firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 13:47:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DDEjlzhf9WbQrSqoo8pFzo8A3mmsocHinC1SWStnCJMn42tDW5cZOQ==
Age: 2855
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9080
Expires: Tue, 04 Oct 2022 17:05:59 GMT
Date: Tue, 04 Oct 2022 14:34:39 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7HKgPVcZSXgzgre66h5mF0rYAeZHWK5q2kUpkeTb7pMZ7jozvSTqTQ==
age: 32772
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 14:34:39 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
toosexyforwords.blogspot.co.za/
142.250.74.161302 Moved Temporarily 182 B URL HTTP/1.1 toosexyforwords.blogspot.co.za/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 95a9b78f9c3f039c1b28f6f34c5960ec
04804b6b88259fe30f7a87f67a52495d397861a3
9b32fa8cb73063ae73e4b1dbb67f105c9515f768bfd6e0370a14c1967429e1e5
GET / HTTP/1.1
Host: toosexyforwords.blogspot.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://toosexyforwords.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Tue, 04 Oct 2022 14:34:39 GMT
Expires: Tue, 04 Oct 2022 14:34:39 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 182
Server: GSE
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 04 Oct 2022 14:29:33 GMT
Expires: Tue, 04 Oct 2022 14:31:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AgfhFUIU_OvQuolyfNH6ihgShdownp9GXLooATq2QjkDq8l6JtMvLA==
Age: 307
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16ebfb2aa621547ecf581e26fc828a7d
f78993331f6f5b8af6409a9ad2fc50b77070f68a
0f81fd1d6be9ccc04b74f0348aafe642c7b9ab7dffb7e8a679b5d67cc2e5fac3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5290
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:40 GMT
Last-Modified: Tue, 04 Oct 2022 13:06:30 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.38.146.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.146.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Xs8nj/Zd+DR2hC3bx4QMlg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VedigmX5DZlCulFDqDfFbYPWPy8=
toosexyforwords.blogspot.com/
142.250.74.161200 OK 24 kB URL HTTP/1.1 toosexyforwords.blogspot.com/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1495)
Hash 6c490cd624e10e8f0b5146177bdb0ed7
2d1e5c4d7f9ffd62b2ff35226262e628fdc4c0e3
e47897d8239fb01686ff6bae7111e6fd69b046a5694928b557e722bab3714aa4
GET / HTTP/1.1
Host: toosexyforwords.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Tue, 04 Oct 2022 14:34:40 GMT
Date: Tue, 04 Oct 2022 14:34:40 GMT
Cache-Control: private, max-age=0
Last-Modified: Mon, 13 Dec 2021 03:28:02 GMT
ETag: W/"f687665f3cf8047a1d8173a61eb8ee4e6d27576801db597dba49e798994add5e"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 24454
Server: GSE
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 342bb07fd3b486a18a168387a7cf4ff6
527d5718d356712356bfe6915da16694ea0141f4
d6c354b2d0e056f3a00c2e1c4fe4216e7afa40317015e49cc85c9228a40e1f74
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
toosexyforwords.blogspot.com/js/cookienotice.js
142.250.74.161200 OK 2.0 kB URL HTTP/1.1 toosexyforwords.blogspot.com/js/cookienotice.js
IP 142.250.74.161:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: toosexyforwords.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 10:32:28 GMT
Expires: Tue, 11 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=604800
Last-Modified: Tue, 04 Oct 2022 09:10:01 GMT
Content-Type: text/javascript
Age: 14532
www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
216.58.207.201200 OK 7.8 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
IP 216.58.207.201:0
File type ASCII text, with very long lines (35959)
Hash 5aa2d3297bdc86bc81322aedecbb5e79
1c0a3c007e41726e167e79b70ddea76198650884
feae1fac625d0f30b5f10fa00b62df1a5600cd2178062c427e55f289b29cc630
GET /static/v1/widgets/2975350028-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7776
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 12:39:06 GMT
expires: Sun, 01 Oct 2023 12:39:06 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 30 Sep 2022 19:52:35 GMT
content-type: text/css
age: 266135
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a068d9fec672f97ef7d20969d5925877
e921c48a1686bb8157c902d76a08c5b55507505d
954a24ce791bcf1686f2077da5f25015a3298a838035ffc8322282b213553592
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/792789798-widgets.js
216.58.207.201200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/792789798-widgets.js
IP 216.58.207.201:0
File type ASCII text, with very long lines (2221)
Hash 02e6bf311e18828a522b4d3a4079084f
a63cd373fa23b4fe11f938d57737e6bfa1ebe789
25d469843aa09be2473931d33aaa37b65ac371874bd98ca84ec780bead3e33e4
GET /static/v1/widgets/792789798-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56804
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 02:15:20 GMT
expires: Tue, 03 Oct 2023 02:15:20 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Oct 2022 00:49:27 GMT
content-type: text/javascript
age: 130761
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon18_edit_allbkg.gif
216.58.207.201200 OK 162 B URL HTTP/2 resources.blogblog.com/img/icon18_edit_allbkg.gif
IP 216.58.207.201:0
File type GIF image data, version 89a, 18 x 18\012- data
Hash c991641178ff05adf0d004298b5eafa9
d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 19:52:13 GMT
expires: Sat, 08 Oct 2022 19:52:13 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 19:52:35 GMT
content-type: image/gif
age: 240148
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon18_email.gif
216.58.207.201200 OK 164 B URL HTTP/2 resources.blogblog.com/img/icon18_email.gif
IP 216.58.207.201:0
File type GIF image data, version 89a, 18 x 13\012- data
Hash 36b9f993db1b953f3b9b08040aaf9af4
18248661b307586dc291fd2dff4bb59cf7579475
1258cbe1e2900ec3df11a83a6bb6008d7a833f783a6df80b0d5d45a052ac1466
GET /img/icon18_email.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 13:30:41 GMT
expires: Sat, 08 Oct 2022 13:30:41 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 19:52:35 GMT
content-type: image/gif
age: 263040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon_feed12.png
216.58.207.201200 OK 500 B URL HTTP/2 resources.blogblog.com/img/icon_feed12.png
IP 216.58.207.201:0
File type PNG image data, 12 x 12, 8-bit colormap, non-interlaced\012- data
Hash 44e7355a788fd1082deff0018883758e
50e3a28a44978e85d13c30522e0c71c8d0b24675
3cd341f37642f8a58b0fe14c2645913449c0ffe10be6ba0986275bfef29bc319
GET /img/icon_feed12.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 500
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 09:06:36 GMT
expires: Sat, 08 Oct 2022 09:06:36 GMT
cache-control: public, max-age=604800
last-modified: Sat, 01 Oct 2022 07:51:36 GMT
content-type: image/png
age: 278885
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/widgets/subscribe-netvibes.png
216.58.207.201200 OK 1.4 kB URL HTTP/2 resources.blogblog.com/img/widgets/subscribe-netvibes.png
IP 216.58.207.201:0
File type PNG image data, 91 x 17, 8-bit colormap, non-interlaced\012- data
Hash c52a5f4ecb6be5d7e93b23ef4122ee4e
4e698a5f455daf3a8ea1e219b1998079f0546716
71b8ad79c680b3e5d452a792c3b418b23f739a0a34005e0f37ec674f4c78cb5d
GET /img/widgets/subscribe-netvibes.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 1445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 11:47:52 GMT
expires: Sat, 08 Oct 2022 11:47:52 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 14:51:29 GMT
content-type: image/png
age: 269209
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/widgets/subscribe-yahoo.png
216.58.207.201200 OK 580 B URL HTTP/2 resources.blogblog.com/img/widgets/subscribe-yahoo.png
IP 216.58.207.201:0
File type PNG image data, 91 x 17, 8-bit colormap, non-interlaced\012- data
Hash 79f602b6ac18bee79b4e2353a6674010
28accf82263aa1a11bb821439d4d185865662530
bbf9b924cc32bff4738bb54d86905476349f90c8b20f748633e56f64379d553e
GET /img/widgets/subscribe-yahoo.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 10:16:11 GMT
expires: Sat, 08 Oct 2022 10:16:11 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 19:52:35 GMT
content-type: image/png
age: 274710
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
2.bp.blogspot.com/-W2cx1Bg69nk/UiNPejKuesI/AAAAAAAAAQ4/caXxiJ9UiT8/s320/22.jpg
142.250.74.161200 OK 19 kB URL HTTP/1.1 2.bp.blogspot.com/-W2cx1Bg69nk/UiNPejKuesI/AAAAAAAAAQ4/caXxiJ9UiT8/s320/22.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x292, components 3\012- data
