Overview

URL toosexyforwords.blogspot.com.tr/
IP142.250.74.161
ASNGOOGLE
Location United States
Report completed2022-10-05 18:31:37 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-05 2 toosexyforwords.blogspot.com/ Malware
2022-10-05 2 toosexyforwords.blogspot.com/js/cookienotice.js Malware
2022-10-05 2 cdn.widgetserver.com/syndication/subscriber/InsertWidget.js Malware
2022-10-05 2 cdn.widgetserver.com/ Malware
2022-10-05 2 cdn.widgetserver.com/mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBeP (...) Malware
2022-10-05 2 www1.widgetserver.com/ls.php Malware
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed
2022-10-05 2 girlsdivine.life Sinkholed


Files

No files detected



Passive DNS (28)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS go.findservice.xyz (1) 283167 2021-11-22 07:34:17 UTC 2022-10-05 14:30:11 UTC 20.113.188.243
mnemonic passive DNS 4.bp.blogspot.com (7) 11215 2013-05-06 20:18:52 UTC 2022-10-05 10:11:03 UTC 142.250.74.161
mnemonic passive DNS 2.bp.blogspot.com (6) 11071 2013-07-04 03:01:31 UTC 2022-10-05 10:11:03 UTC 142.250.74.161
mnemonic passive DNS irene-eux.com (3) 0 2022-09-21 16:06:22 UTC 2022-10-05 10:54:45 UTC 35.174.150.83 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-05 05:01:05 UTC 34.117.237.239
mnemonic passive DNS toosexyforwords.blogspot.com (2) 0 2017-06-24 10:48:24 UTC 2022-10-04 22:19:12 UTC 142.250.74.161 Unknown ranking
mnemonic passive DNS girlsdivine.life (21) 0 2022-09-20 03:47:07 UTC 2022-10-05 09:36:08 UTC 88.99.80.95 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-10-05 07:13:38 UTC 23.36.76.226
mnemonic passive DNS apis.google.com (3) 105 2013-05-30 23:17:44 UTC 2022-10-05 09:25:09 UTC 142.250.74.174
mnemonic passive DNS www1.widgetserver.com (5) 0 2018-08-27 05:42:44 UTC 2022-10-05 15:46:19 UTC 99.83.136.84 Domain (widgetserver.com) ranked at: 501429
mnemonic passive DNS toosexyforwords.blogspot.com.tr (1) 0 2022-10-04 15:46:25 UTC 2022-10-04 22:14:39 UTC 142.250.74.161 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-05 06:03:19 UTC 54.230.111.64
mnemonic passive DNS ocsp.pki.goog (9) 175 2017-06-14 07:23:31 UTC 2022-10-05 06:59:18 UTC 142.250.74.3
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-10-05 12:33:02 UTC 34.120.237.76
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-10-05 17:39:00 UTC 142.250.74.10
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-05 14:02:21 UTC 54.230.111.118
mnemonic passive DNS resources.blogblog.com (6) 13274 2017-01-30 04:47:40 UTC 2022-10-05 06:30:08 UTC 216.58.207.201
mnemonic passive DNS pagead2.googlesyndication.com (1) 101 2021-02-20 15:52:05 UTC 2022-10-05 17:26:37 UTC 142.250.74.162
mnemonic passive DNS 1.bp.blogspot.com (3) 8403 2013-05-06 20:18:52 UTC 2022-10-05 11:06:24 UTC 142.250.74.161
mnemonic passive DNS cdn.widgetserver.com (4) 0 2012-05-22 02:51:28 UTC 2022-10-05 15:52:48 UTC 45.33.2.79 Domain (widgetserver.com) ranked at: 501429
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-05 09:14:56 UTC 44.238.3.246
mnemonic passive DNS data-jsext.com (1) 0 2022-07-27 05:02:20 UTC 2022-10-04 14:23:44 UTC 54.37.5.177 Unknown ranking
mnemonic passive DNS www.blogger.com (4) 8975 2012-05-22 07:35:03 UTC 2022-10-05 13:48:32 UTC 216.58.207.201
mnemonic passive DNS 3.bp.blogspot.com (6) 11048 2013-07-04 04:18:40 UTC 2022-10-05 10:11:04 UTC 142.250.74.161
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-05 16:07:29 UTC 93.184.220.29
mnemonic passive DNS cdn.widgetserver.com (4) 0 2012-05-22 02:51:28 UTC 2022-10-05 15:52:48 UTC 198.58.118.167 Domain (widgetserver.com) ranked at: 501429
mnemonic passive DNS d38psrni17bvxu.cloudfront.net (1) 0 2022-10-05 11:43:41 UTC 2022-10-05 17:58:07 UTC 54.230.245.130 Unknown ranking
mnemonic passive DNS xml-v4.netload1.com (1) 0 2022-09-26 13:05:57 UTC 2022-10-05 15:28:23 UTC 198.134.116.17 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 142.250.74.161

