www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
200 OK
13870
URL
HTTP/1.1
www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
IP
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (14202), with CRLF line terminators
Hash
1dbfded6919180a0f94d6f61546aa860
8a1a996bcc6d72215dbc4bbd7d4b6aa46319c913
65cc26aa487092392465dd3883f0836ebe11d34966d043b64c96733057a1edc8
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tp%2BIdHIXMXFZP3FAXdgedodwyrO9XHeEe8uV1lRMhvm4GGvDEI8QqYCB8SQd6alX4V1kVWGzAZlk4yE8W2AzNGdbUXe8v%2BLR2zpwo%2FrEaPaCzulbaDAimXZA8gPo8SBrPZGx%2F%2FvB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 750917ecb9420b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
200 OK
939
URL
HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
Magic
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 03:15:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CKTlG7T92hGoArqf2PQkQI7N0bKN9wkcmtItJbuw9ZTeh6Twn5fWCw==
Age: 2717
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8612
Expires: Mon, 26 Sep 2022 06:24:07 GMT
Date: Mon, 26 Sep 2022 04:00:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK
5348
URL
HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
Magic
PEM certificate\012- , ASCII text
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LsxMPOIlcJPTz9TB75s0-snmC2Aa9QkpThdTntgFDatmw8FkUXzOBQ==
age: 84321
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK
12
URL
HTTP/2
contile.services.mozilla.com/v1/tiles
IP
Magic
JSON data\012- , ASCII text, with no line terminators
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 04:00:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.corehair.ru.com/clicks/SquirtingSchool2_files/screen.css
200 OK
451
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/screen.css
IP
Magic
ASCII text, with very long lines (1156), with no line terminators
Hash
9cbb12ded165859b75441a829fb683af
1e85f7bd7f0fa9dbc53157bbead5eb703c502db8
3dba212407392e05ef866072e63f519c9ef7365ea376cb5a8824e77726a6759b
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/screen.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:35 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-484"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELs79G3OXIAK1xNwMjjgAylzvaPudovT1oEw1Najs9V%2FapuR8Ysxs7%2FKY0Qq0j2F67UHyqKpehtnwFv%2BiPBv9Ji4MRmZAcqMDiGTTUBlgH0WGhYdGiuQGyrE9LasrkgmEJblMOPo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef5c32b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/wp-emoji-release.js
200 OK
4657
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/wp-emoji-release.js
IP
Magic
ASCII text, with very long lines (11272)
Hash
71b6d75cd4e93368516cec04a93790f8
d274862e4ee8bea24bf1d6d6f8f1e231abd778c2
7f1d272195370f3d6541779815b23d961b1cb9474d3bf57786f9844840083596
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/wp-emoji-release.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-3795"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iVgdzg4MlztX7LbdpkEV5rwUmiehGxpMXOipt9WSXs%2FHTZMLGFSSy1xDPoTqhifAO08p2RriYA4JufUz6%2F3FaprCjh9JSMAhM593E6hyh%2Br2f9niCbz7vxJ6DkHAkH8TvtkmE2nn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef5ae9b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/analytics.js
200 OK
19637
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/analytics.js
IP
Magic
ASCII text, with very long lines (1325)
Hash
e05cd91b4da4b637a86022978482730a
2e496d2c1af77dab8b487a211516c4c774429abc
4372a296d6c3ad1e561a80e226b58d429199f0b174b4df22771c888a03bc87d1
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/analytics.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-c001"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9cpBbGjvAHn7peSdJzlFV0kEMAFjXm8Xq0959eV4atXwlApqvsedlvM2iJN6caow8xd3JqZYwax5tWd7KPGpnwmuM1IjIGxKPH5U1DJQcux%2FNZi%2Febv3xoDdoGidKEDSVKJATcb5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef485cb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/style.css
200 OK
8609
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/style.css
IP
Magic
Unicode text, UTF-8 text, with very long lines (29677)
Hash
9fb5134f2a659735f48ff96b78196847
9c39894b8e981273e4a45754f8f3ad93e8955522
28d1eb4db568bac23b22b4f660dce0bbf0adbf2de7114fffa8249b4e2f59acc1
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/style.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:35 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-e33b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aVsHEdpEj0TrSqid6olYV5rCbi9yhQKAoQG6gAhDSWc57Y8EkN7gZn6KAIEdAvSjdDBcTI3qXlKdJo5Vi8hlnnCUu9L4mUB7t%2FZC%2BoUKPhL5MKAv17A%2F865ln%2FNUO%2FO1BqxuB2FZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef5c31b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/gtm.js
200 OK
35077
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/gtm.js
IP
Magic
ASCII text, with very long lines (1769)
Hash
0836fe24cc27b8bb4487f54b58f02862
0d15857b796c032367c80f9896619f90d93e72dc
ddb1db449d1988abbfe8e4a0aa6aa347ce62f14deeb486469691e324547dd72a
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/gtm.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-1745f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OTRkVNTBkiY4If2q5H%2Bm%2BpNXT%2FdL0QvEBROSQOsBP8gCmr5eePPS89GbblhxCqFzXKvgc2bDqZZEdEPFowttO8GFYp5U0y0GPHk2%2Fsr9v3M%2BN0wSmhtagYX5%2FzT984%2BQ3un8DxIq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef4a730b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK
471
IP
Hash
1db3e1d6bf7a5e2d0c87eab75a6e52fe
b923a169beb9248ea6a5070a04b57bc0aa44799b
f35aafc9c21937ac03d9b711aa18ef518aaaec6d0f9dbcecb42f757a0e70915c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 04:00:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.corehair.ru.com/clicks/SquirtingSchool2_files/unsemantic-grid.css
200 OK
2214