Hash dc4e81cbee94f7bb1b3eabf96b451486
e55057fa20214e9fbf92d1e8f8dc1e634f249100
920b23f898797e57a7a364f9b9f097568cbf3c74593ddde4a8883d06d81f8720
GET /-W2cx1Bg69nk/UiNPejKuesI/AAAAAAAAAQ4/caXxiJ9UiT8/s320/22.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="22.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19209
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v10f"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-_1v5vG9Re_0/UiNQFB6CP5I/AAAAAAAAASI/KEt9X8UHiQ8/s320/MVI_1223a.jpg
142.250.74.161200 OK 11 kB URL HTTP/1.1 2.bp.blogspot.com/-_1v5vG9Re_0/UiNQFB6CP5I/AAAAAAAAASI/KEt9X8UHiQ8/s320/MVI_1223a.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x234, components 3\012- data
Hash 64fced3f731f3b1f1ed9d971f6623e34
55f1005db571c67b7399d6447e7c5c026cddab04
c41bb6073dfdf508f9d8a95f4162c639084232c2ec614e6f29069f80300ff4e9
GET /-_1v5vG9Re_0/UiNQFB6CP5I/AAAAAAAAASI/KEt9X8UHiQ8/s320/MVI_1223a.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_1223a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 11384
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v123"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-t3YLAex0sco/UfkbmqTBXMI/AAAAAAAAAP0/yPnP_P-ikvM/s320/042913306.jpg
142.250.74.161200 OK 31 kB URL HTTP/1.1 3.bp.blogspot.com/-t3YLAex0sco/UfkbmqTBXMI/AAAAAAAAAP0/yPnP_P-ikvM/s320/042913306.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 288x320, components 3\012- data
Hash a768b0972fae50271429638b2e6a3eb0
0180c70b6401a274ffd121e592cef85d5a3cefb2
865e4eee4d61f8fbbfdb875e7f45484c8e7106d16ab29a5b46c102fa88635993
GET /-t3YLAex0sco/UfkbmqTBXMI/AAAAAAAAAP0/yPnP_P-ikvM/s320/042913306.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="042913306.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 30702
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vfe"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-N-8MRPZzbL0/UiNQIroO5bI/AAAAAAAAASQ/-tG5_zHctaE/s320/MVI_9543a.jpg
142.250.74.161200 OK 19 kB URL HTTP/1.1 3.bp.blogspot.com/-N-8MRPZzbL0/UiNQIroO5bI/AAAAAAAAASQ/-tG5_zHctaE/s320/MVI_9543a.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Hash a09837187a8a3c2a1642478dec669afd
0dd0a7851b7d1cfc8b9e7d0bd7cdf24a2808119f
c0a9a7b1268746d4f9d89e87ba30d761d7f03744896b3b9d2eb23160de7033dc
GET /-N-8MRPZzbL0/UiNQIroO5bI/AAAAAAAAASQ/-tG5_zHctaE/s320/MVI_9543a.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9543a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19422
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v125"
Content-Type: image/jpeg
Age: 0
apis.google.com/js/platform.js
142.250.74.174200 OK 20 kB URL HTTP/2 apis.google.com/js/platform.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1277)
Hash b5a31516be83fe4f962609045d824f88
939a49a9858bf23561279f9ca2d1941d3256c66f
edb661aa461800e97e3847608a8b2d81cfe345f69a6f84abaa001d8a60500328
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20361
date: Tue, 04 Oct 2022 14:34:41 GMT
expires: Tue, 04 Oct 2022 14:34:41 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "40c22a9ccbd70870"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
2.bp.blogspot.com/-swqFdlgpbz4/UjXC2itFwGI/AAAAAAAAAT4/jI6Dp0VL-J4/s320/MVI_9000j.jpg
142.250.74.161200 OK 18 kB URL HTTP/1.1 2.bp.blogspot.com/-swqFdlgpbz4/UjXC2itFwGI/AAAAAAAAAT4/jI6Dp0VL-J4/s320/MVI_9000j.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Hash ef9285616130fbbe0a7cc08f636f1f13
d6a3a87b4202bdbec8da03f0f541e472cf4b70bd
375526fc7ebd1a66e47d096c707e6124dbf044bfc770970fbecef07a9dd8f498
GET /-swqFdlgpbz4/UjXC2itFwGI/AAAAAAAAAT4/jI6Dp0VL-J4/s320/MVI_9000j.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9000j.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 17826
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v13f"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-IVNObjkfQuk/UjXCzeiHz_I/AAAAAAAAATw/9GeNrV1JUX0/s320/MVI_1458d.jpg
142.250.74.161200 OK 18 kB URL HTTP/1.1 2.bp.blogspot.com/-IVNObjkfQuk/UjXCzeiHz_I/AAAAAAAAATw/9GeNrV1JUX0/s320/MVI_1458d.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x259, components 3\012- data
Hash 801792f3ef4f90ad50fff10b8c5ef802
cd0cf81f266e4bafbacc036a717da9276aa517a9
6d699b4d934d6716d3ff5ae9ed6693a7eb08729d333f3f15dd594272e76856c7
GET /-IVNObjkfQuk/UjXCzeiHz_I/AAAAAAAAATw/9GeNrV1JUX0/s320/MVI_1458d.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_1458d.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 18538
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v13d"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-xPSKR5Nl210/UiNP3VXPIrI/AAAAAAAAARw/HzdLa3dpInU/s320/jf.jpg
142.250.74.161200 OK 31 kB URL HTTP/1.1 3.bp.blogspot.com/-xPSKR5Nl210/UiNP3VXPIrI/AAAAAAAAARw/HzdLa3dpInU/s320/jf.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 249x320, components 3\012- data
Hash d441a709b7201b7d3bf7f635e289aedd
4fd5fc82ddc5491e5c94d295fe1c562db90a12be
fe34eb1c04a570d1241f351e8ce723c3978c30685e2729dccb25c9d27cd82839
GET /-xPSKR5Nl210/UiNP3VXPIrI/AAAAAAAAARw/HzdLa3dpInU/s320/jf.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="jf.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 30829
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v11d"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-YtoennbnYDc/UjXCwRYOdfI/AAAAAAAAATo/xkBWNWi2qEY/s320/MVI_1223a.jpg
142.250.74.161200 OK 17 kB URL HTTP/1.1 3.bp.blogspot.com/-YtoennbnYDc/UjXCwRYOdfI/AAAAAAAAATo/xkBWNWi2qEY/s320/MVI_1223a.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x256, components 3\012- data
Hash 51a77979b221b60014c0fda4de2990c4
84161a2e4ad041019cea02d6cb21bb546bb9f083
0dc597a116b37a97bf62898dcb20a532c9c2b0feee34baad1b83684dc1a1baa8
GET /-YtoennbnYDc/UjXCwRYOdfI/AAAAAAAAATo/xkBWNWi2qEY/s320/MVI_1223a.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_1223a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 16699
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v13b"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-wwwQEraY-k4/UiNQN-hlfyI/AAAAAAAAASY/clEiapzlLxs/s320/MVI_9734e.jpg
142.250.74.161200 OK 20 kB URL HTTP/1.1 2.bp.blogspot.com/-wwwQEraY-k4/UiNQN-hlfyI/AAAAAAAAASY/clEiapzlLxs/s320/MVI_9734e.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x298, components 3\012- data
Hash 204bba7d342a02160332f15d9ca41dfb
2651fc04d29b5552aff23d491193a9d711887259
670772f4f8b82a7b38a80c6dde77221cab7b1d34f0c98bb631823d7893959c65
GET /-wwwQEraY-k4/UiNQN-hlfyI/AAAAAAAAASY/clEiapzlLxs/s320/MVI_9734e.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9734e.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19577
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v127"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-OHUAEFnddFM/UjXCsvSyesI/AAAAAAAAATg/nlD5yGF7WA4/s320/IMG_4677.jpg
142.250.74.161200 OK 20 kB URL HTTP/1.1 3.bp.blogspot.com/-OHUAEFnddFM/UjXCsvSyesI/AAAAAAAAATg/nlD5yGF7WA4/s320/IMG_4677.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 320x240, components 3\012- data
Hash 94499f87413ae8f2f3b6b33d2aa64cdf
197ed653d6fbeb463660bef2447e4c3c806f572b
964b9174af21d668fcd13c6432ce3c682c71dbc19b0e069479d09197ac41717b
GET /-OHUAEFnddFM/UjXCsvSyesI/AAAAAAAAATg/nlD5yGF7WA4/s320/IMG_4677.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_4677.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 20224
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v139"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-KyPM6sFusA8/UjXCZ8a5pqI/AAAAAAAAASw/lxZo7ZYDzIE/s320/3.jpg
142.250.74.161200 OK 16 kB URL HTTP/1.1 2.bp.blogspot.com/-KyPM6sFusA8/UjXCZ8a5pqI/AAAAAAAAASw/lxZo7ZYDzIE/s320/3.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x235, components 3\012- data
Hash 8c0f611a229567a8c041dcfa366cf08b
3b85131275b3cd39e10dd04964bb2c9ebc426cde
9a1099e40a9abbfd73ba9b7926321e2f156b97d5cb1f92016846a0899be9505a
GET /-KyPM6sFusA8/UjXCZ8a5pqI/AAAAAAAAASw/lxZo7ZYDzIE/s320/3.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="3.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 15499
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v12d"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-OXoxWppfsiE/UjXCdL9IJyI/AAAAAAAAAS4/YRE3s7bsxzQ/s320/4.jpg
142.250.74.161200 OK 14 kB URL HTTP/1.1 3.bp.blogspot.com/-OXoxWppfsiE/UjXCdL9IJyI/AAAAAAAAAS4/YRE3s7bsxzQ/s320/4.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x177, components 3\012- data
Hash 279ec2d53aa77e5671340ffb372dac34