Date UQ / IDS / BL URL IP
2022-12-03 19:26:04 +0000
0 - 0 - 2 bestsellerus19.blogspot.com/christmas 142.250.74.161
2022-12-03 19:23:15 +0000
0 - 0 - 3 sdfgsdfgsdfgsdgf.blogspot.ru/search/label/God (...) 142.250.74.161
2022-12-03 19:22:19 +0000
0 - 0 - 2 bocagulosa2.blogspot.fr/search/label/Laura 142.250.74.161
2022-12-03 19:02:34 +0000
0 - 0 - 2 2010-kpss.blogspot.com/search/label/kpss?m=1 142.250.74.161
2022-12-03 18:54:06 +0000
0 - 0 - 2 bocagulosa2.blogspot.co.uk/search/label/Who 142.250.74.161

Last 5 reports on ASN: GOOGLE

Date UQ / IDS / BL URL IP
2022-12-03 19:42:41 +0000
0 - 0 - 1 intrepidiq.com/ 34.102.136.180
2022-12-03 19:42:29 +0000
0 - 0 - 2 femmeeeeeefemesfacebook.blogspot.hr/ 142.250.74.33
2022-12-03 19:38:31 +0000
0 - 0 - 3 peartreedigitaldesigns.blogspot.fr/2010_04_01 (...) 142.250.74.33
2022-12-03 19:37:37 +0000
0 - 0 - 3 neumo8.blogspot.pt/ 142.250.74.33
2022-12-03 19:37:22 +0000
0 - 0 - 1 peartreedigitaldesigns.blogspot.com/2010_04_0 (...) 142.250.74.33

Last 1 reports on domain: toosexyforwords.blogspot.com.tr

Date UQ / IDS / BL URL IP
2022-10-05 18:31:37 +0000
0 - 0 - 27 toosexyforwords.blogspot.com.tr/ 142.250.74.161

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-25 09:36:42 +0000
0 - 0 - 12 ifeellove.space/?u=54lkaeg&o=grmpkza&m=1&t=ho (...) 92.119.160.57
2022-10-24 03:29:52 +0000
0 - 0 - 14 whoinvented.co/?u=fy082k7&o=mb2kpbt&cid=2vdo2 (...) 172.67.171.29
2022-10-24 03:29:51 +0000
0 - 0 - 14 whoinvented.co/?u=fy082k7&o=mb2kpbt&cid=237jf (...) 104.21.55.111
2022-10-24 01:20:57 +0000
0 - 0 - 14 civilsputroomslife.de/ 104.21.55.119
2022-10-23 09:33:04 +0000
0 - 0 - 14 4568680.catchtheclick.com/ 116.202.159.170


JavaScript

Executed Scripts (30)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (108)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.118
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: on7pkQ0Vs5Z8G_IKJzPajy8XxbBaN-9ZLkGh4GesUXZ-ylToSBlfrg==
Age: 9847


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET / HTTP/1.1 
Host: toosexyforwords.blogspot.com.tr
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         142.250.74.161
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Location: http://toosexyforwords.blogspot.com/
Content-Encoding: gzip
Date: Wed, 05 Oct 2022 18:31:25 GMT
Expires: Wed, 05 Oct 2022 18:31:25 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 182
Server: GSE


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   182
Md5:    95a9b78f9c3f039c1b28f6f34c5960ec
Sha1:   04804b6b88259fe30f7a87f67a52495d397861a3
Sha256: 9b32fa8cb73063ae73e4b1dbb67f105c9515f768bfd6e0370a14c1967429e1e5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AB48F17E54075E1ECF034278E82BCACD2E3689773186CC84FBA9B79AAC907294"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7020
Expires: Wed, 05 Oct 2022 20:28:25 GMT
Date: Wed, 05 Oct 2022 18:31:25 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.64
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 05 Oct 2022 04:02:33 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: deod0Aq0vB_G1_bdtyVkCrjGXiHcmR8z_U7OuenBvnpVr30EOvo-LQ==
age: 52133
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 05 Oct 2022 18:31:25 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET / HTTP/1.1 
Host: toosexyforwords.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Expires: Wed, 05 Oct 2022 18:31:26 GMT
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: private, max-age=0
Last-Modified: Mon, 13 Dec 2021 03:28:02 GMT
ETag: W/"f687665f3cf8047a1d8173a61eb8ee4e6d27576801db597dba49e798994add5e"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 24456
Server: GSE


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1495)
Size:   24456
Md5:    0cd4b20501e98fb3937d0459216e5810
Sha1:   a368a80695bbe602846dd457f58191e0b9ba0983
Sha256: 81deadb947b92db2fe635746308b96538d314e67db264ea1568a690669b68413

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /js/cookienotice.js HTTP/1.1 
Host: toosexyforwords.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 10:32:28 GMT
Expires: Tue, 11 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=604800
Last-Modified: Tue, 04 Oct 2022 09:10:01 GMT
Age: 115138


--- Additional Info ---
Magic:  ASCII text
Size:   2026
Md5:    c4e1ed83d89245089b8a1203be20a377
Sha1:   f3940e1215b89300ef97d57a25993f25243b8688
Sha256: afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /static/v1/widgets/2975350028-css_bundle_v2.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7776
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 16:35:40 GMT
expires: Thu, 05 Oct 2023 16:35:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 04 Oct 2022 18:55:46 GMT
age: 6946
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (35959)
Size:   7776
Md5:    5aa2d3297bdc86bc81322aedecbb5e79
Sha1:   1c0a3c007e41726e167e79b70ddea76198650884
Sha256: feae1fac625d0f30b5f10fa00b62df1a5600cd2178062c427e55f289b29cc630
                                        