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/unsemantic-grid.css
IP
Magic
ASCII text, with very long lines (12551), with no line terminators
Hash
32b7e5a2b0fe6a7e72680d51da96ea2a
ef8af7f6261e77158293a4f6d9a012c33695c541
214a39b0b08579b9821d5c676de0d9c646786e5ce2a82c66cdfa4ba538efeb8b
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/unsemantic-grid.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:35 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-3107"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XAc7%2FF1MaTEXwaU%2F5q50YM2GouWiCb5JMJjlDAMaQ%2BuyP8VeKlC3T7DxF9wLGGz%2FQzp3gMKRFXkwixDgEoos1Mm1yAYOwsi%2B0P3R8yKsGjHLs1Rj%2BxFGTAEoBNHWwe3RZt9M47Vh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f03c96b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.googletagmanager.com/gtag/js?id=UA-22484186-3
200 OK
42242
URL
HTTP/2
www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP
Magic
ASCII text, with very long lines (1720)
Hash
b1fbade1ef4528338579cfb55c2e8c8c
affd9453c993818c643f6aa1e14c66df3b2ca869
d23db9fd1ad4083fed52e4aa1996cdd3e816eef86384582f4560a8c5cc9660ce
GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 26 Sep 2022 04:00:36 GMT
expires: Mon, 26 Sep 2022 04:00:36 GMT
cache-control: private, max-age=900
last-modified: Mon, 26 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42242
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.corehair.ru.com/clicks/SquirtingSchool2_files/mobile.css
200 OK
1126
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/mobile.css
IP
Magic
ASCII text, with very long lines (3781), with no line terminators
Hash
776786ab3f58f5c0eb2ca63a9628e73c
7d74cddc365ed8bcd306d054655dfb2e9c38602e
d456ed7b3f59cfe6efa0aa068ad0e382e9436f95c6287f17998d223c10215ca4
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/mobile.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-ec5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h36UXl9CXXd3wftf7S2YeDo48q4UjNRE1Dn4rLrjG2J8kL6NGsQlgDT0XGNyjr0FyXhy4vUZ7FwQGTdYQo%2FdCM4l9Kd0IGIXhCjT75p34MKIxnXMh49bb1UQpSWmXtnRL8b98411"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f0793cb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/thrive_flat.css
200 OK
46653
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/thrive_flat.css
IP
Magic
ASCII text, with very long lines (65536), with no line terminators
Hash
f948543f23ff3cfcea2c31d02f7b5fbf
93504a5f7f442e737257e5a1f0bb116b67c7c1b0
5402356a150943826eb706c1277d4da5045ae47bcb772494a0996d00d2744838
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/thrive_flat.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-62908"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2F3IUNgYLMAarvsjDaxbwdNKj0vnCL9Jy0HabaPFlTusW%2Bugof30EuSCxtVnHlZuDqG5T7BvycXNjPQy5fysDBsGb8vQCQfJk3eRMSJucHT6aW6hLnitIL5UQA5S8pFRaD5sD%2Bw5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917ef5e82b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/font-icons.css
200 OK
747
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/font-icons.css
IP
Magic
ASCII text, with very long lines (2782), with no line terminators
Hash
bd44afb37826464e574701ae847b16c2
8a5a06edf34aeadf78e755379f7d6be8bff5e048
1e26ba685f20d10f19b5bf8a9e354a6d09786a1a12b9f45b0767f73ae52fd490
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/font-icons.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-ade"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OujXXFBq541mCXLcyE74o6%2BghLg7k47JyBgqK5l1CxdC9N4waMKR13XeXbL%2F8TDMf5cvqUEdaASFrBg6xIm4STJ7gKQhUDEuGGJtnR8TODBbK6Ls7Edu29Cc8HxV%2F%2FoOa0WMnwmS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f09cd0b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK
471
IP
Hash
1db3e1d6bf7a5e2d0c87eab75a6e52fe
b923a169beb9248ea6a5070a04b57bc0aa44799b
f35aafc9c21937ac03d9b711aa18ef518aaaec6d0f9dbcecb42f757a0e70915c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.corehair.ru.com/clicks/SquirtingSchool2_files/style_002.css
200 OK
5099
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/style_002.css
IP
Magic
ASCII text, with very long lines (21866), with no line terminators
Hash
83f8bf595ce89616b8f84b08029c4bf4
b96af70e68a3bae9b4f40a6f1f72387e63e075fc
9cd4310731c9a1edb3d464f1758bf914b91211f293144015e32eb17509b2a016
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/style_002.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-556a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2wDcqQyHoUmDFVqoFp9N3BLSGWWM71yIra8jR9TBr1hzXV2AbV%2FSs%2BpdU5i5fbueg77GZQn2tx0FDo4z8LXe1DN%2BBEtneJyTamFFGqzAIp3cqrjLVFP%2FmGz9tVo91rARjUt3KXWh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f05b7eb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/style_003.css
200 OK
110
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/style_003.css
IP
Hash
c0ce07835cc3940928c3e6bd8d501dee
9da1f52b500128d489a43a63b6c40bd3c731be88
cc7cee1a2fe3834abcd828389484f777ddaeda38f477091c8b7479057de799e1
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/style_003.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-6b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TDOCO44Hb2AkSoEG4LrSeLi9F715JC5yLHIf1%2BUmEBRCsrx6GYjn3jSLkOwpeDfTsqFKxSrjCErfH0yKNMwwbTwYGoZO4hso5Q2Zh3cYZVTllcBdu120dLCt%2B9u%2BEzr5jBV2jnch"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f0bb020b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/sticky.css
200 OK
482
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/sticky.css
IP
Magic
ASCII text, with very long lines (1869), with no line terminators
Hash
72c3bf996dd5aef0ecb40d656c74088a
1afb023c6cbbad030079e8f640b9132e10305e30
c1ca5b2f6c5f9b6f65cbba9cf8fe7b63c36c2d79b9c47df6c9dd6ee974989241