8e42886d6fa760f3c399c484dbf2c7d747d74480
afc43a34a70a10f1be542947083a8c7fd42fa925058673af91be25d744c88729
GET /-OXoxWppfsiE/UjXCdL9IJyI/AAAAAAAAAS4/YRE3s7bsxzQ/s320/4.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="4.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 14038
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v12f"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-X81odDyZ8WY/TrYcTd9k_lI/AAAAAAAAAFs/EIKxQ8FcRww/s840/All%2Bcovers.jpg
142.250.74.161200 OK 95 kB URL HTTP/1.1 2.bp.blogspot.com/-X81odDyZ8WY/TrYcTd9k_lI/AAAAAAAAAFs/EIKxQ8FcRww/s840/All%2Bcovers.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 840x382, components 3\012- data
Hash 8e65f8f22ed1be334dca936bf5aecfdd
7711a7c3db5b3413f9fb32ddc0cc9d16deb53e36
8d3e860c140a436e01d34e2a5f42914eac0ae54cd2e2ae32f75dae26bb3c4d9d
GET /-X81odDyZ8WY/TrYcTd9k_lI/AAAAAAAAAFs/EIKxQ8FcRww/s840/All%2Bcovers.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="All covers.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 94779
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v146"
Content-Type: image/jpeg
Age: 0
1.bp.blogspot.com/-sUAIEy_ZHqs/UcEBr45yWhI/AAAAAAAAAPQ/Hb3RHKEkNDs/s320/securedownload+(6).jpg
142.250.74.161200 OK 38 kB URL HTTP/1.1 1.bp.blogspot.com/-sUAIEy_ZHqs/UcEBr45yWhI/AAAAAAAAAPQ/Hb3RHKEkNDs/s320/securedownload+(6).jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 217x320, components 3\012- data
Hash 968f7fedfd48b4166d70b142d99bdb0d
0b36414a59d10ff966d9661dfd06cec5cfec70bc
f06dc3ae57554e31810bfcae3e718e775e371ab214b4e4cb53db418488eef9cc
GET /-sUAIEy_ZHqs/UcEBr45yWhI/AAAAAAAAAPQ/Hb3RHKEkNDs/s320/securedownload+(6).jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="securedownload (6).jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 37690
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf5"
Content-Type: image/jpeg
Age: 0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs
142.250.74.174200 OK 58 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (580)
Hash d70fcc84d705c565b31a5835c0938d5b
d28e5dc9fcc6239d67986df3205468072023d2d7
1d558c94793446aa6a7832dde0c39ed7d9c77fd963ffb738c460e4f7369a7f4e
GET /_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57995
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 07:25:42 GMT
expires: Mon, 02 Oct 2023 07:25:42 GMT
cache-control: public, max-age=31536000
age: 198539
last-modified: Sat, 30 Jul 2022 15:17:53 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
142.250.74.130200 OK 67 B URL HTTP/1.1 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 142.250.74.130:0
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:20:06 GMT
Expires: Tue, 18 Oct 2022 14:20:06 GMT
Cache-Control: public, max-age=1209600
ETag: 13036835877489095579
Content-Type: text/javascript; charset=UTF-8
Age: 875
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 129fe858bf2aa7291fd2c6dd4cf9d226
e3e048b964b851ebbdcfb5bd80ebdbad13720cf6
addc7e4ddab73c8c7ee50f6d33fc1e4ff73b71cc014e481049a393c3b87b0924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/img/share_buttons_20_3.png
216.58.207.201200 OK 5.1 kB URL HTTP/2 www.blogger.com/img/share_buttons_20_3.png
IP 216.58.207.201:0
File type PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash ad9999106d5f550920b586e8e1704e5a
93fd02c51166402a41f96509cd0ca3fb917877dd
3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3
GET /img/share_buttons_20_3.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 5080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 07:14:19 GMT
expires: Sat, 08 Oct 2022 07:14:19 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 19:52:35 GMT
content-type: image/png
age: 285622
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-cSNZKRAmze4/UcEBklnoRoI/AAAAAAAAAPA/u8hBHj1Eras/s320/securedownload+(4).jpg
142.250.74.161200 OK 19 kB URL HTTP/1.1 1.bp.blogspot.com/-cSNZKRAmze4/UcEBklnoRoI/AAAAAAAAAPA/u8hBHj1Eras/s320/securedownload+(4).jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 320x144, components 3\012- data
Hash 9faaeb1297873d21d113531a1e96261b
386611acb5d4131934cb90e4007eece8371f23b2
6a80539d080a0ccbb37c627d8889310c72948b8f94a447774453b042aff1e942
GET /-cSNZKRAmze4/UcEBklnoRoI/AAAAAAAAAPA/u8hBHj1Eras/s320/securedownload+(4).jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="securedownload (4).jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19306
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf1"
Content-Type: image/jpeg
Age: 0
resources.blogblog.com/img/widgets/s_top.png
216.58.207.201200 OK 335 B URL HTTP/2 resources.blogblog.com/img/widgets/s_top.png
IP 216.58.207.201:0
File type PNG image data, 144 x 400, 4-bit colormap, non-interlaced\012- data
Hash c4908f4189f7698dc8afdd67df8ce041
b6f7cd64ff84e7cedb4b8b92ceb8b9800ad7624a
cfe1d5dd45c7f0897d769e6c95ae9036fbdc7dad76ac9ed6ce6b21a785ecd6de
GET /img/widgets/s_top.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 335
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 22:19:40 GMT
expires: Sat, 08 Oct 2022 22:19:40 GMT
cache-control: public, max-age=604800
last-modified: Sat, 01 Oct 2022 20:50:33 GMT
content-type: image/png
age: 231301
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/widgets/s_bottom.png
216.58.207.201200 OK 172 B URL HTTP/2 resources.blogblog.com/img/widgets/s_bottom.png
IP 216.58.207.201:0
File type PNG image data, 144 x 3, 4-bit colormap, non-interlaced\012- data
Hash a9bbd1bf495055e06e61aec7f8c1b6c4
491c1a006da8a9eea4f3d1bb27e5815ab66a9f45
91fe35689444e53c1bf3e04f24c154fa0468be9edd3c84344f9f64c2eff89eeb
GET /img/widgets/s_bottom.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 172
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 03:07:01 GMT
expires: Sat, 08 Oct 2022 03:07:01 GMT
cache-control: public, max-age=604800
last-modified: Sat, 01 Oct 2022 01:07:16 GMT
content-type: image/png
age: 300460
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-QzqDJOmBONk/UcEBpDALKbI/AAAAAAAAAPI/ACUTr0EqBDI/s320/securedownload+(5).jpg
142.250.74.161200 OK 23 kB URL HTTP/1.1 1.bp.blogspot.com/-QzqDJOmBONk/UcEBpDALKbI/AAAAAAAAAPI/ACUTr0EqBDI/s320/securedownload+(5).jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 320x204, components 3\012- data
Hash ec6cea9c14654299c30ac53941dfa881
32228e7be11462b44977bad3018bcf858089f5af
f01e63a74782fc947db0eec8507291ea7b187d65013b4e1f6a0cd336cd97ccb9
GET /-QzqDJOmBONk/UcEBpDALKbI/AAAAAAAAAPI/ACUTr0EqBDI/s320/securedownload+(5).jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="securedownload (5).jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 22906
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf3"
Content-Type: image/jpeg
Age: 0
1.bp.blogspot.com/-eK1tFcpKBs8/Ufkbf4h9e4I/AAAAAAAAAPk/N0vBdshLGFk/s320/042713215.jpg
142.250.74.161200 OK 32 kB URL HTTP/1.1 1.bp.blogspot.com/-eK1tFcpKBs8/Ufkbf4h9e4I/AAAAAAAAAPk/N0vBdshLGFk/s320/042713215.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 293x320, components 3\012- data
Hash 0b69adc38b4bfbc04cde917f79bdd3e7
edd171161c887fb5764ae75cf56f11354c84e094
3d1282d02957660e39d7e0332dd4341750cbb55c1efb478a93152940c4d34166
GET /-eK1tFcpKBs8/Ufkbf4h9e4I/AAAAAAAAAPk/N0vBdshLGFk/s320/042713215.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="042713215.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 32216
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vfa"
Content-Type: image/jpeg
Age: 0
www.blogger.com/dyn-css/authorization.css?targetBlogID=6116713463870618879&zx=34234300-3bb2-470f-87e2-7517cbb0192f
216.58.207.201200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=6116713463870618879&zx=34234300-3bb2-470f-87e2-7517cbb0192f
IP 216.58.207.201:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=6116713463870618879&zx=34234300-3bb2-470f-87e2-7517cbb0192f HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 04 Oct 2022 14:34:41 GMT
last-modified: Tue, 04 Oct 2022 14:34:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-ZwvKNQsk6yA/UfkbjgZQglI/AAAAAAAAAPs/ILsClGUiEd8/s320/042913303.jpg
142.250.74.161200 OK 33 kB URL HTTP/1.1 1.bp.blogspot.com/-ZwvKNQsk6yA/UfkbjgZQglI/AAAAAAAAAPs/ILsClGUiEd8/s320/042913303.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x213, components 3\012- data
Hash d10aafddc6059ba70a2088f8f326f78f
6333ca880019ff02a72353e3c24b1759de4c7ac7
b7c74888484cf0b10381f28bec4fcaf8e49f8bf478ad00f9bcf38e25bc39982b