                                            GET /img/icon18_email.gif HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/gif
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 02:36:19 GMT
expires: Wed, 12 Oct 2022 02:36:19 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 16:56:41 GMT
age: 57307
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 18 x 13\012- data
Size:   164
Md5:    36b9f993db1b953f3b9b08040aaf9af4
Sha1:   18248661b307586dc291fd2dff4bb59cf7579475
Sha256: 1258cbe1e2900ec3df11a83a6bb6008d7a833f783a6df80b0d5d45a052ac1466
                                        
                                            GET /static/v1/widgets/792789798-widgets.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56804
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 02:15:20 GMT
expires: Tue, 03 Oct 2023 02:15:20 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Oct 2022 00:49:27 GMT
age: 231366
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2221)
Size:   56804
Md5:    02e6bf311e18828a522b4d3a4079084f
Sha1:   a63cd373fa23b4fe11f938d57737e6bfa1ebe789
Sha256: 25d469843aa09be2473931d33aaa37b65ac371874bd98ca84ec780bead3e33e4
                                        
                                            GET /img/icon_feed12.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 500
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 06:40:02 GMT
expires: Wed, 12 Oct 2022 06:40:02 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 22:52:56 GMT
age: 42684
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 12 x 12, 8-bit colormap, non-interlaced\012- data
Size:   500
Md5:    44e7355a788fd1082deff0018883758e
Sha1:   50e3a28a44978e85d13c30522e0c71c8d0b24675
Sha256: 3cd341f37642f8a58b0fe14c2645913449c0ffe10be6ba0986275bfef29bc319
                                        
                                            GET /img/widgets/subscribe-netvibes.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 1445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 11:47:52 GMT
expires: Sat, 08 Oct 2022 11:47:52 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 14:51:29 GMT
age: 369814
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 91 x 17, 8-bit colormap, non-interlaced\012- data
Size:   1445
Md5:    c52a5f4ecb6be5d7e93b23ef4122ee4e
Sha1:   4e698a5f455daf3a8ea1e219b1998079f0546716
Sha256: 71b8ad79c680b3e5d452a792c3b418b23f739a0a34005e0f37ec674f4c78cb5d
                                        
                                            GET /img/widgets/subscribe-yahoo.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 02:21:47 GMT
expires: Wed, 12 Oct 2022 02:21:47 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 12:57:07 GMT
age: 58179
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 91 x 17, 8-bit colormap, non-interlaced\012- data
Size:   580
Md5:    79f602b6ac18bee79b4e2353a6674010
Sha1:   28accf82263aa1a11bb821439d4d185865662530
Sha256: bbf9b924cc32bff4738bb54d86905476349f90c8b20f748633e56f64379d553e
                                        
                                            GET /img/widgets/arrow_dropdown.gif HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/gif
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 141
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 10:36:43 GMT
expires: Wed, 12 Oct 2022 10:36:43 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 04:51:44 GMT
age: 28483
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 13 x 10\012- data
Size:   141
Md5:    2964a07d60a4e76b299130fb1b4115f6
Sha1:   3b72dcc19f3ad685513eaba612e07e0ed495f2e1
Sha256: 28ab89f0285c48d2faed701905c185c302f2b389584a52ceaa76a91ea64dc3a7
                                        
                                            GET /img/icon18_edit_allbkg.gif HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/gif
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 19:52:13 GMT
expires: Sat, 08 Oct 2022 19:52:13 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 19:52:35 GMT
age: 340753
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 18 x 18\012- data
Size:   162
Md5:    c991641178ff05adf0d004298b5eafa9
Sha1:   d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
Sha256: ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
                                        
                                            GET /js/platform.js HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20361
date: Wed, 05 Oct 2022 18:31:26 GMT
expires: Wed, 05 Oct 2022 18:31:26 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "40c22a9ccbd70870"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1277)
Size:   20361
Md5:    b5a31516be83fe4f962609045d824f88
Sha1:   939a49a9858bf23561279f9ca2d1941d3256c66f
Sha256: edb661aa461800e97e3847608a8b2d81cfe345f69a6f84abaa001d8a60500328
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /-OsognF9zEA4/UiNPoeffVgI/AAAAAAAAARQ/rFg1qkGspjQ/s320/ac.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ac.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 24510
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v115"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x259, components 3\012- data
Size:   24510
Md5:    a97f896a81b86755de84c02a8ee37020
Sha1:   fb245a801e0ccfd57909591d7ff3051948f17e0d
Sha256: bcd65755fa9113d4ba33419255ce7c5055e0500d96b1b40e11f36d8160831ae1
                                        
                                            GET /-N-8MRPZzbL0/UiNQIroO5bI/AAAAAAAAASQ/-tG5_zHctaE/s320/MVI_9543a.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9543a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19422
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v125"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Size:   19422
Md5:    a09837187a8a3c2a1642478dec669afd
Sha1:   0dd0a7851b7d1cfc8b9e7d0bd7cdf24a2808119f
Sha256: c0a9a7b1268746d4f9d89e87ba30d761d7f03744896b3b9d2eb23160de7033dc
                                        