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/sticky.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-74d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZM05TEoxgDpyuOwdRbEPppDWh1drEqPfrBttx%2FUm1UA9ZGNW6GG3yZMzUiNk58b65kEPn7jyOP%2BHDyJic9oXZmp0J904mdwRXxl%2FFuQhyq7tFCsiGlrkgz7fRWFYLg9zWEpAT%2FKi"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f0fd02b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.google-analytics.com/j/collect?v=1&_v=j90&a=631485282&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corehair.ru.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D994355%26h%3Days9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o%2Fs6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=aEBAAEABEAAAAC~&jid=655960382&gjid=1368406968&cid=1198797786.1664164834&tid=UA-50355398-1&_gid=385159970.1664164834&_r=1>m=2wg5c1WQK7ZT&z=986507402
200 OK
1
URL
HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j90&a=631485282&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corehair.ru.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D994355%26h%3Days9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o%2Fs6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=aEBAAEABEAAAAC~&jid=655960382&gjid=1368406968&cid=1198797786.1664164834&tid=UA-50355398-1&_gid=385159970.1664164834&_r=1>m=2wg5c1WQK7ZT&z=986507402
IP
Magic
very short file (no magic)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j90&a=631485282&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corehair.ru.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D994355%26h%3Days9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o%2Fs6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=aEBAAEABEAAAAC~&jid=655960382&gjid=1368406968&cid=1198797786.1664164834&tid=UA-50355398-1&_gid=385159970.1664164834&_r=1>m=2wg5c1WQK7ZT&z=986507402 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://www.corehair.ru.com
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j90&a=631485282&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corehair.ru.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D994355%26h%3Days9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o%2Fs6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=aGDACUABFAAAAC~&jid=1096197724&gjid=1898205999&cid=1198797786.1664164834&tid=UA-22484186-3&_gid=385159970.1664164834&_r=1>m=2ou9l0&z=1078918317
200 OK
2
URL
HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j90&a=631485282&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corehair.ru.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D994355%26h%3Days9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o%2Fs6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=aGDACUABFAAAAC~&jid=1096197724&gjid=1898205999&cid=1198797786.1664164834&tid=UA-22484186-3&_gid=385159970.1664164834&_r=1>m=2ou9l0&z=1078918317
IP
Magic
ASCII text, with no line terminators
Hash
cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j90&a=631485282&t=pageview&_s=1&dl=http%3A%2F%2Fwww.corehair.ru.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D994355%26h%3Days9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o%2Fs6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=aGDACUABFAAAAC~&jid=1096197724&gjid=1898205999&cid=1198797786.1664164834&tid=UA-22484186-3&_gid=385159970.1664164834&_r=1>m=2ou9l0&z=1078918317 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://www.corehair.ru.com
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.corehair.ru.com/clicks/SquirtingSchool2_files/menu-logo.css
200 OK
504
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/menu-logo.css
IP
Magic
ASCII text, with very long lines (1656), with no line terminators
Hash
20c4b619c52f48f55d451eebf6c7ad4e
4796ec4c04c717364aa60b8c0b249caa309ececf
d56b5b82cda9c72fa1bb91012f2a50da264453411fe661580e4b7df2199d5b50
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/menu-logo.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-678"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TF4aZOrGrhbzB5i946LwqLjRxYjImfyrDtLiJSlGR9ZWzj2bZGHfTH0XhYpwjx4ZweeMXKE0WJV8PqArg8u7OIRF%2FlzA0WQl8gA3B5suI0pnu4bYhIfF2pwO7ZxS9Qor1rHnOAv3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f159ccb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/jquery-migrate.js
200 OK
4165
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/jquery-migrate.js
IP
Magic
ASCII text, with very long lines (11126)
Hash
0d5bb2a36d1fc2e095235bc201eb5579
98f0154e2ed5322a9f65077f954868d6c800b337
fe6382620c35c12aa4f3f96fe395e5813defe330c1d95fd3de1e94f8f5d1f0a5
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/jquery-migrate.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-2bd8"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rH9n9l3z8%2BuAs%2BmpvLaG4krkhLhL2VP3Ktm8YdaMvp6rE8bCh1XVUJ079XASh4N5T%2FK8ZnkMZVtDDwU5k1DTW8NTVA8BSThmkjXr3AgccIKXvndURbH6fOr2b07hFzDji1RZcRdR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f17c4bb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/edc2avj.css
200 OK
705
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/edc2avj.css
IP
Magic
Unicode text, UTF-8 text, with very long lines (516)
Hash
74bf8e45d66b7014769ab20b05350661
ad1ef70c0dc132a6b3ff0f89be04d4bc4115b91a
752723aeb62873f2e7dd0a681e2d14b7ba1c3e1ff02c0058c87a7cd1da2c3c56
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/edc2avj.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-cae"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgZnALlRLmrGd494E%2Bf2OsL4L9pCwrVeS4Kgz2gYssuEl%2B6tpjE4KVx3m5IXOhMuFPt1T87XQGS6JzSuG3%2BKUmnjWmtct55KSv%2BaOis%2BxTqKwHkOvu2Xqg9ErtFP5mh14P47vPfP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f17b570b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
p.typekit.net/p.css?s=1&k=edc2avj&ht=tk&f=139.140.175.176&a=13090676&app=typekit&e=css
200 OK
5
URL
HTTP/2
p.typekit.net/p.css?s=1&k=edc2avj&ht=tk&f=139.140.175.176&a=13090676&app=typekit&e=css
IP
ASN
#20940 Akamai International B.V.
