GMT
age: 20652
etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11728
Md5:    968b9c138702fb5994d1d9eab1a697fa
Sha1:   9660bb2d38079182efbd11d7a687bfc7f9d30751
Sha256: 5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10318
x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSlhFNAIAMFmBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:57:14 GMT
age: 21804
etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10318
Md5:    a90590f26bae9ad9e95ffdfbfb7dd21d
Sha1:   cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3
Sha256: 33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:37:19 GMT
age: 22999
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size:   12826
Md5:    b3a72e81317074689a71dac7059e4b6a
Sha1:   b6d56333d7f1ea7ddc8838d84de498ff913c5464
Sha256: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 21022
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5157
Md5:    2fe8c4f0c70fb6c1f4259eabedc7015e
Sha1:   85e378d0fff856832a8dd01743516b9476fed8c6
Sha256: 508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=5.7 HTTP/1.1 
Host: www.schoolofsquirt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.121.205.60
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 26 Sep 2022 04:00:36 GMT
last-modified: Wed, 25 May 2022 12:55:05 GMT
vary: Accept-Encoding
etag: W/"628e2729-48b9"
server: nginx centminmod
x-powered-by: centminmod
x-hosted-by: BigScoots
cache-control: public, must-revalidate, proxy-revalidate, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=604800
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---