                                            GET /dyn-css/authorization.css?targetBlogID=6116713463870618879&zx=34234300-3bb2-470f-87e2-7517cbb0192f HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 05 Oct 2022 18:31:26 GMT
last-modified: Wed, 05 Oct 2022 18:31:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   21
Md5:    a62e4d501434033d5d177e67d3aafdd0
Sha1:   34f7300c9ed47334cf10826d57af785321e3138b
Sha256: b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
                                        
                                            GET /img/share_buttons_20_3.png HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 5080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 07:14:19 GMT
expires: Sat, 08 Oct 2022 07:14:19 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 19:52:35 GMT
age: 386227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size:   5080
Md5:    ad9999106d5f550920b586e8e1704e5a
Sha1:   93fd02c51166402a41f96509cd0ca3fb917877dd
Sha256: 3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3
                                        
                                            GET /_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57995
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 07:25:42 GMT
expires: Mon, 02 Oct 2023 07:25:42 GMT
cache-control: public, max-age=31536000
age: 299144
last-modified: Sat, 30 Jul 2022 15:17:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (580)
Size:   57995
Md5:    d70fcc84d705c565b31a5835c0938d5b
Sha1:   d28e5dc9fcc6239d67986df3205468072023d2d7
Sha256: 1d558c94793446aa6a7832dde0c39ed7d9c77fd963ffb738c460e4f7369a7f4e
                                        
                                            GET /pagead/js/google_top_exp.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.162
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 08:27:21 GMT
Expires: Wed, 19 Oct 2022 08:27:21 GMT
Cache-Control: public, max-age=1209600
ETag: 13036835877489095579
Age: 36245


--- Additional Info ---
Magic:  ASCII text
Size:   67
Md5:    9bbc3ca32ec951a484589ce0e6b4db73
Sha1:   753d6f6183b33b2dee5dde2208fca91c17f5bb13
Sha256: b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
                                        
                                            GET /-nofOed0e_IM/UiNP-_XXMvI/AAAAAAAAASA/yIY0xzqoTe8/s320/MVI_0842c.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
ETag: "v121"
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="MVI_0842c.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 18:31:26 GMT
Server: fife
Content-Length: 10298
X-XSS-Protection: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Size:   10298
Md5:    b3b376d0decad8ffe5d777382a03be6f
Sha1:   ea45b21ee6d7ebc8efcfd2837f82d2e9c2389f88
Sha256: d6ef22fbb037ed3f0147f1c8778d513dd11dcf506ccaed363a391a58da5b90fe
                                        
                                            GET /-X-bPabIGKvs/UiNPYZT51GI/AAAAAAAAAQo/2D_X8LFUPyQ/s320/5a.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="5a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13106
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v10b"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 308x320, components 3\012- data
Size:   13106
Md5:    d30a66f2f0d22a759296abe92fa316f7
Sha1:   97189ba80391d7509148b285fae526c6773a0294
Sha256: 86b7c1b91a612bc53d4072eaaeb7ce925686ec1c94c68877ba94efbd85579b86
                                        
                                            GET /-swqFdlgpbz4/UjXC2itFwGI/AAAAAAAAAT4/jI6Dp0VL-J4/s320/MVI_9000j.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9000j.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 17826
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v13f"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Size:   17826
Md5:    ef9285616130fbbe0a7cc08f636f1f13
Sha1:   d6a3a87b4202bdbec8da03f0f541e472cf4b70bd
Sha256: 375526fc7ebd1a66e47d096c707e6124dbf044bfc770970fbecef07a9dd8f498
                                        
                                            GET /-W2cx1Bg69nk/UiNPejKuesI/AAAAAAAAAQ4/caXxiJ9UiT8/s320/22.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="22.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19209
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v10f"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x292, components 3\012- data
Size:   19209
Md5:    dc4e81cbee94f7bb1b3eabf96b451486
Sha1:   e55057fa20214e9fbf92d1e8f8dc1e634f249100
Sha256: 920b23f898797e57a7a364f9b9f097568cbf3c74593ddde4a8883d06d81f8720
                                        
                                            GET /_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=profile/exm=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_1?le=scs HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 12103
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 04:22:47 GMT
expires: Sun, 01 Oct 2023 04:22:47 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 30 Jul 2022 15:17:53 GMT
age: 396519
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (536)
Size:   12103
Md5:    e4fb51c04ea660686e6550b82c1a18ca
Sha1:   a58d0f29017553ee017db3ff88682c046481baf6
Sha256: 9d1a0929c0bad4402483d5fa706f3433a06414cd5514a3cd48ae6c4a1b61f8cc
                                        
                                            GET /-bETTSn7a3jE/UiNP7C-7lUI/AAAAAAAAAR4/Rw6VLCKwqV0/s320/MVI_0292a.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_0292a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 11955
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v11f"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 171x320, components 3\012- data
Size:   11955
Md5:    c5d0cc0932a011c72b7ac29e724a6019
Sha1:   8188ee0b0d5f72526e7cc10ab86b408edb67f58a
Sha256: c238401fff0a7a39214e4e126e4cb4a653d22747ae5a9abce104ee88712c057f
                                        