Hash
83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
GET /p.css?s=1&k=edc2avj&ht=tk&f=139.140.175.176&a=13090676&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css
cross-origin-resource-policy: cross-origin
etag: "613bee4d-5"
last-modified: Fri, 10 Sep 2021 23:46:21 GMT
server: nginx
content-length: 5
unused62: 8096267
date: Mon, 26 Sep 2022 04:00:36 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK
472
IP
Hash
1d095ec6a56142cb2084481b06881ef4
82ff236023008fbfb871aaa7c1e976e0cf15e91a
791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.corehair.ru.com/clicks/SquirtingSchool2_files/sticky.js
200 OK
2819
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/sticky.js
IP
Magic
ASCII text, with very long lines (8469), with no line terminators
Hash
b5d19bcf0259c2672bb81ec36eaa4c77
7ffd39fc7bc7926fcbc704551df51815874f968e
dd35600463b936d97c84767bf47133249495d6ad9adfa2fb9df30b7907e8e384
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/sticky.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-2115"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ixYbQSHlMCbM72HyQ%2Fzc7F5Kp2Hs0g8A5AXGDZH%2Fu9aiF41GBmspEdZM8%2FtlVtDbVTIsz9f%2FsppCXQ%2FDdXs3Zi7d4eXOsgy4RGa%2B8zUIin87zPLP2%2BcxU92m%2FNZKbvTeFWXmU9if"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f1cd78b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/jquery.js
200 OK
30908
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/jquery.js
IP
Magic
ASCII text, with very long lines (65451)
Hash
de51a7f2c2c244ceb7103216144f03dc
9545e4547e01b6fcabebdfa08c2d75089808fbee
10b58517301b7a47ed1354030c9b652a1d96259d24e1e1b4c4b1aa33b94682ee
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/jquery.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-15d98"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KY9dH%2Fsi4XSQPritlNwKCiiqoB%2FSN9qDAh1PnNYOaj2xz3zA9U9DV%2Bcgvrb6wB0ueP%2FAT0WBmK6p%2F7TGQMtaQ54zwaDtAHtRvZxFFL0cV8MMTCZTSoXeMCBIWnwK6Slh%2FpbIHSLN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f16d44b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&gjid=1898205999&_gid=385159970.1664164834&_u=aGDACUABFAAAAC~&z=1710546446
200 OK
4
URL
HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&gjid=1898205999&_gid=385159970.1664164834&_u=aGDACUABFAAAAC~&z=1710546446
IP
Magic
ASCII text, with no line terminators
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&gjid=1898205999&_gid=385159970.1664164834&_u=aGDACUABFAAAAC~&z=1710546446 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://www.corehair.ru.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.corehair.ru.com/clicks/SquirtingSchool2_files/front.js
200 OK
2339
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/front.js
IP
Magic
ASCII text, with very long lines (6091), with no line terminators
Hash
4f4a997bc181498157d148ba9b649949
87ff26f8385fcf11c28fcc40c2e5619a8138f44d
fe722eb1adc5eb6c3642f87ba188bfb0b899130719fd73381712d6d710d3ed4b
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/front.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-17cb"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Y4B74ujr4bjAEwb1ReVnLI8mWMknFzpX1HguN0RpojlI2oJ2WIFZkPtX%2BnnAt9obCQmVEE39IsxCCPdPck3BZoM3MTJZ8Myt7t%2Bv0aumki0yHHT1VWgp4uQwD2yrjD1neG%2Bi8g1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f22a3cb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/jetpack.css
200 OK
13743
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/jetpack.css
IP
Magic
ASCII text, with very long lines (21094)
Hash
fa0206609d148e4d384589bd7a57cdfa
d9a87ad4fec075a6c03ead16f5ee5c72a85d1d5f
c1d6b2d7e92a2d4499ddbb71d3810ae3acd7efe3500f45972e8f07c0da46f403
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/jetpack.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-12f9f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8EeBROeCz7SdRMb%2BQhphU%2B7WX6yErzb6oKSoJkjqjz5KtaAGtXwDLbFlqgwHDNcECE74Gq4FCWF1EQHjgbSztgFlFSvxgEP%2FoWc97TBxKguv5TXrF14pKgAWkS70BBLlTLt1ASdq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f15f88b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/imagesloaded.js
200 OK
1831
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/imagesloaded.js
IP
Magic
ASCII text, with very long lines (5477)
Hash
5bc847fcae1a1a6c4b7f79c00d2b7e29
b2237db0dd679c2c8e397e833f04df00d43165e7
bfa7a74e5830c0c26da7ccc50b8e44b401ce1ee8604fceb62e6c1310c47ddb2a
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/imagesloaded.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-15fd"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mHkLtOuOYtYjNgwseXwJVGQxoOO6Pd%2FKafQ0sNajhC2pI8FmejcxMPfoOzokg6oYhd%2FgZ194zAvFPqrejbLXl57XmKXYtTnMFc%2Bkj3cfdrJC3zYtT3CfZ2QdpVixLNFN0%2BAr%2FGLu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f24cdbb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK
329
URL
HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
Magic
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 03:04:17 GMT
Expires: Mon, 26 Sep 2022 03:22:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sh5HMDB8nkp4ulMMWJ1V51Xpl1luwU6Fh17asMosjTeVIj_V0lKJig==
Age: 3379
ocsp.pki.goog/gts1c3
200 OK
472
IP
Hash
