bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html
85.92.70.60200 OK 9.1 kB URL HTTP/1.1 bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html
IP 85.92.70.60:0
ASN #34282 UKDedicated LTD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1723), with CRLF, LF line terminators
Hash 9e34082ed5ce7ee061517a08268147a1
bd690f978f4eff2f52544fd7d6b73150c5a44fdf
e5486298bb783f8ad52a3090f0473b682c1ce867562c7fd37a72f23d90db6b89
GET /wp-content/uploads/js_composer/pharmacie/retin.html HTTP/1.1
Host: bwpcontracts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Sun, 03 Sep 2017 20:41:26 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 9140
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8997fa58a7262e8fd559d64b40511a1b
0aa1c4365c28f45e4d7a8a234fbcf51cd009e083
1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12797
Expires: Sun, 22 Jan 2023 09:15:44 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4714c95a0c854e38f9be444f9343bf14
07ce5eb635448f2b3bafbe51e4dfeef47cdf4f7b
4d47e08c9afb704096e93a51f6e95c0dc7c7bc31e67ded39998ff37ed56e0965
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D47E08C9AFB704096E93A51F6E95C0DC7C7BC31E67DED39998FF37ED56E0965"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16695
Expires: Sun, 22 Jan 2023 10:20:42 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 04:42:28 GMT
content-type: application/json
age: 3599
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 38c102db4bcfb9c4fb19174986950fd3
51c2cc8a3aca4da5c9ab3438467c29203fc0b0c3
dad6b64bc9f4dd827471ccc2e5273fceee574685376083aaa80f9d2f918037f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAD6B64BC9F4DD827471CCC2E5273FCEEE574685376083AAA80F9D2F918037F2"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6763
Expires: Sun, 22 Jan 2023 07:35:10 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JEiuKSvmYEQr3ym2ONSAcoa38V1TvVvw8dbMggQno1IzhWEXYr8K9ybVkhLosWb/xuANvYE3vbzwIaAC76w95Q==
x-amz-request-id: AWM24NV086ST18CG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 04:47:09 GMT
age: 3318
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/jquery.js
85.92.70.60200 OK 828 B URL HTTP/1.1 bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/jquery.js
IP 85.92.70.60:0
ASN #34282 UKDedicated LTD
File type ASCII text, with very long lines (7529), with no line terminators
Hash a7e766ee71dc073aa3e5536efd2894b1
62ee289cb42798dfb37f57ead846bc35cc636aab
af2a86cebf4c66e4bdcd49a9024de1fffa6ba32ee33dc2249342da18d47694bf
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/js_composer/pharmacie/jquery.js HTTP/1.1
Host: bwpcontracts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Sat, 02 Sep 2017 21:51:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 828
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
54.230.111.78301 Moved Permanently 167 B URL HTTP/1.1 w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
IP 54.230.111.78:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
X-Cache: Redirect from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LFGS0t0Bve9z8fVbsr9bvl_a7uxu_10Uuff5ITTRpw2POEfD0MEe5g==
fonts.googleapis.com/css?family=Ubuntu:400,700&subset=latin,latin-ext
142.250.74.106200 OK 527 B URL HTTP/1.1 fonts.googleapis.com/css?family=Ubuntu:400,700&subset=latin,latin-ext
IP 142.250.74.106:0
Hash cc8960c81727305e87f6f37e1f60b8be
22dbd0d26f52ef8b26d3f09d3a55a122aff6ce78
277d72e03993c31bffad39e9870f4f1506697325c4defce022d488ea7d4933f8
GET /css?family=Ubuntu:400,700&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 22 Jan 2023 05:42:27 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Indie+Flower&ver=4.5.9
142.250.74.106200 OK 279 B URL HTTP/1.1 fonts.googleapis.com/css?family=Indie+Flower&ver=4.5.9
IP 142.250.74.106:0
Hash c268c7598dd2b29ef10b4c3080f0678a
2caac383121bfd26619677416ff4f19256695818
9997cf2423183740e3b6b142405a3684d4450399c7d6bf2b2346f1ca2a5b05b9