                                            GET /-BBsaLr-gQ3I/UjXCWu8AlcI/AAAAAAAAASo/FgU8inYk4Bs/s320/1.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="1.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 17032
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v12b"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x229, components 3\012- data
Size:   17032
Md5:    37629fa165c183504ca19d2313f1d236
Sha1:   0ee9998f0bebe0be6b015679efaf4987e7e1d6ce
Sha256: 466542845248756086e57edba1721c87a48e63b2ed0dbd8f9a90d6b57495d706
                                        
                                            GET /-t3YLAex0sco/UfkbmqTBXMI/AAAAAAAAAP0/yPnP_P-ikvM/s320/042913306.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="042913306.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 30702
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vfe"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 288x320, components 3\012- data
Size:   30702
Md5:    a768b0972fae50271429638b2e6a3eb0
Sha1:   0180c70b6401a274ffd121e592cef85d5a3cefb2
Sha256: 865e4eee4d61f8fbbfdb875e7f45484c8e7106d16ab29a5b46c102fa88635993
                                        
                                            GET /-6RjHJzZRaJ4/UjXCjXBs6WI/AAAAAAAAATI/L4dzN9ixbS0/s320/8.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="8.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13737
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v133"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x169, components 3\012- data
Size:   13737
Md5:    1e121e4d316f32fea05c0676b1ff3ff9
Sha1:   5fdee2841b662515e6ee5aeb3997bfeea91fe2a8
Sha256: b8d145e496d31eed4b6062fa6c6c2a9997b742a750120b737b876172743f8071
                                        
                                            GET /-IVNObjkfQuk/UjXCzeiHz_I/AAAAAAAAATw/9GeNrV1JUX0/s320/MVI_1458d.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_1458d.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 18538
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v13d"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x259, components 3\012- data
Size:   18538
Md5:    801792f3ef4f90ad50fff10b8c5ef802
Sha1:   cd0cf81f266e4bafbacc036a717da9276aa517a9
Sha256: 6d699b4d934d6716d3ff5ae9ed6693a7eb08729d333f3f15dd594272e76856c7
                                        
                                            GET /-wwwQEraY-k4/UiNQN-hlfyI/AAAAAAAAASY/clEiapzlLxs/s320/MVI_9734e.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9734e.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19577
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v127"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x298, components 3\012- data
Size:   19577
Md5:    204bba7d342a02160332f15d9ca41dfb
Sha1:   2651fc04d29b5552aff23d491193a9d711887259
Sha256: 670772f4f8b82a7b38a80c6dde77221cab7b1d34f0c98bb631823d7893959c65
                                        
                                            GET /-uki4CvmOX8c/UiNPUlO_A_I/AAAAAAAAAQg/B1jRy9mj2KE/s320/5.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
ETag: "v109"
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="5.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 18:31:26 GMT
Server: fife
Content-Length: 15245
X-XSS-Protection: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 264x320, components 3\012- data
Size:   15245
Md5:    0ece2951d54cf742b5b1bc8026f9b289
Sha1:   8251970708b3201d633f41ac325d75aa57ad6986
Sha256: 3bdbcdd50fe48eb5560dcc17d7ba2ad09cf952069cf6721a0d64a5fa289999c8
                                        
                                            GET /-KyPM6sFusA8/UjXCZ8a5pqI/AAAAAAAAASw/lxZo7ZYDzIE/s320/3.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
ETag: "v12d"
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="3.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 18:31:26 GMT
Server: fife
Content-Length: 15499
X-XSS-Protection: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x235, components 3\012- data
Size:   15499
Md5:    8c0f611a229567a8c041dcfa366cf08b
Sha1:   3b85131275b3cd39e10dd04964bb2c9ebc426cde
Sha256: 9a1099e40a9abbfd73ba9b7926321e2f156b97d5cb1f92016846a0899be9505a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /-OXoxWppfsiE/UjXCdL9IJyI/AAAAAAAAAS4/YRE3s7bsxzQ/s320/4.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="4.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 14038
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v12f"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x177, components 3\012- data
Size:   14038
Md5:    279ec2d53aa77e5671340ffb372dac34
Sha1:   8e42886d6fa760f3c399c484dbf2c7d747d74480
Sha256: afc43a34a70a10f1be542947083a8c7fd42fa925058673af91be25d744c88729
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6595
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 18:31:26 GMT
Last-Modified: Wed, 05 Oct 2022 16:41:31 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /-Y7DR4TQZd1g/UiNPwEhj8aI/AAAAAAAAARg/rsJ9wiDz87s/s320/IMG_1271.jpg HTTP/1.1 
Host: 1.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_1271.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 8444
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v119"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 111x320, components 3\012- data
Size:   8444
Md5:    054bbba1f028caa42f4c9693bc04cc1c
Sha1:   96cfa778f74b45ee1b4af4aa0351adad6a1b1a58
Sha256: 7c043818630c54e563b986c64cecb572fa3767b7c876c69312e330ba4862fb73
                                        