1d095ec6a56142cb2084481b06881ef4
82ff236023008fbfb871aaa7c1e976e0cf15e91a
791ac45152415413d4af27f3dde61a021c9c57dcf7ca5b0e65300ebc3cd8815d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.corehair.ru.com/clicks/SquirtingSchool2_files/jquery_002.js
200 OK
715
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/jquery_002.js
IP
Magic
ASCII text, with very long lines (1626)
Hash
46cfee7a6b6ed76c0fd609b98415e886
27a59318b05327183e1b7807e2071626f4a08419
21245efcfeb0ee1d850f895f472eca45c5d471e10f03e8f10e826218be1c356a
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/jquery_002.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-71b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pj%2BFAVtYZZkZTZQ7suUAdssqOS0JFYFVGLmEa4pl9JzLxuviHa5ocQ0p4fML3WmLcjQddRnoTDl8pnLrYaQVk5TNhlqKzteanrDZRFAcWMFZRXlaxtiLb%2FEJdsECGsabkk9U6ZAK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f2ade5b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/masonry.js
200 OK
7368
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/masonry.js
IP
Magic
ASCII text, with very long lines (23966)
Hash
6ce3f21f929ba0582a1aebcac0392fe6
b328e3a868d0e515fecd0b9c1fe273ba893d9cc0
7cd5ef9624b8a0425c875c005df78cb5626b23c4a9526b0668ec278cd17e4517
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/masonry.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-5e4a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1g3ptvseTNpEwCLa445OIJlxAlwD%2BAf4eRfVL%2FAxoOBdL7dd1E4KInYtBVubVsAO%2BAbuAVqy9EAtY602trZbVDqT0d%2FFGDTRGRs%2FuqP5%2B%2B%2BOuzPNLPYWTVYNGyc2gustM4%2BMnIPw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f24bd00b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/main.js
200 OK
1752
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/main.js
IP
Magic
ASCII text, with very long lines (7320), with no line terminators
Hash
7675b9cdce538b3351d44c317fc8bcd8
98e14e7d933d89799603e78eb68175196b119b7c
23d60748f50065e6664f663e339999277f3fdad54a104e3581395a197bbf74b9
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/main.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-1c98"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LYkvIT%2FyS%2BWccHRuaqkPkjQmvr21vlI4ZrkxUaHdO1FYvBElqPI1nN1LN%2B25snwF%2BALH%2FUYHjwAicSuxSur2elX6KHC2j5Rjgp7PgBKLW2VGacYRQNEegjk6sKVgi8y78x9xCfIT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f2eab8b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
200 OK
33660
URL
HTTP/2
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP
ASN
#20940 Akamai International B.V.
Magic
Web Open Font Format (Version 2), CFF, length 33660, version 1.0\012- data
Hash
e21953c87f09ca307fea4132455a059a
08b07c629dc5407c6f9dfa375279d53af4bf2727
a2b997da567762896061490c3c08e506b2e5b936978560fc12251dd245140b32
GET /af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 33660
etag: "a0f35f91fdc2ca0a90c8288c08c20681c1aecfcf"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Mon, 26 Sep 2022 04:00:36 GMT
X-Firefox-Spdy: h2
www.corehair.ru.com/clicks/SquirtingSchool2_files/wp-embed.js
200 OK
769
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/wp-embed.js
IP
Magic
ASCII text, with very long lines (1391)
Hash
82e67f050afdb38c20ac6eb305f97c17
df1349df76d66a9cf64377cf335c67c337d85470
5f6c33116e2106cd0f2f28c16062f1d584e74b8539a14ed45e17957634d71b7e
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/wp-embed.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-592"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CYxYBfs8WrMLGGBhiF5NZy8e4eZW0RBogx44uDWbkf%2FVB59TDyGGkkeOjugQ%2Fh06Imk%2B11FiSRd3ioMfQk%2B20M68NdDQIJCpDnB7X%2FFMRaJPH3kwYfjr1rW0WxnzNr52a7l2Ty84"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f30d53b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
use.typekit.net/af/6aec08/00000000000000003b9b0935/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
200 OK
34380
URL
HTTP/2
use.typekit.net/af/6aec08/00000000000000003b9b0935/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
IP
ASN
#20940 Akamai International B.V.
Magic
Web Open Font Format (Version 2), CFF, length 34380, version 1.0\012- data
Hash
96c6233bf95dee5352747935713f423f
81951f395017eb00aae5aaa6c89c5963a1cd06e7
a0acc524b541f57df4024b039206425fbcc49c7b3cba369bc0b4a57cfc0e9629
GET /af/6aec08/00000000000000003b9b0935/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 34380
etag: "98ea2e3888e90196090ca6bc7ddc5345e1871a7a"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Mon, 26 Sep 2022 04:00:36 GMT
X-Firefox-Spdy: h2
www.corehair.ru.com/clicks/SquirtingSchool2_files/frontend.js
200 OK
906
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/frontend.js
IP
Magic
HTML document, ASCII text, with very long lines (1728)
Hash
1eb2d85be572c4156f592d1598abbec7
6e28faaea39603f81049ff7668cf771cd1c591cb
0fdded1df72c99324bfb42c29ba15b752740e12a2960899506262c120bd3e7ba
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/frontend.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-728"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3BZ2qGWrtF944tu4cUXq3bse2dZqAQNLgDHm9Ckx2O7Nut66XI7kH%2F%2FrxiwwvimhZfhDPcWd53zT7Vvq%2FSYsCFBtqueDVmpnTwuHYYC62adXPdBHyD4SCbAZClKkNeYIfXbmCZiK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f308b0b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/e-202115.js