GET /-ZwvKNQsk6yA/UfkbjgZQglI/AAAAAAAAAPs/ILsClGUiEd8/s320/042913303.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="042913303.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 33011
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vfc"
Content-Type: image/jpeg
Age: 0
1.bp.blogspot.com/-pwNKgK8zQHo/UjXCo8jNoaI/AAAAAAAAATY/b2qDmmQfuUI/s320/IMG_4640.jpg
142.250.74.161200 OK 14 kB URL HTTP/1.1 1.bp.blogspot.com/-pwNKgK8zQHo/UjXCo8jNoaI/AAAAAAAAATY/b2qDmmQfuUI/s320/IMG_4640.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 320x240, components 3\012- data
Hash 32d574a6f46caa48effc855b066fb935
d3ecd5f97187f6b1a54065492c6294fe5962d264
74752029a3494447c434f5ed0e53609496b8df8d829dd9fe1c86ecc592c8b7bf
GET /-pwNKgK8zQHo/UjXCo8jNoaI/AAAAAAAAATY/b2qDmmQfuUI/s320/IMG_4640.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_4640.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13978
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v137"
Content-Type: image/jpeg
Age: 0
4.bp.blogspot.com/-OZea-y-gD-k/UiNPzpPKiEI/AAAAAAAAARo/Lc1gM_bh-5Q/s320/IMG_1325.jpg
142.250.74.161200 OK 8.8 kB URL HTTP/1.1 4.bp.blogspot.com/-OZea-y-gD-k/UiNPzpPKiEI/AAAAAAAAARo/Lc1gM_bh-5Q/s320/IMG_1325.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 90x320, components 3\012- data
Hash 3b6d45bfa20279b2a8d010082785e1bb
6f7da1da5df88b15f867cdfacd2b316b2f42260b
3b02535be3300ab1b1c7e5e31c32000e74bdecc547cb85f5a3ca55cc26f42cb0
GET /-OZea-y-gD-k/UiNPzpPKiEI/AAAAAAAAARo/Lc1gM_bh-5Q/s320/IMG_1325.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_1325.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 8790
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v11b"
Content-Type: image/jpeg
Age: 0
4.bp.blogspot.com/-nofOed0e_IM/UiNP-_XXMvI/AAAAAAAAASA/yIY0xzqoTe8/s320/MVI_0842c.jpg
142.250.74.161200 OK 10 kB URL HTTP/1.1 4.bp.blogspot.com/-nofOed0e_IM/UiNP-_XXMvI/AAAAAAAAASA/yIY0xzqoTe8/s320/MVI_0842c.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Hash b3b376d0decad8ffe5d777382a03be6f
ea45b21ee6d7ebc8efcfd2837f82d2e9c2389f88
d6ef22fbb037ed3f0147f1c8778d513dd11dcf506ccaed363a391a58da5b90fe
GET /-nofOed0e_IM/UiNP-_XXMvI/AAAAAAAAASA/yIY0xzqoTe8/s320/MVI_0842c.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_0842c.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 10298
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v121"
Content-Type: image/jpeg
Age: 0
1.bp.blogspot.com/-f7chcdfJXtI/UfkbsvwlmBI/AAAAAAAAAQE/JWl7pQoZjVY/s320/0607131134.jpg
142.250.74.161200 OK 22 kB URL HTTP/1.1 1.bp.blogspot.com/-f7chcdfJXtI/UfkbsvwlmBI/AAAAAAAAAQE/JWl7pQoZjVY/s320/0607131134.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 239x320, components 3\012- data
Hash d40808e26ca443f2221055ebcefb9cad
69fe331a92501b66ade6d7b624a75e906ee5f7ff
1f659a5a7d25792f2083e7f9024e7b57e325a3bfaeaa53b09b8dff944245329d
GET /-f7chcdfJXtI/UfkbsvwlmBI/AAAAAAAAAQE/JWl7pQoZjVY/s320/0607131134.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="0607131134.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 22044
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v102"
Content-Type: image/jpeg
Age: 0
1.bp.blogspot.com/-OuE3cxqneG0/UjXCmaAXqoI/AAAAAAAAATQ/Ns1Hg4XHkUQ/s320/IMG_0568.jpg
142.250.74.161200 OK 19 kB URL HTTP/1.1 1.bp.blogspot.com/-OuE3cxqneG0/UjXCmaAXqoI/AAAAAAAAATQ/Ns1Hg4XHkUQ/s320/IMG_0568.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x236, components 3\012- data
Hash 6ebe7b781cda0b14d8590f8f079d1497
f6292c469eca313876a2beec048f274bcd1f4c56
9d991df774e1eb2f61a17707bc73bc664c0776780d9456bd7d24aac98e2a4c46
GET /-OuE3cxqneG0/UjXCmaAXqoI/AAAAAAAAATQ/Ns1Hg4XHkUQ/s320/IMG_0568.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_0568.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19393
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v135"
Content-Type: image/jpeg
Age: 0
1.bp.blogspot.com/-O1JkyGerfII/UiNPbc5qZcI/AAAAAAAAAQw/wlpVjre0WhM/s320/19.jpg
142.250.74.161200 OK 16 kB URL HTTP/1.1 1.bp.blogspot.com/-O1JkyGerfII/UiNPbc5qZcI/AAAAAAAAAQw/wlpVjre0WhM/s320/19.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 262x320, components 3\012- data
Hash fb28d4fbb9a60a782c46982261e5c3e8
011fc914dd2bbba5def8b6b9073bf54c0262aca8
e94d0d0d0ecb2e3b31c44b6560d691e0c10efa08fbe4546bc7d6889a56c59780
GET /-O1JkyGerfII/UiNPbc5qZcI/AAAAAAAAAQw/wlpVjre0WhM/s320/19.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="19.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 15855
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v10d"
Content-Type: image/jpeg
Age: 0
1.bp.blogspot.com/-Y7DR4TQZd1g/UiNPwEhj8aI/AAAAAAAAARg/rsJ9wiDz87s/s320/IMG_1271.jpg
142.250.74.161200 OK 8.4 kB URL HTTP/1.1 1.bp.blogspot.com/-Y7DR4TQZd1g/UiNPwEhj8aI/AAAAAAAAARg/rsJ9wiDz87s/s320/IMG_1271.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 111x320, components 3\012- data
Hash 054bbba1f028caa42f4c9693bc04cc1c
96cfa778f74b45ee1b4af4aa0351adad6a1b1a58
7c043818630c54e563b986c64cecb572fa3767b7c876c69312e330ba4862fb73
GET /-Y7DR4TQZd1g/UiNPwEhj8aI/AAAAAAAAARg/rsJ9wiDz87s/s320/IMG_1271.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_1271.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 8444
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v119"
Content-Type: image/jpeg
Age: 0
4.bp.blogspot.com/-BBsaLr-gQ3I/UjXCWu8AlcI/AAAAAAAAASo/FgU8inYk4Bs/s320/1.jpg
142.250.74.161200 OK 17 kB URL HTTP/1.1 4.bp.blogspot.com/-BBsaLr-gQ3I/UjXCWu8AlcI/AAAAAAAAASo/FgU8inYk4Bs/s320/1.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x229, components 3\012- data
Hash 37629fa165c183504ca19d2313f1d236
0ee9998f0bebe0be6b015679efaf4987e7e1d6ce
466542845248756086e57edba1721c87a48e63b2ed0dbd8f9a90d6b57495d706
GET /-BBsaLr-gQ3I/UjXCWu8AlcI/AAAAAAAAASo/FgU8inYk4Bs/s320/1.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="1.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 17032
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v12b"
Content-Type: image/jpeg
Age: 0
4.bp.blogspot.com/-6Ls6BHJXdzk/Ufkbp1MhraI/AAAAAAAAAP8/ShSiIwNJhWw/s320/050613342.jpg
142.250.74.161200 OK 31 kB URL HTTP/1.1 4.bp.blogspot.com/-6Ls6BHJXdzk/Ufkbp1MhraI/AAAAAAAAAP8/ShSiIwNJhWw/s320/050613342.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 282x320, components 3\012- data
Hash 7287aa2dde743a9f7533630629f459cf
aa6828523c51933ad4742f7f724a65c003b0cf4f
aad2d28ccc15493f1aca0c7aa12f2e3c8635b41b4db16a593c0c5e48ca394975
GET /-6Ls6BHJXdzk/Ufkbp1MhraI/AAAAAAAAAP8/ShSiIwNJhWw/s320/050613342.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="050613342.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 31131
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v105"
Content-Type: image/jpeg
Age: 0
cdn.widgetserver.com/syndication/subscriber/InsertWidget.js
72.14.185.43200 OK 157 B URL HTTP/1.1 cdn.widgetserver.com/syndication/subscriber/InsertWidget.js
IP 72.14.185.43:0
Hash 67e216a27dda24bdcb086c2385b0cb99
17141c80f5d32bec3691c5ab24741d8b7dd5f0c6
9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7
Analyzer Verdict Alert fortinet Malware
GET /syndication/subscriber/InsertWidget.js HTTP/1.1
Host: cdn.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Tue, 04 Oct 2022 14:34:41 GMT
content-type: application/javascript
content-length: 157
last-modified: Fri, 09 Mar 2018 19:33:30 GMT
etag: "5aa2e18a-9d"
accept-ranges: bytes
connection: close
4.bp.blogspot.com/-6RjHJzZRaJ4/UjXCjXBs6WI/AAAAAAAAATI/L4dzN9ixbS0/s320/8.jpg
142.250.74.161200 OK 14 kB URL HTTP/1.1 4.bp.blogspot.com/-6RjHJzZRaJ4/UjXCjXBs6WI/AAAAAAAAATI/L4dzN9ixbS0/s320/8.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x169, components 3\012- data
Hash 1e121e4d316f32fea05c0676b1ff3ff9
5fdee2841b662515e6ee5aeb3997bfeea91fe2a8
b8d145e496d31eed4b6062fa6c6c2a9997b742a750120b737b876172743f8071
GET /-6RjHJzZRaJ4/UjXCjXBs6WI/AAAAAAAAATI/L4dzN9ixbS0/s320/8.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="8.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13737
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v133"
Content-Type: image/jpeg
Age: 0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 589d830dbd20c3dcf601bf7a2fe7fd29
e6fc4f0062189aee4c8616949f86571db0a92ff5
10137bb52117be557fae9e1cf90fdf106786da04f6d799b19e2c3100aeafdd61
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 589d830dbd20c3dcf601bf7a2fe7fd29
e6fc4f0062189aee4c8616949f86571db0a92ff5
10137bb52117be557fae9e1cf90fdf106786da04f6d799b19e2c3100aeafdd61