                                            GET /-jIywZ0SU1hc/TaCterMXbpI/AAAAAAAAAAM/15MikKlCpg4/w1600/Dirty%252C%2BSexy%2BGirls%2Bsmall.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Dirty, Sexy Girls small.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 33815
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v3"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 465x700, components 3\012- data
Size:   33815
Md5:    d84d9cbac0e98c2f606027eda41d8b6b
Sha1:   edd22ddb8245d1f254eaa7c5957350ef98bb642d
Sha256: f9f58b9e625a286d3cfdee358395427dacde87814cc9314ea702230daadbe448
                                        
                                            GET /-xPSKR5Nl210/UiNP3VXPIrI/AAAAAAAAARw/HzdLa3dpInU/s320/jf.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="jf.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 30829
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v11d"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 249x320, components 3\012- data
Size:   30829
Md5:    d441a709b7201b7d3bf7f635e289aedd
Sha1:   4fd5fc82ddc5491e5c94d295fe1c562db90a12be
Sha256: fe34eb1c04a570d1241f351e8ce723c3978c30685e2729dccb25c9d27cd82839
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.118
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 18:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 05 Oct 2022 18:46:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gQYYuQOJeCMFxOUq9Zc4NRmHmhcVIwtZvNpV7q0oMSjhBKLgqNxcAg==
Age: 113


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /syndication/subscriber/InsertWidget.js HTTP/1.1 
Host: cdn.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         45.33.2.79
HTTP/1.1 200 OK
content-type: application/javascript
                                        
server: openresty/1.13.6.1
date: Wed, 05 Oct 2022 18:31:26 GMT
content-length: 157
last-modified: Fri, 09 Mar 2018 19:33:30 GMT
etag: "5aa2e18a-9d"
accept-ranges: bytes
connection: close


--- Additional Info ---
Magic:  ASCII text
Size:   157
Md5:    67e216a27dda24bdcb086c2385b0cb99
Sha1:   17141c80f5d32bec3691c5ab24741d8b7dd5f0c6
Sha256: 9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /-OHUAEFnddFM/UjXCsvSyesI/AAAAAAAAATg/nlD5yGF7WA4/s320/IMG_4677.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_4677.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 20224
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v139"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 320x240, components 3\012- data
Size:   20224
Md5:    94499f87413ae8f2f3b6b33d2aa64cdf
Sha1:   197ed653d6fbeb463660bef2447e4c3c806f572b
Sha256: 964b9174af21d668fcd13c6432ce3c682c71dbc19b0e069479d09197ac41717b
                                        
                                            GET /-QzqDJOmBONk/UcEBpDALKbI/AAAAAAAAAPI/ACUTr0EqBDI/s320/securedownload+(5).jpg HTTP/1.1 
Host: 1.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="securedownload (5).jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 22906
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf3"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 320x204, components 3\012- data
Size:   22906
Md5:    ec6cea9c14654299c30ac53941dfa881
Sha1:   32228e7be11462b44977bad3018bcf858089f5af
Sha256: f01e63a74782fc947db0eec8507291ea7b187d65013b4e1f6a0cd336cd97ccb9
                                        
                                            GET /-YtoennbnYDc/UjXCwRYOdfI/AAAAAAAAATo/xkBWNWi2qEY/s320/MVI_1223a.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_1223a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 16699
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v13b"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x256, components 3\012- data
Size:   16699
Md5:    51a77979b221b60014c0fda4de2990c4
Sha1:   84161a2e4ad041019cea02d6cb21bb546bb9f083
Sha256: 0dc597a116b37a97bf62898dcb20a532c9c2b0feee34baad1b83684dc1a1baa8
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /-cSNZKRAmze4/UcEBklnoRoI/AAAAAAAAAPA/u8hBHj1Eras/s320/securedownload+(4).jpg HTTP/1.1 
Host: 1.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="securedownload (4).jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19306
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf1"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 320x144, components 3\012- data
Size:   19306
Md5:    9faaeb1297873d21d113531a1e96261b
Sha1:   386611acb5d4131934cb90e4007eece8371f23b2
Sha256: 6a80539d080a0ccbb37c627d8889310c72948b8f94a447774453b042aff1e942
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MnKIdYjYwBtA+CkA4aXFKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         44.238.3.246
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Zej3cqk0aLPjv4BdMk6c3Wew4TQ=

                                        
                                            GET / HTTP/1.1 
Host: cdn.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Upgrade-Insecure-Requests: 1

                                         
                                         198.58.118.167
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
server: openresty/1.13.6.1
date: Wed, 05 Oct 2022 18:31:26 GMT
content-length: 7182
vary: Accept-Language
content-language: en
connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (338)
Size:   7182
Md5:    fdf39b5fe47212d89784f9cf9b23f94a
Sha1:   b0180584affb2b217f237781ff81598692f7ec24
Sha256: 74f33eac13a698b51c1819c58715e7920ac07b0b39fa2f78b90807c0bb09d8fe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: cdn.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.widgetserver.com/

                                         
                                         198.58.118.167
HTTP/1.1 200 OK
content-type: image/gif
                                        
server: openresty/1.13.6.1
date: Wed, 05 Oct 2022 18:31:27 GMT
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBePK3fc_X-JBQYxCCykM-dKwEcEMBNTEwpxHrRmxQH3OSDuSK2qK6EtGVhZTny5Y-LaaBG1i3ar24DxwAdqAeqe_WwuZW85QWS-cojQ5x2ANB1x17c6h_rspXu7XozrLkIwHbbYw_3CHKctBD9_8JN4fl79F_w:1og9B0:kBXS8xvhjL6o7bpCGdPa7CDyRKU/1/0 HTTP/1.1 
Host: cdn.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cdn.widgetserver.com/
Connection: keep-alive