200 OK
2987
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/e-202115.js
IP
Magic
ASCII text, with very long lines (2692)
Hash
59b791e299f9a3a35fc01011197f480c
76147580053e798533dbb2c9c4e2604893572ee6
1f126b8513afe8102ffb9299bdfff3673dd55601524b17bbc9d0b641b7fe6d77
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/e-202115.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-230c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sx75J5MHAS%2FJ4lAQr10Xr7%2BaWEU%2BCnn0EX0mJ0NE8ML9saLgfeN1Me2Csq8pUxSkKO5xXK8o73pwiO3n4bfwEu%2FRIeofjg09KwkeV442P%2FpR5XaL2IKmLVy2OjVzlJruzwqJG5oN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f36e4eb50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/frontend_002.js
200 OK
20571
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/frontend_002.js
IP
Magic
Unicode text, UTF-8 text, with very long lines (65426)
Hash
dfdcfe6740fa68f6c6df8dbbc2638dd2
78a7b518f0ff63f68916104730cbe061937126df
11b2106c59812ee4971ed5c761a28f7e05a746cf4d3e49506896c39ca7353a0c
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/frontend_002.js HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-115cb"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EpKIOCOaJnTI7RfmNzHOC3ciCqI1M23jUekz1VWY4YwWs1dWolsqtRFm9rhmRRrpG%2BPu1Mo4fInocpIBrKRDFX0Y9GctPhnnlYbF7ub6fRCGt49Ed2g0utv2ePTZ4H1UgXFBJeK2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f2cdf9b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/sos-logo-tiny-1.png
200 OK
5807
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/sos-logo-tiny-1.png
IP
Magic
PNG image data, 270 x 51, 8-bit/color RGBA, non-interlaced\012- data
Hash
913a8e7cdbb3f0ce0a4300407f002398
f7723bc907647cd05a92516f722fe4a24cd33b63
970d7e7b687bbb122c2418af225ecc6e6d3d39057fcd9f467757462d3064f90d
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/sos-logo-tiny-1.png HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: image/png
Content-Length: 5807
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: "62e82401-16af"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FoWV%2Bt5wQv7EMlX80%2BfE2ljfG45rYmxBkVScPDya3saq9qNe2ZjTsOP7wHqqdsQ9sss8E8cs4mh9qlXrCeuznjo8RwbiBN%2FFxltA%2Fah4FR89ykSGBzJuW%2Ffx7wRKET2cFJeJELz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f39cb50b59-OSL
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/1f609.svg
200 OK
642
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/1f609.svg
IP
Magic
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1183), with no line terminators
Hash
9da946d07a4a0ad9700e04d664961c8d
dfb1c2d95d5ea16a3bb6d385c5652822cb494944
7dd7886faa058fa153e825e57ccbe1095a134aa1fb5a46c3941865406f1f5be2
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/1f609.svg HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-49f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rq7ehJcPYlow%2FJiqzZHSMNBco0cTX4QrV92s%2FZGwLir8CWwqJiy8Oczr%2BEjmH0f7Fbsy4joPnPQSoJCt%2FXEEXOb4HB2fOMpiwPMsV677g%2FMVSd7TSyrfgqmx9ZJCfM5c4ZD7cFcu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f3cb59b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
200 OK
471
IP
Hash
fd3b36dc2b620b48de491a8d9ba00fc0
be67ba7db5215dcb7c9225876e35a5e0a5005c9e
28205ee62c77b1caad6cc24c1ce98ddb92d26f67d41270f7d5278208a907c62f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2539
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 04:00:36 GMT
Last-Modified: Mon, 26 Sep 2022 03:18:17 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
pixel.wp.com/g.gif?v=ext&j=1%3A9.6.1&blog=64496574&post=4228&tz=1&srv=www.schoolofsquirt.com&host=www.corehair.ru.com&ref=&fcp=1203&rand=0.9459621585752884
200 OK
50
URL
HTTP/1.1
pixel.wp.com/g.gif?v=ext&j=1%3A9.6.1&blog=64496574&post=4228&tz=1&srv=www.schoolofsquirt.com&host=www.corehair.ru.com&ref=&fcp=1203&rand=0.9459621585752884
IP
Magic
GIF image data, version 89a, 6 x 5\012- data
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&j=1%3A9.6.1&blog=64496574&post=4228&tz=1&srv=www.schoolofsquirt.com&host=www.corehair.ru.com&ref=&fcp=1203&rand=0.9459621585752884 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: image/gif
Content-Length: 50
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Allow-Origin: *
www.corehair.ru.com/clicks/SquirtingSchool2_files/g.gif
200 OK
50
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/g.gif
IP
Magic
GIF image data, version 89a, 6 x 5\012- data
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/g.gif HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: image/gif
Content-Length: 50
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: "62e82401-32"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L1UVtgUAdbR77Sha4uDoX0yDMSxZCVVhBluvSIYrs4lHkg7TLiH7NGMwEuHul0TWFecImlPwImlm9cGXpI2oknFMwtedDsbkSMciKTGw2mMna2AoqQg77SEtrvIifbA1nZwQgS3V"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f3dda9b51b-OSL
alt-svc: h2=":443"; ma=60
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
200 OK
336086
URL
HTTP/2
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
IP
ASN
#20940 Akamai International B.V.