GET /css?family=Indie+Flower&ver=4.5.9 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 22 Jan 2023 05:42:27 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 05:42:27 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/themes/iconic-one/style.css?ver=1.7.8 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/themes/iconic-one/custom.css?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/plugins/global-body-mass-index-calculator/css/tab.css HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/plugins/simple-share-buttons-adder/js/ssba.min.js?ver=4.5.9
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/plugins/simple-share-buttons-adder/js/ssba.min.js?ver=4.5.9
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/plugins/simple-share-buttons-adder/js/ssba.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/simple-share-buttons-adder/js/ssba.min.js?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/themes/iconic-one/js/selectnav.js?ver=1.0 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
54.230.111.78200 OK 7.9 kB URL HTTP/2 w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
IP 54.230.111.78:0
File type C source, ASCII text, with very long lines (27236), with no line terminators
Hash 990365ccdf4eebf164214f992d8ddfbc
b485f83e096515d93dfec5d8dc420d571ef06254
947238672d5912dffc77bde8e413752ecd69e6062c68c09ae20274b55f37ffdd
GET /button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bwpcontracts.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 7903
cache-control: max-age=259200
content-encoding: gzip
date: Sun, 22 Jan 2023 02:10:02 GMT
etag: W/"634f185a-6a64"
expires: Wed, 25 Jan 2023 02:10:02 GMT
server: nginx/1.20.1
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VCjwtYDWvEJhzKPfavYr2N6L7lc7qt7Uzfhi_6rm1B6YfjfgMQEVMA==
age: 12745
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-includes/js/wp-embed.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/themes/iconic-one/img/facebook.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/themes/iconic-one/img/gplus.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/themes/iconic-one/img/rss.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png
185.61.152.57301 Moved Permanently 707 B URL HTTP/1.1 perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /wp-content/themes/iconic-one/img/twitter.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f767091bb4f9-OSL
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css
185.61.152.57200 OK 348 B URL HTTP/2 perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css
IP 185.61.152.57:0
Hash 6bb6d0ce18dcabab36166679fc8fc015
3bf11dc849665ad6ee7814c2020b94827ac341d3
b476ee6d0f47ffe2e975bb8e11cedb41283bd5bf97cfbf8595861f4a64f8f18c
GET /wp-content/plugins/global-body-mass-index-calculator/css/tab.css HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:52:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 348
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9
185.61.152.57200 OK 69 B URL HTTP/2 perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9
IP 185.61.152.57:0
File type ASCII text, with CRLF line terminators
Hash ac131ee47a4e54ba133d5927cb949c76
d7244e004163f3ec031e77854324f11398edcb67
14b9bdc15584540d4e072ff690279f5bc8b15df337b227115bb12af5acb2c704
GET /wp-content/themes/iconic-one/custom.css?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 69
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png
185.61.152.57200 OK 227 B URL HTTP/2 perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png
IP 185.61.152.57:0
File type PNG image data, 32 x 32, 4-bit colormap, non-interlaced\012- data
Hash 8f69de1b25549ea138a6b68d962a0b9a
b420c5ae1142e5dff026925c67569f4abb4ce383
b20fcbdd7ee6dffbdc12befe16d60fa72120c3949b17a61d27afa0578c06cb33
GET /wp-content/themes/iconic-one/img/facebook.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: image/png
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 227
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0
185.61.152.57200 OK 1.4 kB URL HTTP/2 perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0