                                         
                                         198.58.118.167
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
server: openresty/1.13.6.1
date: Wed, 05 Oct 2022 18:31:27 GMT
content-length: 256
x-mtm-path: 4
x-mtm-prov: 1:6.31;70:0.00
x-mtm-rd: 0.53
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJjZG4ud2lkZ2V0c2VydmVyLmNvbSIsImh0dHA6Ly93d3cxLndpZGdldHNlcnZlci5jb20vP3RtPTEmc3ViaWQ0PTE2NjQ5OTQ2ODcuMDExMDE4MDAwMCZLVzE9RXVyb3BlJTIwRGVkaWNhdGVkJTIwU2VydmVycyZLVzI9Tm9yd2F5JTIwRGVkaWNhdGVkJTIwU2VydmVycyZLVzM9T3NsbyUyMENvdW50eSUyMERlZGljYXRlZCUyMFNlcnZlcnMmS1c0PU9zbG8lMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJktXNT1DdXN0b20lMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJnNlYXJjaGJveD0wJmJhY2tmaWxsPTAiLDEsIjIwMjItMTAtMDUgMTg6MzE6MjciLDEsIjE2NjQ5OTQ2ODcuMDExMDE4MDAwMCIsMSxudWxsLG51bGxd:1og9B1:m20yhfLfW173ahxkmdI6idgdCfQ; expires=Wed, 05-Oct-2022 19:31:27 GMT; Max-Age=3600; Path=/
connection: close


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   256
Md5:    cb4a528169e7e4f4419ec6717571876e
Sha1:   c04e83679cdf2a4ac367d28081d1668c8f960aa7
Sha256: a163c3c13b15a0120f8032fb97ed402fc27d3cae8812638fc0567ee901f221ab

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aeOU8fGkf5uHuYZ79k17EzxiFnwm0_z7SeZJElgwECzRyhR2N_SYJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:06:09 GMT
age: 51919
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10158
Md5:    4fc2ddd86450d64d3fb659ab4e78be58
Sha1:   bbe71936b78a8c34d03ab87948dc840b35c6948f
Sha256: 84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8926
x-amzn-requestid: 27fc8976-af8d-40a3-b701-0642fa135ec4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1GSbIAMFTiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4d4c7837576e0fdb5828fe3b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YzVofPSJC-YVU1Q1V9AnjNeQTa1BQEh6ZiH2HjSeeX5RygysFP7oAA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:25 GMT
age: 74883
etag: "70e8d1589f3daf71378965dd197934e220fb6aa4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8926
Md5:    1de7c17a0ba9295135e7f8b490b6a8d3
Sha1:   70e8d1589f3daf71378965dd197934e220fb6aa4
Sha256: ee559ce3166479e2b930be7d18525f5c2d164aed8ca005302ddaf3bfe37eec24
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8816
x-amzn-requestid: b9f3ec8a-f478-4405-b275-e21f2d7d89d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKK7gFPJIAMF-7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f1e3-250348e6140f3c74762263ea;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8f83Wv7OrO7NOd1y1LXjfphRmJjdwrkcAxrxUN4A4qSgsEzIQMq81g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 22:38:40 GMT
age: 71568
etag: "5261a6c2ee6d6cc87e91ee82e32d8be234db393e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8816
Md5:    100559d746bedd7c3802661c875c35ee
Sha1:   5261a6c2ee6d6cc87e91ee82e32d8be234db393e
Sha256: ff06f31267ddcc9a0d84ddc68932872bfed29d072783c3a1dd3790d41c280aec
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3585
x-amzn-requestid: 43c510d4-d87c-4665-a132-d798b836d415
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaJbLHEOoAMFfxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a55e0-614faff31425ff183b7ca4dd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:24:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d1LCc44Gj_0Je8adu7Iv3I9MwkaDPgWqlNHI96UAtZub22l210J65A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:53:07 GMT
age: 49101
etag: "612b6dbd4ba895c167964ff7e6d9263013b52b0a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3585
Md5:    5d7d7df8d4c440f9db445c3d99e818d6
Sha1:   612b6dbd4ba895c167964ff7e6d9263013b52b0a
Sha256: bf527a814c78f9e010cce4ba593c9146d54a2137d1f147f7a6250fbad81956ac
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7021
x-amzn-requestid: 2e30bdac-360e-4d0a-8bb7-c3144e074abe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8ucHb1oAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7f5-18ba6bc50cb32b1e14c882bd;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: UPEhTwAYEIRy-Cnb0ITefEotLyg3rFe_NaGy92xwWe_7hrdo6UQLwQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:56:53 GMT
age: 74075
etag: "6b5db8fbfb56f083d54b13e7660d0e4bc866aa00"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7021
Md5:    229c99cfb655a8c9f1a22de69fdff73c
Sha1:   6b5db8fbfb56f083d54b13e7660d0e4bc866aa00
Sha256: f4099e9153c3dc481add95b0f24dbb8f6d65cc74ad5631d9cb6c6f2a0351843d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5832
x-amzn-requestid: c4427edd-3d71-47d0-a2d3-b3bfed089535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1FuUoAMFhBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-46ddff150da4141d23fc0d8a;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iR82CJ6A06dpqy_nm6JrmjeUJT-uhI5rr0dr6ZnhrQQo9Jqxh10qRQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:43 GMT
age: 74865
etag: "4daf0c001e86af8477fb097e8ca932edb8e5f981"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5832
Md5:    3257b782efae9b64e6e18a547866ec50
Sha1:   4daf0c001e86af8477fb097e8ca932edb8e5f981
Sha256: 899f9692e86405aa288d88dd285a6fe26bedab1a2ca4693212476063890b01a5
                                        