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.widgetserver.com/
45.56.79.23200 OK 7.2 kB IP 45.56.79.23:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (338)
Hash 891cd59ac23107d538bf7a5ac70fe8aa
24b9a250daee2314330ef9384d1e32c1b8093506
2b0c7654316726e197f925d488f9f7883fc6e819a8314e85ac3f87f5e99b0dc6
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: cdn.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Tue, 04 Oct 2022 14:34:41 GMT
content-type: text/html; charset=utf-8
content-length: 7182
vary: Accept-Language
content-language: en
connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9558
Expires: Tue, 04 Oct 2022 17:13:59 GMT
Date: Tue, 04 Oct 2022 14:34:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9558
Expires: Tue, 04 Oct 2022 17:13:59 GMT
Date: Tue, 04 Oct 2022 14:34:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9558
Expires: Tue, 04 Oct 2022 17:13:59 GMT
Date: Tue, 04 Oct 2022 14:34:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9558
Expires: Tue, 04 Oct 2022 17:13:59 GMT
Date: Tue, 04 Oct 2022 14:34:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9558
Expires: Tue, 04 Oct 2022 17:13:59 GMT
Date: Tue, 04 Oct 2022 14:34:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bf68975-a099-4d4b-9abd-6e684653439d.webp
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bf68975-a099-4d4b-9abd-6e684653439d.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f62719b24a32198c6f462a0a0412ac98
d893d8035379e06e53e365b9f47f5da40bff932b
ca863affca1559e92e415a4de2e78e4b4c1ec4cf8e8549693499c6f79bd27975
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bf68975-a099-4d4b-9abd-6e684653439d.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10878
x-amzn-requestid: a849d918-ec40-47d4-93cb-e938b010bd50
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpJKGAPIAMFSiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b556d-242a8d2208b6574c34063c1f;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 40cLnZvUr45pWmnT6qZgZu13Y1pyeycMEK-m9ALI1LVo2Wpysjt7Vw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:45:04 GMT
age: 60577
etag: "d893d8035379e06e53e365b9f47f5da40bff932b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ovm2wuk28PygH4EZNEUoPchoHQggWCyXbYHOjMV1tZmfyDrL6PjPZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:29:19 GMT
age: 57922
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 54b3ef7aa50273b78b59c24511b0c1f9
e2ea2ef6805e391c497e62e101e76a0bdecfce64
296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tJwzKfs7HnQ7dVcINwnlzxTChXiEi4JPj8jrS8p5KhurRx_o3ZVOZQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
content-type: image/jpeg
age: 59022
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 59875
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 04:42:53 GMT
age: 35508
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 59927
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.widgetserver.com/favicon.ico
45.56.79.23200 OK 43 B URL HTTP/1.1 cdn.widgetserver.com/favicon.ico
IP 45.56.79.23:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /favicon.ico HTTP/1.1
Host: cdn.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.widgetserver.com/
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Tue, 04 Oct 2022 14:34:41 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
connection: close
cdn.widgetserver.com/mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBePK3fc_X-JBQYxCCykM-dKwEcEMBNTEwpxHrRmxQH3OSDuSK2qK6EtGVhZTny5Y-LaaBG1i3ar24DxwAdqAeqe_WwuZW85QWS-cojQ5x2ANB1x17c6h_rspXu7XozrLkIwHbbYw_3CHKctBD9_8JN4fl79F_w:1ofj0L:XPSYGyL9Fs3vqcXZ4SIlzgGw7b8/1/0
45.56.79.23200 OK 256 B URL HTTP/1.1 cdn.widgetserver.com/mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBePK3fc_X-JBQYxCCykM-dKwEcEMBNTEwpxHrRmxQH3OSDuSK2qK6EtGVhZTny5Y-LaaBG1i3ar24DxwAdqAeqe_WwuZW85QWS-cojQ5x2ANB1x17c6h_rspXu7XozrLkIwHbbYw_3CHKctBD9_8JN4fl79F_w:1ofj0L:XPSYGyL9Fs3vqcXZ4SIlzgGw7b8/1/0
IP 45.56.79.23:0
File type ASCII text, with no line terminators
Hash 3b55ba0bdb7f6b1faf71a07819d949b5
4658bfebdf0c91656b9e1dac4524528ef8464891
dff635370608d226a64af7a06fd2b1a993423936808b7712ff259cf6b7fc7bd3
Analyzer Verdict Alert fortinet Malware
GET /mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBePK3fc_X-JBQYxCCykM-dKwEcEMBNTEwpxHrRmxQH3OSDuSK2qK6EtGVhZTny5Y-LaaBG1i3ar24DxwAdqAeqe_WwuZW85QWS-cojQ5x2ANB1x17c6h_rspXu7XozrLkIwHbbYw_3CHKctBD9_8JN4fl79F_w:1ofj0L:XPSYGyL9Fs3vqcXZ4SIlzgGw7b8/1/0 HTTP/1.1
Host: cdn.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cdn.widgetserver.com/
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Tue, 04 Oct 2022 14:34:42 GMT
content-type: text/html; charset=utf-8
content-length: 256
x-mtm-path: 4
x-mtm-prov: 1:6.42;70:0.00
x-mtm-rd: 0.82
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJ3aWRnZXRzZXJ2ZXIuY29tIiwiaHR0cDovL3d3dzEud2lkZ2V0c2VydmVyLmNvbS8_dG09MSZzdWJpZDQ9MTY2NDg5NDA4Mi4wMzUwNTcwMDAwJktXMT1FdXJvcGUlMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJktXMj1Ob3J3YXklMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJktXMz1Pc2xvJTIwQ291bnR5JTIwRGVkaWNhdGVkJTIwU2VydmVycyZLVzQ9T3NsbyUyMERlZGljYXRlZCUyMFNlcnZlcnMmS1c1PUN1c3RvbSUyMERlZGljYXRlZCUyMFNlcnZlcnMmc2VhcmNoYm94PTAmYmFja2ZpbGw9MCIsMSwiMjAyMi0xMC0wNCAxNDozNDo0MiIsMSwiMTY2NDg5NDA4Mi4wMzUwNTcwMDAwIiwxLG51bGwsbnVsbF0:1ofj0M:RhQop4mrLBqOWkxxYT-8nkOJO0A; expires=Tue, 04-Oct-2022 15:34:42 GMT; Max-Age=3600; Path=/
connection: close
www1.widgetserver.com/?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
99.83.136.84200 OK 657 B URL HTTP/1.1 www1.widgetserver.com/?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
IP 99.83.136.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d9281c64d40de50c4f34e1eeb69fb267
29f719a626e58ccaf433fdbffaa6a5a68e30c71b
3ab2554ac7ffc2be45180dc32a25dbd38430b2d5fb423da11b9f7cc455d0d524
GET /?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0 HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.widgetserver.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 14:34:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_yahoo
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/themes/assets/style.css
54.230.245.138200 OK 343 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/assets/style.css
IP 54.230.245.138:0
Hash 03a4a8c322fc0c99b0ee7cbbcc9eabcd
6fc193276de2a3458cd853c474cb9269b900e00d
a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7
GET /themes/assets/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Tue, 04 Oct 2022 07:34:23 GMT
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Content-Encoding: gzip
ETag: W/"5ebab1f0-33d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hQESo020e__MQNggaoa-vW_ln4E8OdzDg6s8NmjyGipl1EhhcpJrjg==
Age: 25220
d38psrni17bvxu.cloudfront.net/themes/assets/zeropark.css
54.230.245.138200 OK 208 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/assets/zeropark.css
IP 54.230.245.138:0
Hash be223301cce69116e7a473d42a863379
928aee49e0ddcbee8c410cdbd80d94820a6cafab
d7a8d561985ea3bb5e9433926fd9c103d4e6c041c19fa4c1dcaa2c0949be74d7
GET /themes/assets/zeropark.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Tue, 04 Oct 2022 09:15:06 GMT
Last-Modified: Tue, 25 Jan 2022 08:25:52 GMT
Content-Encoding: gzip
ETag: W/"61efb410-157"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZfxU2wqb7Ce4tmcahYCMdJrZO2OiwjODT6ZmvtO7emguLF4A3r0yLg==
Age: 19177
www1.widgetserver.com/favicon.ico
99.83.136.84200 OK 0 B URL HTTP/1.1 www1.widgetserver.com/favicon.ico
IP 99.83.136.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 14:34:43 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 70abafa8088453fca554b1b67690ab44
38a7140c56534c3eb91ff5358aafa9e6b2e797d3
98a3cb8489240da45848b4574a3ecb16313e370e5c84c44a1b9edc2faa72632a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 14:34:43 GMT
Last-Modified: Tue, 04 Oct 2022 13:00:36 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pPotIhY3fmGDihnfLHozdyNkA_xQZzMLamQD40-jk9cOW9038R9q8g==
Age: 5647
brigi-jar.com/lander?dn=widgetserver.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1
44.195.142.43200 OK 11 kB URL HTTP/2 brigi-jar.com/lander?dn=widgetserver.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1
IP 44.195.142.43:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1958)
Hash 3bc0bfa0640be6c40813af3445035774
452eb4c30eb43f1ef90ea8ee9c658a3daff41970
a5eeaef78986f8b13d4a27f1019808f6b2957407a5b1f3950b0e241f12015170
GET /lander?dn=widgetserver.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1 HTTP/1.1