Magic
PNG image data, 751 x 545, 8-bit/color RGBA, non-interlaced\012- data
Hash
a6ba1ef263c5585fa00644e28ddd917d
2bc5c2849d8df5e48f7023f367286f7cbf284acc
69d8acb1d591a05de8ee50e77ce8f6872cc5cdd120125d8aa386eb31ccf98ec8
GET /af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.corehair.ru.com
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 32688
etag: "852dacc5cd2685c187708b882b28635465e17bd0"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Mon, 26 Sep 2022 04:00:36 GMT
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK
19826
URL
HTTP/1.1
www.google-analytics.com/analytics.js
IP
Magic
ASCII text, with very long lines (1325)
Hash
cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 19826
Date: Mon, 26 Sep 2022 02:20:52 GMT
Expires: Mon, 26 Sep 2022 04:20:52 GMT
Cache-Control: public, max-age=7200
Age: 5984
Last-Modified: Sun, 11 Sep 2022 13:50:09 GMT
Content-Type: text/javascript
www.corehair.ru.com/clicks/SquirtingSchool2_files/blank.htm
200 OK
553
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/blank.htm
IP
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1254), with CRLF line terminators
Hash
fcc2aac26c8f2e24c08a07743d61bd7a
d165057b97b580849985a07de5203d1202e27e9e
0099e29fe77dd7debfef7707645956f1d458ba99c81799c08c52c78b5ceac42f
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/blank.htm HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
Cookie: _gcl_au=1.1.665811313.1664164834; _ga=GA1.3.1198797786.1664164834; _gid=GA1.3.385159970.1664164834; _gat_UA-50355398-1=1; _gat_gtag_UA_22484186_3=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lnxvC5GL22NFVSnwGn6A1dvXo0C44ugqVd%2Fvdr4jVzvcFWjcvC1NSJkPtjaVzcu3jzCPtBMuVXN9CJtBA1mKxfIfr1sG6rzfiWasledmdCdHXlLYcLFHs%2FookeYrIqcFX5u%2F7%2FHa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 750917f47ee1b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK
472
IP
Hash
bc7883d0a03d9c3559288a600fecc70a
b0e538996510ec8c861264cba4bf79fa73f6f7d6
c3bdc9bb12c7c951ca2d861c95156de2c724acc82386e882864c464132e07ac3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK
471
IP
Hash
9f61c5ada09e4fa747144a96e95a943f
e7f3119b4d75a72dd0409673b9789ac1f3233d23
95afa75f054462b0db7b7b59ebadecc07ce8e4eac12b07e76645848983c52bcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&_u=aGDACUABFAAAAC~&z=490847310
200 OK
42
URL
HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&_u=aGDACUABFAAAAC~&z=490847310
IP
Magic
GIF image data, version 89a, 1 x 1\012- data
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&_u=aGDACUABFAAAAC~&z=490847310 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&_u=aGDACUABFAAAAC~&z=490847310
200 OK
42
URL
HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&_u=aGDACUABFAAAAC~&z=490847310
IP
Magic
GIF image data, version 89a, 1 x 1\012- data
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-22484186-3&cid=1198797786.1664164834&jid=1096197724&_u=aGDACUABFAAAAC~&z=490847310 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 04:00:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.corehair.ru.com/clicks/SquirtingSchool2_files/blank_data/inject.css
200 OK
928
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/blank_data/inject.css
IP
Magic
ASCII text, with CRLF line terminators
Hash
e1c22e631b7cce42e3ef13cd9bb02ff5
6c6c2b15c56e776d9eac10babf3a6c4a2bd964ae
93950a736308fe62073a44a76b8ec05b9a651062f6ecee4782059d0718aab6dc
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/blank_data/inject.css HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/SquirtingSchool2_files/blank.htm
Cookie: _gcl_au=1.1.665811313.1664164834; _ga=GA1.3.1198797786.1664164834; _gid=GA1.3.385159970.1664164834; _gat_UA-50355398-1=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-f28"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7OoYwlpUux2tOYSmVY665dC1uNfVA%2BdKSF4hE7V2NuDwgkrNGo5oM%2FE304gQTWwXcL%2BqaOacjADlXi9pSbfuNeB1I%2FrJgg%2Bq1AcMVoFEwaNMQ9oIKiFFASGgyiBZgghfws4E1vp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f56f78b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK
472
IP
Hash
4474bfba80fa3257384d1c908e1353bf
9a2869a3888743d575e6f87d2a7479d5d97fa123
63378e949c0ea9564e7660ea0522ce7a59727a0a5232b81b77f8525899f67a2b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK
471
IP
Hash
9f61c5ada09e4fa747144a96e95a943f
e7f3119b4d75a72dd0409673b9789ac1f3233d23
95afa75f054462b0db7b7b59ebadecc07ce8e4eac12b07e76645848983c52bcf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 04:00:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.corehair.ru.com/clicks/SquirtingSchool2_files/wap-chrissy-small.jpg
200 OK
46067
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/wap-chrissy-small.jpg
IP
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x525, components 3\012- data
Hash
dcb5160c3e0035ab522e4dfcf57eed80
f0f43bcf335a2c157f8b4a3b70ed04f51de7d8ab
13065c081312f094ed752e74f9f9fb71244f4975efdf707f57dddb7b17fa819f
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/wap-chrissy-small.jpg HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
Cookie: _gcl_au=1.1.665811313.1664164834; _ga=GA1.3.1198797786.1664164834; _gid=GA1.3.385159970.1664164834; _gat_UA-50355398-1=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: image/jpeg
Content-Length: 46067
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: "62e82401-b3f3"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gsJ6dlJ8k9%2FOlMCwe6R0yNf3w9mGNh2SU9VSmD2aNlbUazjeB2v5TIT5YJOlZcq9RsGZNRx%2B2Lv2mZqx52JXFDKhRkOd1ItWTrKR3dIwm6BTsui%2BFzg45dd1QjK4AKSyig%2B8UjgK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f52c43b518-OSL
alt-svc: h2=":443"; ma=60
www.corehair.ru.com/clicks/SquirtingSchool2_files/wap-megan-small.jpg
200 OK
42485
URL
HTTP/1.1
www.corehair.ru.com/clicks/SquirtingSchool2_files/wap-megan-small.jpg
IP