IP 185.61.152.57:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 0412ceb5224481268ec4e9ac1b7341f8
c4a5c0f0811f512063b16e1e76a53e65f01350c4
1b7d48dff9fa2ebb51137fd46d01908b374144fd422779835794bf9a0e9b73aa
GET /wp-content/themes/iconic-one/js/selectnav.js?ver=1.0 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1402
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6
185.61.152.57200 OK 3.8 kB URL HTTP/2 perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6
IP 185.61.152.57:0
Hash 9980ce2ec4b0150ff105eb03ca50b743
19f0c67ce317a6cef1dffb073951a776ceb1b79d
810d96a7cd880676b25d00030434d0d4e80fa2fe98e9b5ecc450c26ba7f1be22
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 15:51:59 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3788
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9
185.61.152.57200 OK 663 B URL HTTP/2 perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9
IP 185.61.152.57:0
File type ASCII text, with very long lines (1391)
Hash 992198ff853eb696f88bb0ec8586d015
a6262428de1b6c68cccf617d2a503f5a3bd3aecd
ae0480bd571a7f57cccdbd08f77706edca84029f95bd90bc325224169528d21c
GET /wp-includes/js/wp-embed.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Thu, 07 Jan 2021 01:59:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 663
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png
185.61.152.57200 OK 968 B URL HTTP/2 perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png
IP 185.61.152.57:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 5a1c013d3dd9230a47d2cbb3569f70e3
c9d274740fc27f02d4985103c8b110198f1302b5
1eea6ab33ec870bc824df8fb4c993679ea65c5dfa61a28e6ae67b3c48fb8ceed
GET /wp-content/themes/iconic-one/img/gplus.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: image/png
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 968
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png
185.61.152.57200 OK 289 B URL HTTP/2 perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png
IP 185.61.152.57:0
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash ffc9166b6bd086f15ba7c8cd7f70e13a
8b75d73edc6235a9e0940a00f609aca290f3e14d
57fa4360672d84b0fd7a176044608953627364a02b773c0c327369e1661ed027
GET /wp-content/themes/iconic-one/img/twitter.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: image/png
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 289
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png
185.61.152.57200 OK 365 B URL HTTP/2 perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png
IP 185.61.152.57:0
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 3682a440db6109f5b7d89579ef8bc4b6
05307ae9e6b4e076176416656ce550fac8252498
b6e4226348001a2675a401a336383e2ea70716fde8de85596b84a0796917cd65
GET /wp-content/themes/iconic-one/img/rss.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: image/png
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 365
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6
185.61.152.57200 OK 585 B URL HTTP/2 perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6
IP 185.61.152.57:0
Hash 61f9263cc89c8cb5082a12f95c95fd2a
b7f07aed7ff5e847d17f4a0c2738449537f4de97
fa350263ad0bdd47247e13d4c547c7ad0c816d0095d7e61784eef9b10b9849de
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:51:59 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 585
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f766de80b4fa-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f7674a830b61-OSL
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9
185.61.152.57200 OK 32 kB URL HTTP/2 perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9
IP 185.61.152.57:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 4060e3a933e6ecf568a0cda1af26e5ff
f74affee4978e722c9d61a1d5cf76b66fbb4f8ea
2f08107c5c0cdcd291c201b786aa679b7dfff6b35234d3a9bdb0b3159c8ec015
GET /wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 15:52:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 32504
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f767593ab4f9-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f7677beeb50f-OSL
perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8
185.61.152.57200 OK 8.7 kB URL HTTP/2 perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8
IP 185.61.152.57:0
File type Unicode text, UTF-8 text, with very long lines (736), with CRLF line terminators
Hash 5587fe4c690e2974c232371f06731e2b
51f75e0e160f00e14f63598095a71ea3027ea6bd
7f9a97062d15820b2d3aec5226d812ffd16c10341468f3c53b6a6e2245464d00
GET /wp-content/themes/iconic-one/style.css?ver=1.7.8 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8716
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9
185.61.152.57200 OK 596 B URL HTTP/2 perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9
IP 185.61.152.57:0
Hash beab868b3b083af3915b733004b04400
8184a74e076e88a2c74910c05f3ca4ffb41709d0
d47fe297716a99ce14822623c9c3a3c62f93215c73072a0262dc5ba4d9d10d8c
GET /wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:52:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 596
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 04:48:58 GMT
age: 3210
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
mailfolder.us/script/ontv/eusyn/fr.js?ref=http://bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html&title=Commander%20Retin%20generique%20en%20pharmacie%20en%20France&httpref=
185.38.110.121200 OK 46 B URL HTTP/1.1 mailfolder.us/script/ontv/eusyn/fr.js?ref=http://bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html&title=Commander%20Retin%20generique%20en%20pharmacie%20en%20France&httpref=
IP 185.38.110.121:0
Hash 158f41437e65bc08c4334374673120ce
3770e189589347b787791c3d8c1d203ca02ba197
c901802461c7790e15f4c5d892e098d3e3a521534e1fda2d1151171c3b5097d5
GET /script/ontv/eusyn/fr.js?ref=http://bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html&title=Commander%20Retin%20generique%20en%20pharmacie%20en%20France&httpref= HTTP/1.1
Host: mailfolder.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Length: 46
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js
185.61.152.57200 OK 39 kB URL HTTP/2 perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js
IP 185.61.152.57:0
File type ASCII text, with very long lines (820)
Hash 5ff55b34596c5d489413a37f630f4896
6933354b833bb02882c0627ef78de5d6b32e563c
ce14a962a55a1128a2fd005b1efdb318bd50779afa062def5a9b33d55bc82baa
GET /wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 15:52:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 39198
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fc96297d0b59147e8f6052b16f1ca13f
23aeddfa143bb9be19b2ed06f2024a3a8aa120ce
034327c6ada560c662f451f3c95cd8531482d4ab51629e95875fab54c8f3e49a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3457
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:28 GMT
Last-Modified: Sun, 22 Jan 2023 04:44:51 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
ww62.mailfolder.us/
13.248.148.254200 OK 7.0 kB IP 13.248.148.254:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2270)
Hash e5881eb3108cbc45f14548d87b8f020a
5d8f7a06eb29ee21844543fea9a00d5848b622ec
84caaa87f210b4b04fdeecad288bc220f1a90c5ea973212528f4704e372636ab
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: ww62.mailfolder.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_trTPm6h6HShMBgLwy3wBIiqw9z4BA30kXNP3ONG30NaGR+/iFAG4B6DZDyKXYY4z76jG3kRKoNMohq/cFg7s1Q==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1883)
Hash aa4adcdd1142e60a49d28554968aad01
a5d4847fa4b67c3d8258bcb1e4e215c51030ea48
5a09ad1d4fa9a4a5b283f411b33359069718a4fe43cf2eef7df39ffd4b794dfa
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.mailfolder.us/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 22 Jan 2023 05:42:28 GMT
Expires: Sun, 22 Jan 2023 05:42:28 GMT
Cache-Control: private, max-age=3600
ETag: "4566009177702764754"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
push.services.mozilla.com/
44.228.230.125101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.228.230.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MPpjBf9nvlyU5fyRoWzWbQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2fYCKVoD6TtO2R1C2ETdwGWg44o=