Host: brigi-jar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.widgetserver.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 14:34:43 GMT
content-type: text/html;charset=UTF-8
content-length: 10840
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
brigi-jar.com/style.css
44.195.142.43200 OK 6.0 kB IP 44.195.142.43:0
Hash 2eb024ad11ef5f2e503bfb60117c25d8
235b5ca1205cc2ca3d0b8e4f98ce022512b05c0f
d8efc1d8e1100baf07f4105119fde6f8fe760a9efebf189adc5d9b3dfccc9e0a
GET /style.css HTTP/1.1
Host: brigi-jar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/lander?dn=widgetserver.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 14:34:43 GMT
content-type: text/css
content-length: 5981
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 12:40:35 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
brigi-jar.com/main.js
44.195.142.43200 OK 480 B IP 44.195.142.43:0
Hash 91558066fecbfc1f6f77842f6aa85a6c
6bb5c5f2cb4efaf30a8ab810e1b453dcb4df108e
efa0d78cbfa66831e490b26d1bb55b14f6c9f8f3a04b1d08403947abd25908ed
GET /main.js HTTP/1.1
Host: brigi-jar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/lander?dn=widgetserver.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 14:34:43 GMT
content-type: application/javascript
content-length: 480
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 12:40:35 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
assetscdn.com/img/arrows.png
143.204.55.108200 OK 25 kB URL HTTP/2 assetscdn.com/img/arrows.png
IP 143.204.55.108:0
File type gzip compressed data, max compression\012- data
Hash 9b515faff9f2b01db4f92f6f8c843a47
a34e8b0be8fa5f6d7d178feeac70b9be9fa204f8
a37e145535935b18b4cf23ca791db97e2e08b1b296c11ddff7d85c0cdfd661bc
GET /img/arrows.png HTTP/1.1
Host: assetscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 24415
date: Thu, 04 Aug 2022 10:10:09 GMT
last-modified: Thu, 04 Aug 2022 10:09:47 GMT
etag: "c97abaaf2fb3de553aa0531e97dff187"
cache-control: public, max-age=31556926
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BSO2sEdKYMkvJaf4Tc_FJSLwiV5TF1XGu0cSOOFDT4Qpw4wgja5Gfg==
age: 5286275
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
brigi-jar.com/empty.gif
44.195.142.43200 OK 707 B IP 44.195.142.43:0
File type gzip compressed data, max compression\012- data
Hash 4a8409c9263d4cccf8ab2c7a09809875
a79a0e81b1cd545b02eaabe77d63ca869547df7d
ce3d0b26f5b611d270c6004840c4260d78bb10ff09d6a51ee64475517a64c8fc
GET /empty.gif HTTP/1.1
Host: brigi-jar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 14:34:43 GMT
content-type: image/gif
content-length: 42
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Tue, 27 Sep 2022 12:40:35 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www1.widgetserver.com/?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
99.83.136.84200 OK 2.5 kB URL HTTP/1.1 www1.widgetserver.com/?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
IP 99.83.136.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2206)
Hash 1c0f1e785c89754d282bd788ea7f6a8a
5003429d6a89c962df4b5239eb77c20db4524fca
405eb3bdcaa542800e0187d3a0e151984118dd92d6d79c49e964e4fd57d562f3
GET /?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0 HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 14:34:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/js3.js
54.230.245.138200 OK 1.1 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP 54.230.245.138:0
File type ASCII text, with very long lines (506)
Hash 64b79b43df8fbf2c5d082964b9116a68
dc3c763519baf0f4c32bb60bfc429651a491ea01
c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637
GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Tue, 04 Oct 2022 09:14:34 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uAEGaeDg-tQpGPXdL13_dG0XNCulDA9DO8f4eLUExRZIOFJnf34jCg==
Age: 19210
www1.widgetserver.com/track.php?domain=widgetserver.com&toggle=browserjs&uid=MTY2NDg5NDA4My45NjgzOjdjZmNhMTNiODc2NDE5YjZiYTFiMWRkYTY3MDBmNGZhMGM3YTM1MzY3YzcxMjAxNjBmNjM2M2UyM2ZmOWNiM2Q6NjMzYzQ0ODNlYzY3OQ%3D%3D
99.83.136.84200 OK 20 B URL HTTP/1.1 www1.widgetserver.com/track.php?domain=widgetserver.com&toggle=browserjs&uid=MTY2NDg5NDA4My45NjgzOjdjZmNhMTNiODc2NDE5YjZiYTFiMWRkYTY3MDBmNGZhMGM3YTM1MzY3YzcxMjAxNjBmNjM2M2UyM2ZmOWNiM2Q6NjMzYzQ0ODNlYzY3OQ%3D%3D
IP 99.83.136.84:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=widgetserver.com&toggle=browserjs&uid=MTY2NDg5NDA4My45NjgzOjdjZmNhMTNiODc2NDE5YjZiYTFiMWRkYTY3MDBmNGZhMGM3YTM1MzY3YzcxMjAxNjBmNjM2M2UyM2ZmOWNiM2Q6NjMzYzQ0ODNlYzY3OQ%3D%3D HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 14:34:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www1.widgetserver.com/ls.php
99.83.136.84201 Created 0 B URL HTTP/1.1 www1.widgetserver.com/ls.php
IP 99.83.136.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2158
Origin: http://www1.widgetserver.com
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
Cache-Control: max-age=0
HTTP/1.1 201 Created
Date: Tue, 04 Oct 2022 14:34:45 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 633c4485a6e1502ad859c3ea
Charset: utf-8
Access-Control-Allow-Origin: http://www1.widgetserver.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_SUPSYTS2PCRh8Ls5zp1NSmxeij00Qvlwhvjl2cyGx0vBj3mon9/x1+ONnws1ZpP257yznaZ50Ban0jeT28eI6Q==
www1.widgetserver.com/track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=widgetserver.com&uid=MTY2NDg5NDA4My45NjgzOjdjZmNhMTNiODc2NDE5YjZiYTFiMWRkYTY3MDBmNGZhMGM3YTM1MzY3YzcxMjAxNjBmNjM2M2UyM2ZmOWNiM2Q6NjMzYzQ0ODNlYzY3OQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzNjNDQ4M2VjNjYzfHx8MTY2NDg5NDA4NC4zNTExfGRlZmMzNzE5N2MyMmIwZTAyMWQ3NzY4MmQ4ZmIwNjIzNjJiYTgwZTR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw1ZDA3NTgzNmZkYzIzODFiNGY3Nzc4NjQzM2E5MTAxNTBkMzdhMGUwfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
99.83.136.84200 OK 20 B URL HTTP/1.1 www1.widgetserver.com/track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=widgetserver.com&uid=MTY2NDg5NDA4My45NjgzOjdjZmNhMTNiODc2NDE5YjZiYTFiMWRkYTY3MDBmNGZhMGM3YTM1MzY3YzcxMjAxNjBmNjM2M2UyM2ZmOWNiM2Q6NjMzYzQ0ODNlYzY3OQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzNjNDQ4M2VjNjYzfHx8MTY2NDg5NDA4NC4zNTExfGRlZmMzNzE5N2MyMmIwZTAyMWQ3NzY4MmQ4ZmIwNjIzNjJiYTgwZTR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw1ZDA3NTgzNmZkYzIzODFiNGY3Nzc4NjQzM2E5MTAxNTBkMzdhMGUwfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
IP 99.83.136.84:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=widgetserver.com&uid=MTY2NDg5NDA4My45NjgzOjdjZmNhMTNiODc2NDE5YjZiYTFiMWRkYTY3MDBmNGZhMGM3YTM1MzY3YzcxMjAxNjBmNjM2M2UyM2ZmOWNiM2Q6NjMzYzQ0ODNlYzY3OQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzNjNDQ4M2VjNjYzfHx8MTY2NDg5NDA4NC4zNTExfGRlZmMzNzE5N2MyMmIwZTAyMWQ3NzY4MmQ4ZmIwNjIzNjJiYTgwZTR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw1ZDA3NTgzNmZkYzIzODFiNGY3Nzc4NjQzM2E5MTAxNTBkMzdhMGUwfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664894082.0350570000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 14:34:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
irene-eux.com/zcvisitor/b03c6202-43f1-11ed-94c5-1214ea44f321/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
35.174.150.83200 996 B URL HTTP/1.1 irene-eux.com/zcvisitor/b03c6202-43f1-11ed-94c5-1214ea44f321/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 08fad1e14c102d9b33ae49e3186d3285
acd7006aa22f9e948c20134da1c32a818644cee7
1a89beca59c1d71ec6ab73364cc7d0de73857230cf1f80e45a608f81aabd62b2
GET /zcvisitor/b03c6202-43f1-11ed-94c5-1214ea44f321/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97 HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 04 Oct 2022 14:34:45 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: jPQEPSuc
irene-eux.com/zcredirect?visitid=b03c6202-43f1-11ed-94c5-1214ea44f321&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
35.174.150.83200 516 B URL HTTP/1.1 irene-eux.com/zcredirect?visitid=b03c6202-43f1-11ed-94c5-1214ea44f321&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 95d8362d851646855ff3fbf087578684
ce01b3df2196a5e69957d9e135ee6dd55d7e089e
e0883ee774c186af1012205a4172c7ddc302ecc4e76f6a6a3c8f1fb53c825e2d
GET /zcredirect?visitid=b03c6202-43f1-11ed-94c5-1214ea44f321&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcvisitor/b03c6202-43f1-11ed-94c5-1214ea44f321/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 04 Oct 2022 14:34:45 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: aqYDzNtv