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x525, components 3\012- data
Hash
10a269b27f69da15e769372192690830
4b31832b672026725b5fbb2e1b54e9bb172e9cc0
b6abed458bcfd5c4bab5cea2f84ad8fdad9a4488ca5b949f34020f7077053bb0
Analyzer
Verdict
Alert
quad9
Sinkholed
GET /clicks/SquirtingSchool2_files/wap-megan-small.jpg HTTP/1.1
Host: www.corehair.ru.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.corehair.ru.com/clicks/wts_ss2.php?sid=994355&h=ays9wqzq0vtqrqnk_9oe8lwygwog7wlmhcudt4oa55o/s6dzvtkef6s3cxyurlfmximfxdu-lwuwcr1hb1rrlynd47y6dx6j7hqntjtboahoqsnop9w4zcss6ud_jci69eevyf4h6_tktdqumgtbevg
Cookie: _gcl_au=1.1.665811313.1664164834; _ga=GA1.3.1198797786.1664164834; _gid=GA1.3.385159970.1664164834; _gat_UA-50355398-1=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 04:00:36 GMT
Content-Type: image/jpeg
Content-Length: 42485
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: "62e82401-a5f5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSIq9RSk1sSkEDtHtK009SXL0JN3%2FiWQ34Ae23SEa5yH72WQrqrPq3Mhnn3Ef1s4L1lMGzyUs09dUtDs8g8fzIyxrPrzvQ3MOqDhJup0kRu8zipXLuMp38GAjaaDGmXeuaHElda1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750917f52a1db511-OSL
alt-svc: h2=":443"; ma=60
www.schoolofsquirt.com/wp-content/uploads/2016/08/cropped-tablet-logo-220x220.png
200 OK
31334
URL
HTTP/2
www.schoolofsquirt.com/wp-content/uploads/2016/08/cropped-tablet-logo-220x220.png
IP
Magic
PNG image data, 220 x 220, 8-bit/color RGBA, non-interlaced\012- data
Hash
0f493980b2a11680f438ce45634fb8f4
cfc51ded8ed9c4e7a5889090826c0f7281230918
4b2ed7f914385667420f472a97b65e6e101c3a952f07b2c6224019784b2d4e70
GET /wp-content/uploads/2016/08/cropped-tablet-logo-220x220.png HTTP/1.1
Host: www.schoolofsquirt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 04:00:36 GMT
content-type: image/png
content-length: 31334
last-modified: Sun, 20 May 2018 16:30:52 GMT
vary: Accept-Encoding
etag: "5b01a2bc-7a66"
server: nginx centminmod
x-powered-by: centminmod
x-hosted-by: BigScoots
cache-control: public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
X-Firefox-Spdy: h2
www.schoolofsquirt.com/wp-content/uploads/2016/08/cropped-tablet-logo-80x80.png
200 OK
7307
URL
HTTP/2
www.schoolofsquirt.com/wp-content/uploads/2016/08/cropped-tablet-logo-80x80.png
IP
Magic
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash
3f6f4d3000c82b5b5dbdd203c5c785f6
c79a0ce49734d3700b30eddacce322fbcda5960d
1b123d2a958e40670495ab3f9133df0d13c825a5728ccb69c272886578fc960f
GET /wp-content/uploads/2016/08/cropped-tablet-logo-80x80.png HTTP/1.1
Host: www.schoolofsquirt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.corehair.ru.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 04:00:36 GMT
content-type: image/png
content-length: 7307
last-modified: Sun, 20 May 2018 16:30:52 GMT
vary: Accept-Encoding
etag: "5b01a2bc-1c8b"
server: nginx centminmod
x-powered-by: centminmod
x-hosted-by: BigScoots
cache-control: public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols
0
URL
HTTP/1.1
push.services.mozilla.com/
IP
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pR9FSWEYD4B7AwB2+/e64g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tB9jhSqr68FbELtmjtQEvMhQktk=
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11790
Expires: Mon, 26 Sep 2022 07:17:08 GMT
Date: Mon, 26 Sep 2022 04:00:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg
200 OK
6443
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg
IP
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash
3a75be68e82e6a0ba74932fbe74c7b30
36310320605833289e78cd248c45915363a0a0c3
56d709b77802037254b7922e3f85d1b1652b70dfc4b6c65b03e4149d3b1f22ca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6443
x-amzn-requestid: b6f3be01-6086-4fc1-8bec-c4caa1fe806c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSKMG04IAMFRxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330ca41-5452d1805d3f4d71303142c9;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tx-lL61dT3iakJd8VZw31hzMklubUDBQxE6LBhxsJUqyMM0bqCk73g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:07:18 GMT
age: 21200
etag: "36310320605833289e78cd248c45915363a0a0c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bd5ecd8-fafe-452d-ae17-9df7d4cb5682.webp
200 OK
8931
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bd5ecd8-fafe-452d-ae17-9df7d4cb5682.webp
IP
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash
720fc80bd0ff9b71f20c8e0c13e1084e
6ff5d7ce0608a8c1b1f4c731a94295e7a56dfe50
e84bcabd01425354050fe8ba5f4b29a97f05e6f5f15d26d0706c174136de30e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bd5ecd8-fafe-452d-ae17-9df7d4cb5682.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8931
x-amzn-requestid: 9255ee80-ae19-4b47-882b-01e663e857ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG-EmZoAMFyWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-70cc0bc87ed2480879ba081a;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dKd7twQASH_A1tvi8WwaArQfizf3FoLq-gIMvmcz0RAAPXLdhpK5Bw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:19:32 GMT
age: 20466
etag: "6ff5d7ce0608a8c1b1f4c731a94295e7a56dfe50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg
200 OK
11728
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg
IP
Magic
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash
968b9c138702fb5994d1d9eab1a697fa
9660bb2d38079182efbd11d7a687bfc7f9d30751
5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11728
x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUCGGw7oAMF3wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZRG0Axnhc5RY5rDbnnbauco9dpPeFdkP01UxkpNYI5pgSbfGKWcikw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:16:26 GMT
age: 20652
etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
200 OK
10318
URL
HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
IP
< 
104.21.4.217
143.204.55.35
23.36.76.96
93.184.220.29
104.21.4.217