ww62.mailfolder.us/track.php?domain=mailfolder.us&toggle=browserjs&uid=MTY3NDM2NjE0OC4zNzU0OmU5YjY1YzRjYWZlNWE4ZGJkYTg5MzE1ZmE2MTUxNWU1N2ViOTNmOGM4M2E1MWFhZTJmMzEyMGMxNDBhYTI5NDc6NjNjY2NjYzQ1YmE3OA%3D%3D
13.248.148.254200 OK 20 B URL HTTP/1.1 ww62.mailfolder.us/track.php?domain=mailfolder.us&toggle=browserjs&uid=MTY3NDM2NjE0OC4zNzU0OmU5YjY1YzRjYWZlNWE4ZGJkYTg5MzE1ZmE2MTUxNWU1N2ViOTNmOGM4M2E1MWFhZTJmMzEyMGMxNDBhYTI5NDc6NjNjY2NjYzQ1YmE3OA%3D%3D
IP 13.248.148.254:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=mailfolder.us&toggle=browserjs&uid=MTY3NDM2NjE0OC4zNzU0OmU5YjY1YzRjYWZlNWE4ZGJkYTg5MzE1ZmE2MTUxNWU1N2ViOTNmOGM4M2E1MWFhZTJmMzEyMGMxNDBhYTI5NDc6NjNjY2NjYzQ1YmE3OA%3D%3D HTTP/1.1
Host: ww62.mailfolder.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.mailfolder.us/
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash f4d171538addb3e350e03876c9c23d81
9874648e426c9a8b65ddcb1d3fc944b8464be9f5
e89b056e51c85f967d05f0cb23a2212d0f391838df414dda9f61e67a96dbefff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
54.230.245.130200 OK 11 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP 54.230.245.130:0
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.mailfolder.us/
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sun, 22 Jan 2023 01:21:27 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZfFK-yTZRviiC4LVyibqNwXNY1Cllm-dX-9O-wAUi-a3WIrr3Z7IxQ==
Age: 15661
ww62.mailfolder.us/ls.php
13.248.148.254201 Created 0 B URL HTTP/1.1 ww62.mailfolder.us/ls.php
IP 13.248.148.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: ww62.mailfolder.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2222
Origin: http://ww62.mailfolder.us
Connection: keep-alive
Referer: http://ww62.mailfolder.us/
HTTP/1.1 201 Created
Date: Sun, 22 Jan 2023 05:42:28 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 63ccccc4d296af02337e2f15
Charset: utf-8
Access-Control-Allow-Origin: http://ww62.mailfolder.us
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ekHhDIVRPgr1oFv8ZZCO3GkMfw36a1VzXLndXGuy2x5r3L0/+tPasJTJ89gEWGnpow+LCune6lilEVuIc7jhVw==
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww62.mailfolder.us%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2M2NjY2NjNDViYTYxfHx8MTY3NDM2NjE0OC4zODE1fDcxZDc1ZGU0YzVjNDEwMjIwY2I3OWQxYjFlNTE2ZTk3NGNiOWZhZDZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxhYjRlMjhlNDY2OGUxNzU4Y2Q4NDk5N2FlNWEwN2JkYzUwZDMzMmEyfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=2801674366147686&num=0&output=afd_ads&domain_name=ww62.mailfolder.us&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1674366147688&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=502576190&uio=--&cont=tc&jsid=caf&jsv=502576190&rurl=http%3A%2F%2Fww62.mailfolder.us%2F&referer=http%3A%2F%2Fbwpcontracts.com%2F&adbw=master-1%3A530
142.250.74.164200 OK 2.3 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww62.mailfolder.us%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2M2NjY2NjNDViYTYxfHx8MTY3NDM2NjE0OC4zODE1fDcxZDc1ZGU0YzVjNDEwMjIwY2I3OWQxYjFlNTE2ZTk3NGNiOWZhZDZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxhYjRlMjhlNDY2OGUxNzU4Y2Q4NDk5N2FlNWEwN2JkYzUwZDMzMmEyfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=2801674366147686&num=0&output=afd_ads&domain_name=ww62.mailfolder.us&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1674366147688&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=502576190&uio=--&cont=tc&jsid=caf&jsv=502576190&rurl=http%3A%2F%2Fww62.mailfolder.us%2F&referer=http%3A%2F%2Fbwpcontracts.com%2F&adbw=master-1%3A530
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6106)
Hash e369e7c6d4fa7923f32b2dad1932705c
6f012feaf3fa2af13fa97b2f655c49835fa9b984
2f19b684fb980d1ed1ce794f48b14629d16115434993f5585d5b467129930981