track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrb03c620243f111ed94c51214ea44f321e38c89d644144f248a15d392c80e4090068006c72de3c7caff
35.180.17.130200 OK 310 B URL HTTP/2 track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrb03c620243f111ed94c51214ea44f321e38c89d644144f248a15d392c80e4090068006c72de3c7caff
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9266cf158d467cb84ada0acc1db9e408
84e2c5bb173a92e71241537b80100038f8fb988c
ad43fc39f81e449aa127e3ba17a9743860251f3447c079bf5ffe10ac09a895b5
GET /tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrb03c620243f111ed94c51214ea44f321e38c89d644144f248a15d392c80e4090068006c72de3c7caff HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://irene-eux.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Tue, 04 Oct 2022 14:34:45 GMT
content-length: 310
X-Firefox-Spdy: h2
track.domainparkingmanager.it/favicon.ico
35.180.17.130404 Not Found 1.2 kB URL HTTP/2 track.domainparkingmanager.it/favicon.ico
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
GET /favicon.ico HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrb03c620243f111ed94c51214ea44f321e38c89d644144f248a15d392c80e4090068006c72de3c7caff
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Tue, 04 Oct 2022 14:34:45 GMT
content-length: 1245
X-Firefox-Spdy: h2
track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zrb03c620243f111ed94c51214ea44f321e38c89d644144f24&cost=0.010000
35.180.17.130302 Found 158 B URL HTTP/2 track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zrb03c620243f111ed94c51214ea44f321e38c89d644144f24&cost=0.010000
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash c184564c5f290572d03b0323eea4a55c
69da0e3bf633ce90de367906bec08827b7bf6bc4
12c579efcf0764649601111907e6c63bb7e31b074bc3c4fa78da027c7f1ef362
GET /tm2.ashx?&source=zp-1-1891178&pubid=zrb03c620243f111ed94c51214ea44f321e38c89d644144f24&cost=0.010000 HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.010000&gio=zrb03c620243f111ed94c51214ea44f321e38c89d644144f248a15d392c80e4090068006c72de3c7caff
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
cache-control: private
content-type: text/html; charset=utf-8
location: https://service.no.like.it/in.ashx?c=1171
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Tue, 04 Oct 2022 14:34:46 GMT
content-length: 158
X-Firefox-Spdy: h2
service.no.like.it/in.ashx?c=1171
35.180.205.178302 Found 199 B URL HTTP/2 service.no.like.it/in.ashx?c=1171
IP 35.180.205.178:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3d7548ab2aa22c17aefc2fb9bd814071
ad9c5620954dcb4ed1d5dd967070d65bfd7252dc
087fd1d1023f788ab2b3e5ee17d097528200c207870f3593f3a3ab916c2fbd50
GET /in.ashx?c=1171 HTTP/1.1
Host: service.no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
location: https://no.like.it/Search?q=fra koebenhavn til oslo&country=no&language=no
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
set-cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=fra+koebenhavn+til+oslo&c=1171&logcookie=24954760; domain=no.like.it; expires=Tue, 04-Oct-2022 14:35:46 GMT; path=/; secure; SameSite=None
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Tue, 04 Oct 2022 14:34:45 GMT
content-length: 199
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f4a46c10db57f7ddf66649efa5b5e5db
d5ddc71e3af1811beb93ba8db65ee97eb6666a92
05ea541c6ae48aac084df9f2fe68bda4a386d5d6d32e284818448e9268a3d15f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05EA541C6AE48AAC084DF9F2FE68BDA4A386D5D6D32E284818448E9268A3D15F"
Last-Modified: Mon, 03 Oct 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11243
Expires: Tue, 04 Oct 2022 17:42:09 GMT
Date: Tue, 04 Oct 2022 14:34:46 GMT
Connection: keep-alive
no.like.it/Search?q=fra%20koebenhavn%20til%20oslo&country=no&language=no
185.25.205.112200 OK 9.6 kB URL HTTP/2 no.like.it/Search?q=fra%20koebenhavn%20til%20oslo&country=no&language=no
IP 185.25.205.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5840), with CRLF, LF line terminators
Hash 91db5d56806a338bfa1e184d80e98226
55a7fc711696a49f0ca748dee01aceb6222fb83f
ef8d40acbab0abd00bbc6ccc618250afce1e42d02f5d1ad370b7666d26f1dea7
GET /Search?q=fra%20koebenhavn%20til%20oslo&country=no&language=no HTTP/1.1
Host: no.like.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=fra+koebenhavn+til+oslo&c=1171&logcookie=24954760
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Tue, 04 Oct 2022 14:32:02 GMT
content-length: 9633
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c3ab8bf820942d1e8b0b15e2ca70bb23
37739c574978a59036b0b252ff738724073a48c5
30c7472c2564004845b02eb55e19ecac95b0d2eb3ae416dbc3848ecc7bcb093f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50
142.250.74.164200 OK 586 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash d96fbd68d2faa06f9d6f147d47866c86
44a775f064d9981bc9089b3b612df067af02b8d0
1e3a04ca2ddee92189569495d73ee8d38e928920ddb200c693608b4e08247970
GET /recaptcha/api.js?render=6LcBWOQZAAAAAHBn71Ci_Pgpvl0d2VZfIvx9lN50 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 04 Oct 2022 14:34:47 GMT
date: Tue, 04 Oct 2022 14:34:47 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 586
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 2ac2b7d770d1683d8afab1d6b35f5f11
1aa0a769b413314c61ffbdfc2ab2947b86f380ca
da3541b588639359465db6d4b4a82111b0832dae107a70d13f080429eccca380
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 14:34:47 GMT
Last-Modified: Tue, 04 Oct 2022 14:22:46 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 91kZJ-ihAftJZmKhCON08yZ1XVPwrb9HhbSbDYYXtUT7l_7kfLcVaw==
Age: 721
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 2ac2b7d770d1683d8afab1d6b35f5f11
1aa0a769b413314c61ffbdfc2ab2947b86f380ca
da3541b588639359465db6d4b4a82111b0832dae107a70d13f080429eccca380
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 14:34:47 GMT
Server: ECS (dcb/7F39)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: R5drPsRKaIolufxc1COE80VNe9MKrEfMwIqL9vQ47Qgu5zQbLdijVA==
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 2ac2b7d770d1683d8afab1d6b35f5f11
1aa0a769b413314c61ffbdfc2ab2947b86f380ca
da3541b588639359465db6d4b4a82111b0832dae107a70d13f080429eccca380
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 14:34:47 GMT
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: MFwv68OTgi8xuCk_i2c8_5nm0pgt9JnneCAKscAgi4AtZ_BtwwdTEQ==
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 195d162678034c3ab84daffa4c4a5723
85fab036e8ab318c51b5c05ff33f2388e5716acd
03e8ce6aa80a44c5f2abf860c3bbf25d8e56fc49458a3f8c11fbe2130b71bb6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 14:34:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yu.imageadvantage.net/8/74/C2/8C5826EF810F6109860318EE14D.jpg?pid=9653.100&qs=yvFjyb%25qrnflomgyw%24%7Bjq%26r%7Cpv%27fjyFqvnttgx2up4q%C3%BBkiuif%7Cq8szmt%2Cw%7DpDCnrorkzuj%26iu%7D%27unr%23Xwsp%253%23Op%C2%80%21P%C3%BEenrob%7Bt0Xwsp%2Bjh%7CAZbrshwpphs%26jsisejtgn%24wsnyh%7B%24w%C3%A6%25lo%C2%822%27T%C3%BDq%23nx%7Bfw%26iu%7D%27gwg%23T%C3%BCifsnd%7Fr4Pxrr7%24Zqfx%23vmuty%2659%24%2C%21u%C3%AB%23op%C2%80%21kxd%29O%C3%BFcjtkjzu.Tyox2%27Gntq%29jsz%26&d=momondo.no%2Fk%C3%B8benhavn%2Foslo
54.230.111.96302 Moved Temporarily 991 B URL HTTP/1.1 yu.imageadvantage.net/8/74/C2/8C5826EF810F6109860318EE14D.jpg?pid=9653.100&qs=yvFjyb%25qrnflomgyw%24%7Bjq%26r%7Cpv%27fjyFqvnttgx2up4q%C3%BBkiuif%7Cq8szmt%2Cw%7DpDCnrorkzuj%26iu%7D%27unr%23Xwsp%253%23Op%C2%80%21P%C3%BEenrob%7Bt0Xwsp%2Bjh%7CAZbrshwpphs%26jsisejtgn%24wsnyh%7B%24w%C3%A6%25lo%C2%822%27T%C3%BDq%23nx%7Bfw%26iu%7D%27gwg%23T%C3%BCifsnd%7Fr4Pxrr7%24Zqfx%23vmuty%2659%24%2C%21u%C3%AB%23op%C2%80%21kxd%29O%C3%BFcjtkjzu.Tyox2%27Gntq%29jsz%26&d=momondo.no%2Fk%C3%B8benhavn%2Foslo
IP 54.230.111.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (724)
Hash a1fd40786f0aaa9d4dbec2cee146b461
72620e6eafbfe28c9053cfbc3a7db8867834e778
0cbb68cf1ad80e55149baffb4fd3f54166e09238b64381291403ee3b9860f766
GET /8/74/C2/8C5826EF810F6109860318EE14D.jpg?pid=9653.100&qs=yvFjyb%25qrnflomgyw%24%7Bjq%26r%7Cpv%27fjyFqvnttgx2up4q%C3%BBkiuif%7Cq8szmt%2Cw%7DpDCnrorkzuj%26iu%7D%27unr%23Xwsp%253%23Op%C2%80%21P%C3%BEenrob%7Bt0Xwsp%2Bjh%7CAZbrshwpphs%26jsisejtgn%24wsnyh%7B%24w%C3%A6%25lo%C2%822%27T%C3%BDq%23nx%7Bfw%26iu%7D%27gwg%23T%C3%BCifsnd%7Fr4Pxrr7%24Zqfx%23vmuty%2659%24%2C%21u%C3%AB%23op%C2%80%21kxd%29O%C3%BFcjtkjzu.Tyox2%27Gntq%29jsz%26&d=momondo.no%2Fk%C3%B8benhavn%2Foslo HTTP/1.1