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww62.mailfolder.us%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2M2NjY2NjNDViYTYxfHx8MTY3NDM2NjE0OC4zODE1fDcxZDc1ZGU0YzVjNDEwMjIwY2I3OWQxYjFlNTE2ZTk3NGNiOWZhZDZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxhYjRlMjhlNDY2OGUxNzU4Y2Q4NDk5N2FlNWEwN2JkYzUwZDMzMmEyfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=2801674366147686&num=0&output=afd_ads&domain_name=ww62.mailfolder.us&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1674366147688&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=502576190&uio=--&cont=tc&jsid=caf&jsv=502576190&rurl=http%3A%2F%2Fww62.mailfolder.us%2F&referer=http%3A%2F%2Fbwpcontracts.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww62.mailfolder.us/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sun, 22 Jan 2023 05:42:28 GMT
expires: Sun, 22 Jan 2023 05:42:28 GMT
cache-control: private, max-age=3600
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 2267
x-xss-protection: 0
set-cookie: NID=511=POlUMhrLvXF5pyQHQOWjhBAFRRS8WoLCt_x_CYoqpNZQ5IVa0F6yuRpVKM0Fn1nt9PeweQTaomJ1tse8tKJ7gxih16z6rEW1-m-quxhFIy99DIgole1pQ6US0daeVNbZyhDWCH9boFQ_Od-5gx4eCsvO0IxIE5hBrU_yYiFP_ZA; expires=Mon, 24-Jul-2023 05:42:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+036; expires=Tue, 21-Jan-2025 05:42:28 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 6f395936694ad6425512fdf9f562c4bf
f58cfa08b44f9ddde774026b92bc4e10fc9b99f5
1944b3b16c3b38fe6cc4f3447c1e410ba3d13b8ee098a2e3471e5921a0ce1361
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=ww62.mailfolder.us&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie
142.250.74.34200 OK 241 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=ww62.mailfolder.us&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie
IP 142.250.74.34:0
File type ASCII text, with very long lines (366), with no line terminators
Hash 32e8543adf62c5799293103054a2b9dc
29fa75e969c70d4ec7820065c8232fbc3f482078
35dbd3e9a4c98d4043f52d6366a4e178f2c355c3bddae8c1460e53156920d650
GET /gampad/cookie.js?domain=ww62.mailfolder.us&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww62.mailfolder.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 22 Jan 2023 05:42:28 GMT
server: cafe
cache-control: private
content-length: 241
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash ace90ee2f1ce8ca0d69556c6398555a6
49b53ab37b77ebf26525ef3a84aaa9a817af9df4
6d66736ed5245c62987c88f0c3570eefd8f45c09f60dc9b2e1d585f05d1f00e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
Hash 8a6926106a7cc7d84148513fe36f77c3
acb87a8bfa3804ca32846d36e4afa289c44ee35f
f2a635331e66ddaae2d66dfa1f42ffc8c52c1e99d206e3ac2ae98ad2b5f829f7
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 22 Jan 2023 05:42:28 GMT
expires: Sun, 22 Jan 2023 05:42:28 GMT
cache-control: private, max-age=3600
etag: "14724921511993132664"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 734914122d719ab9651f0bf7a4c1fe2f
6dab619cf1acaa1645caf9658fc31c1ee8530bec
9f81a0f9e79924cbbeb56efd122ad30c1e2097eac0d96ca27435027514c57241
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 734914122d719ab9651f0bf7a4c1fe2f
6dab619cf1acaa1645caf9658fc31c1ee8530bec
9f81a0f9e79924cbbeb56efd122ad30c1e2097eac0d96ca27435027514c57241
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
142.250.74.97200 OK 270 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash 5100391430a00e10ce60aa159f525b5c
231a4492d73b225f441b1e9028dc33c89862e498
52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 07:14:54 GMT
expires: Sun, 22 Jan 2023 06:14:54 GMT
cache-control: public, max-age=82800
age: 80855
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
142.250.74.97200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 17:57:36 GMT
expires: Sun, 22 Jan 2023 16:57:36 GMT
cache-control: public, max-age=82800
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
age: 42293
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 734914122d719ab9651f0bf7a4c1fe2f
6dab619cf1acaa1645caf9658fc31c1ee8530bec
9f81a0f9e79924cbbeb56efd122ad30c1e2097eac0d96ca27435027514c57241