Host: yu.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=iso-8859-1
Content-Length: 991
Connection: keep-alive
Date: Tue, 04 Oct 2022 14:34:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://mr0.imageadvantage.net/MRH/MediaHandler.php?path=/8/74/C2/8C5826EF810F6109860318EE14D&mt=04&pid=9653.100&qs=yvFjyb%2525qrnflomgyw%2524%257Bjq%2526r%257Cpv%2527fjyFqvnttgx2up4q%25C3%25BBkiuif%257Cq8szmt%252Cw%257DpDCnrorkzuj%2526iu%257D%2527unr%2523Xwsp%25253%2523Op%25C2%2580%2521P%25C3%25BEenrob%257Bt0Xwsp%252Bjh%257CAZbrshwpphs%2526jsisejtgn%2524wsnyh%257B%2524w%25C3%25A6%2525lo%25C2%25822%2527T%25C3%25BDq%2523nx%257Bfw%2526iu%257D%2527gwg%2523T%25C3%25BCifsnd%257Fr4Pxrr7%2524Zqfx%2523vmuty%252659%2524%252C%2521u%25C3%25AB%2523op%25C2%2580%2521kxd%2529O%25C3%25BFcjtkjzu.Tyox2%2527Gntq%2529jsz%2526&d=momondo.no%252Fk%25C3%25B8benhavn%252Foslo
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 21_HKQaTcYavAXDDXUXTeDM0CeSYwts70QxM4-QJOWvBfxR1x-25Ow==
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
142.250.74.163200 OK 159 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (711)
Size 159 kB (158844 bytes)
Hash b4ed95d4318e3b78b936c9c0f1ffa96e
b53c9376b1459afb07fb4b5c2e8d8dad776d3a02
3c21880cb7be6bec40f9d40c23ad39c9758999cf950cec07b86c83b21fde175f
GET /recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://no.like.it
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 01:05:31 GMT
expires: Sun, 01 Oct 2023 01:05:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
content-type: text/javascript
age: 307756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yu.imageadvantage.net/2/A1/27/0F2A9F08D79404C8DB6FC109549.jpg?pid=9653.100&qs=yvFjyb%25qrnflomgyw%24%7Bjq%26r%7Cpv%27fjyF%7B%7Ex3yd%7C2up4Lo%C2%823R%C3%B9gkqqe%7Do%2BzwuAMm%7E%26VJW%27Pxrr%291%27L%C3%BDhhwlhws%260%29Fltyoou%24ijqrh%7Dxls%25shm%24ZBX%2CgnwDWn%26wjv%27ejm%23mm%7B%21u%C3%AB%23jz%7Bbqz%23%7Dmk%2F%25Zmnr%27FzxrKsuvx3sxiuh%25v%C3%A8%29hpo%25xhrwl%212%26Enw%7Bjqr%23w%C3%A95%21%5Bo%23op%C2%80s%25jhp%24%7Bjq%26grr%27ejywrrhtouq%29m%27unjh7%24Iptq%23mmuf%25hlupluyku%29sumnth%29r%C3%AC%2F&d=www.sas.no%2FFly%2FK%C3%B8benhavn
54.230.111.96302 Moved Temporarily 1.1 kB URL HTTP/1.1 yu.imageadvantage.net/2/A1/27/0F2A9F08D79404C8DB6FC109549.jpg?pid=9653.100&qs=yvFjyb%25qrnflomgyw%24%7Bjq%26r%7Cpv%27fjyF%7B%7Ex3yd%7C2up4Lo%C2%823R%C3%B9gkqqe%7Do%2BzwuAMm%7E%26VJW%27Pxrr%291%27L%C3%BDhhwlhws%260%29Fltyoou%24ijqrh%7Dxls%25shm%24ZBX%2CgnwDWn%26wjv%27ejm%23mm%7B%21u%C3%AB%23jz%7Bbqz%23%7Dmk%2F%25Zmnr%27FzxrKsuvx3sxiuh%25v%C3%A8%29hpo%25xhrwl%212%26Enw%7Bjqr%23w%C3%A95%21%5Bo%23op%C2%80s%25jhp%24%7Bjq%26grr%27ejywrrhtouq%29m%27unjh7%24Iptq%23mmuf%25hlupluyku%29sumnth%29r%C3%AC%2F&d=www.sas.no%2FFly%2FK%C3%B8benhavn
IP 54.230.111.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (795)
Hash e21dd6957c9161e89e5cfbee7c3e4af8
c3d39de03f0f0870bce86230dd649838959f9177
4b542905caf65bda4b70dd8cc49fe015539fa8992b30f758a030ac218d836dcf
GET /2/A1/27/0F2A9F08D79404C8DB6FC109549.jpg?pid=9653.100&qs=yvFjyb%25qrnflomgyw%24%7Bjq%26r%7Cpv%27fjyF%7B%7Ex3yd%7C2up4Lo%C2%823R%C3%B9gkqqe%7Do%2BzwuAMm%7E%26VJW%27Pxrr%291%27L%C3%BDhhwlhws%260%29Fltyoou%24ijqrh%7Dxls%25shm%24ZBX%2CgnwDWn%26wjv%27ejm%23mm%7B%21u%C3%AB%23jz%7Bbqz%23%7Dmk%2F%25Zmnr%27FzxrKsuvx3sxiuh%25v%C3%A8%29hpo%25xhrwl%212%26Enw%7Bjqr%23w%C3%A95%21%5Bo%23op%C2%80s%25jhp%24%7Bjq%26grr%27ejywrrhtouq%29m%27unjh7%24Iptq%23mmuf%25hlupluyku%29sumnth%29r%C3%AC%2F&d=www.sas.no%2FFly%2FK%C3%B8benhavn HTTP/1.1
Host: yu.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=iso-8859-1
Content-Length: 1062
Connection: keep-alive
Date: Tue, 04 Oct 2022 14:34:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://mr0.imageadvantage.net/MRH/MediaHandler.php?path=/2/A1/27/0F2A9F08D79404C8DB6FC109549&mt=04&pid=9653.100&qs=yvFjyb%2525qrnflomgyw%2524%257Bjq%2526r%257Cpv%2527fjyF%257B%257Ex3yd%257C2up4Lo%25C2%25823R%25C3%25B9gkqqe%257Do%252BzwuAMm%257E%2526VJW%2527Pxrr%25291%2527L%25C3%25BDhhwlhws%25260%2529Fltyoou%2524ijqrh%257Dxls%2525shm%2524ZBX%252CgnwDWn%2526wjv%2527ejm%2523mm%257B%2521u%25C3%25AB%2523jz%257Bbqz%2523%257Dmk%252F%2525Zmnr%2527FzxrKsuvx3sxiuh%2525v%25C3%25A8%2529hpo%2525xhrwl%25212%2526Enw%257Bjqr%2523w%25C3%25A95%2521%255Bo%2523op%25C2%2580s%2525jhp%2524%257Bjq%2526grr%2527ejywrrhtouq%2529m%2527unjh7%2524Iptq%2523mmuf%2525hlupluyku%2529sumnth%2529r%25C3%25AC%252F&d=www.sas.no%252FFly%252FK%25C3%25B8benhavn
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IJdrTT2RJgkNBXeuJhzxfrFSJuKioVmcSwnpXVaju7pPf5Y_HCMm-A==
yu.imageadvantage.net/F/73/EE/8C8A3D84CEEECDA0979B92475FF.jpg?pid=9653.100&qs=yvFjyb%25qrnflomgyw%24%7Bjq%26r%7Cpv%27fjyF%7B%7Ex3hujzvgq%7F1ws6Gq%7Ferpsfyzh%7B3JQM3W%5BJ-uyr%40Op%C2%80%21kxd%29O%C3%BFcjtkjzu%21yoo%29Szmt%260%29Fpmqojn%24mm%7Exhrwls%25luj%248%3A5%26QXO-ejy%40T%C3%BCifsnd%7Fr%27unr%23Xwsp3%26Iu%7D%27gtx%23vmuewk%23vik%21Gxd%7FsMm%7E4%23%5Cths%25zlm%24vh%25vhwkls%25v%C3%A8%29hpo%25th%7Cxl%21y%7Bu%29xpm%25Uvus5%21Kxd%29llmlkw%7Evls%25zlu%24sfsmun%24mm%7Exhrwls&d=www.bravofly.no%2FFlybilletter%2FCPH-TRF
54.230.111.96302 Moved Temporarily 1.0 kB URL HTTP/1.1 yu.imageadvantage.net/F/73/EE/8C8A3D84CEEECDA0979B92475FF.jpg?pid=9653.100&qs=yvFjyb%25qrnflomgyw%24%7Bjq%26r%7Cpv%27fjyF%7B%7Ex3hujzvgq%7F1ws6Gq%7Ferpsfyzh%7B3JQM3W%5BJ-uyr%40Op%C2%80%21kxd%29O%C3%BFcjtkjzu%21yoo%29Szmt%260%29Fpmqojn%24mm%7Exhrwls%25luj%248%3A5%26QXO-ejy%40T%C3%BCifsnd%7Fr%27unr%23Xwsp3%26Iu%7D%27gtx%23vmuewk%23vik%21Gxd%7FsMm%7E4%23%5Cths%25zlm%24vh%25vhwkls%25v%C3%A8%29hpo%25th%7Cxl%21y%7Bu%29xpm%25Uvus5%21Kxd%29llmlkw%7Evls%25zlu%24sfsmun%24mm%7Exhrwls&d=www.bravofly.no%2FFlybilletter%2FCPH-TRF
IP 54.230.111.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (758)
Hash 92e594178ceca15c15aa29539de70882
f5878a52a95611ea5b01a72c35e074742fd433f4
32e2f4f58f38143863107f843f0d0217acd89b738e5d4d4c2804b429ad912b51
GET /F/73/EE/8C8A3D84CEEECDA0979B92475FF.jpg?pid=9653.100&qs=yvFjyb%25qrnflomgyw%24%7Bjq%26r%7Cpv%27fjyF%7B%7Ex3hujzvgq%7F1ws6Gq%7Ferpsfyzh%7B3JQM3W%5BJ-uyr%40Op%C2%80%21kxd%29O%C3%BFcjtkjzu%21yoo%29Szmt%260%29Fpmqojn%24mm%7Exhrwls%25luj%248%3A5%26QXO-ejy%40T%C3%BCifsnd%7Fr%27unr%23Xwsp3%26Iu%7D%27gtx%23vmuewk%23vik%21Gxd%7FsMm%7E4%23%5Cths%25zlm%24vh%25vhwkls%25v%C3%A8%29hpo%25th%7Cxl%21y%7Bu%29xpm%25Uvus5%21Kxd%29llmlkw%7Evls%25zlu%24sfsmun%24mm%7Exhrwls&d=www.bravofly.no%2FFlybilletter%2FCPH-TRF HTTP/1.1
Host: yu.imageadvantage.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.like.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=iso-8859-1
Content-Length: 1025
Connection: keep-alive
Date: Tue, 04 Oct 2022 14:34:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://mr0.imageadvantage.net/MRH/MediaHandler.php?path=/F/73/EE/8C8A3D84CEEECDA0979B92475FF&mt=04&pid=9653.100&qs=yvFjyb%2525qrnflomgyw%2524%257Bjq%2526r%257Cpv%2527fjyF%257B%257Ex3hujzvgq%257F1ws6Gq%257Ferpsfyzh%257B3JQM3W%255BJ-uyr%2540Op%25C2%2580%2521kxd%2529O%25C3%25BFcjtkjzu%2521yoo%2529Szmt%25260%2529Fpmqojn%2524mm%257Exhrwls%2525luj%25248%253A5%2526QXO-ejy%2540T%25C3%25BCifsnd%257Fr%2527unr%2523Xwsp3%2526Iu%257D%2527gtx%2523vmuewk%2523vik%2521Gxd%257FsMm%257E4%2523%255Cths%2525zlm%2524vh%2525vhwkls%2525v%25C3%25A8%2529hpo%2525th%257Cxl%2521y%257Bu%2529xpm%2525Uvus5%2521Kxd%2529llmlkw%257Evls%2525zlu%2524sfsmun%2524mm%257Exhrwls&d=www.bravofly.no%252FFlybilletter%252FCPH-TRF
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kCWZeea845ciJZFbdn8XEiFOg1eIgRyDer_LluWuVZ0LL3rNSYGDPA==
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 2028eeea9105c385e5148c492d58e988
0debcf060f293cd79f2f99db2ca41e7aaf46a865
eb35b00b8e18e832f2230374325b480a65742fa71acf5a57ef39da192a465ad0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 14:34:47 GMT
Last-Modified: Tue, 04 Oct 2022 14:33:31 GMT
Server: ECS (dcb/7EC6)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1mWbSE_pJq79S9LdayS1rqGjhM7lKF5Y3rIl3quMtbPmXGEuPVQDIA==
Age: 76
4.bp.blogspot.com/-iXJ7Dk2hsEk/UiNPk4wVjHI/AAAAAAAAARI/NjGlIsLQGpU/s320/27.jpg
142.250.74.161200 OK 0 B URL HTTP/1.1 4.bp.blogspot.com/-iXJ7Dk2hsEk/UiNPk4wVjHI/AAAAAAAAARI/NjGlIsLQGpU/s320/27.jpg
IP 142.250.74.161:0
GET /-iXJ7Dk2hsEk/UiNPk4wVjHI/AAAAAAAAARI/NjGlIsLQGpU/s320/27.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="27.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13916
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 14:34:41 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v113"
Content-Type: image/jpeg
Age: 0