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1212765-ab80-4510-9edf-e5d05f2825be.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1212765-ab80-4510-9edf-e5d05f2825be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c261979fbd99d06ccb31a5cd3bb332a
48f93d2153179e1a48d7d01f2a169b17f723cc4e
ca71c5eced499cd48fee627ddb51776755e9523d00c1b92899b3b8ec1312244e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1212765-ab80-4510-9edf-e5d05f2825be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11381
x-amzn-requestid: 223e4fd8-552f-49b2-a4cf-3be859b43fb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHN85EChIAMFhPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d1f-5c88a5ce367f274775b3f0cd;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:46:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TkpeHjduFTshsAwjLXz0N_-ZMo6KjEOAeAoMWLaBeQQMahzo-FCTTQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:07 GMT
age: 28462
etag: "48f93d2153179e1a48d7d01f2a169b17f723cc4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90d50df9-567e-4e6a-a190-fd1b649dde3d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90d50df9-567e-4e6a-a190-fd1b649dde3d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4cae5f4a74f4b00ff3c61d2cd3341258
233ab9ac6868f41ec6867e9e3a7c31b841635d43
cdd1237a972119a23f58c24d6299e3d128053222b0d131f46116db4f3f010af5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90d50df9-567e-4e6a-a190-fd1b649dde3d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11221
x-amzn-requestid: ca32141f-8e87-4402-b0da-efd4f32ea1ce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHN7UGsGIAMFtOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d15-7cb3dc065176bdad0451f511;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:45:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: B_PmZd5KeMmKQ3EQte_iZsLt1qoU6jPxe1Yo4Cb86rLRv9Xx5eMmyA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
age: 28463
etag: "233ab9ac6868f41ec6867e9e3a7c31b841635d43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce9c90c64a81cfd16050966c2b5ddf57
a2929122b2d2e252f39d23857cd7a2ed4651bb27
6647be8f5be621ef9b0cfe6585cb92c868951a95acf8c9c66d9eec6dc95d34c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3084
x-amzn-requestid: 034173f8-edba-45b9-bbbc-a7d737b45e26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFM68EDMIAMF3Iw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb8eac-3a22865376bbdcde3ef17088;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 07:05:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lPrb0OiQtQrd0-1R9wmsMzYwRydWPW9lBTAFUu9SPchT7WZUIVzGdw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 08:05:30 GMT
age: 77819
etag: "a2929122b2d2e252f39d23857cd7a2ed4651bb27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RlbJymJhU6Ti5RZCSIvPzloackAiBEBGapKI440u4ZIfB5FYBNugLw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 03:24:49 GMT
age: 8260
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2aec02a691f126259e2a3c701e322ffe
af9161eefc1ee381a8f531c593ea7354d73493eb
e0094d54ca9bbbc4154abec2ce152453ddb1544e020b4a859e5da1f7073a26d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4796
x-amzn-requestid: 9ad3dcbc-3d19-4619-a8cb-b316a8d51290
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7ULpHgKIAMFmYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79a4a-769bcf2f4d7787d007ec30e2;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:05:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -TjivJmHgT_N2QWC1rn8ng1sl5h53FcgoU9ALMINJEY6onseYEWGRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 08:08:25 GMT
age: 77644
etag: "af9161eefc1ee381a8f531c593ea7354d73493eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e71636bb9a13ad7d52d253e16cd6a3f
401dd58e34982d3434739b9a2f7182487ea1cac5
1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: j3SoP46ER0JjOaLh363bQ9QW4ZIW19_rbgeQ7Ey8W-zgyGMMLSLccA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:17 GMT
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
age: 28452
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2