                                            GET /?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0 HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.widgetserver.com/
Upgrade-Insecure-Requests: 1

                                         
                                         99.83.136.84
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 05 Oct 2022 18:31:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2246)
Size:   2471
Md5:    55c215ec5e5c5f3dbbd202c4743f21bd
Sha1:   0fa473c6cccd354a497560e9fbf0a0f059a37271
Sha256: 61b6e8dbd69152d963ce19228b5cc23edc7fbd9db06d6887b30b3a51fbacd7f6
                                        
                                            GET /scripts/js3.js HTTP/1.1 
Host: d38psrni17bvxu.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/

                                         
                                         54.230.245.130
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Wed, 05 Oct 2022 09:14:34 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dpEmSWgabrbhrbNzbza45IfSS1jVAz3gDtNQZAVP9AczFVZpGMIeFg==
Age: 33414


--- Additional Info ---
Magic:  ASCII text, with very long lines (506)
Size:   1134
Md5:    64b79b43df8fbf2c5d082964b9116a68
Sha1:   dc3c763519baf0f4c32bb60bfc429651a491ea01
Sha256: c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637
                                        
                                            GET /track.php?domain=widgetserver.com&toggle=browserjs&uid=MTY2NDk5NDY4Ny45MjQyOmE2Yjk0NzQyMzM3MDBhOTBjMDk0NTI2ZWFiYjJjNjE2YjBkMjljZjhlZmI5ZDk2OTllOGUwZWJmNjY0NWZlZjc6NjMzZGNkN2ZlMWE0NA%3D%3D HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

                                         
                                         99.83.136.84
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 05 Oct 2022 18:31:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            POST /ls.php HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2198
Origin: http://www1.widgetserver.com
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

                                         
                                         99.83.136.84
HTTP/1.1 201 Created
Content-Type: text/javascript;charset=UTF-8
                                        
Date: Wed, 05 Oct 2022 18:31:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 633dcd81fd94e23518795a87
Charset: utf-8
Access-Control-Allow-Origin: http://www1.widgetserver.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_SUPSYTS2PCRh8Ls5zp1NSmxeij00Qvlwhvjl2cyGx0vBj3mon9/x1+ONnws1ZpP257yznaZ50Ban0jeT28eI6Q==


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

                                         
                                         99.83.136.84
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Wed, 05 Oct 2022 18:31:29 GMT
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

                                        
                                            GET /track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=widgetserver.com&uid=MTY2NDk5NDY4Ny45MjQyOmE2Yjk0NzQyMzM3MDBhOTBjMDk0NTI2ZWFiYjJjNjE2YjBkMjljZjhlZmI5ZDk2OTllOGUwZWJmNjY0NWZlZjc6NjMzZGNkN2ZlMWE0NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzNkY2Q3ZmUxYTJhfHx8MTY2NDk5NDY4OC4zMTg0fDdlNzQ2MWE1ZGViMDFkOTZhMzA0NGQ3MGVkYWI0NGVmYzcxNjIyNmR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw3MTI3NzJjNTVmZjE2ZThlMzM2Y2ZmOTk4MTZhMDg5ZTE3ZTE0MTI2fDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

                                         
                                         99.83.136.84
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 05 Oct 2022 18:31:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /zcvisitor/ecde1f60-44db-11ed-accc-1239def5fecf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ecfa32e2-44db-11ed-accc-1239def5fecf HTTP/1.1 
Host: irene-eux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/
Upgrade-Insecure-Requests: 1

                                         
                                         35.174.150.83
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Wed, 05 Oct 2022 18:31:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: xUTMrHbe


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   996
Md5:    78c2774bc080727537abd1b7ec3b3c81
Sha1:   c3d645d7189b42add681334f190ebe82696c252d
Sha256: 0ffb165ac24cab83b2b9e02126bae83812b478711ade3c9414e87f36b3c396a9
                                        
                                            GET /zcredirect?visitid=ecde1f60-44db-11ed-accc-1239def5fecf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1 
Host: irene-eux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcvisitor/ecde1f60-44db-11ed-accc-1239def5fecf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ecfa32e2-44db-11ed-accc-1239def5fecf
Upgrade-Insecure-Requests: 1

                                         
                                         35.174.150.83
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Wed, 05 Oct 2022 18:31:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: NRgpKlHm


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   304
Md5:    7ad1c64bf1c7d74543e57e1bc3102fc5
Sha1:   d1c124af158fbc22e553e6f32fd9c788cc52a78f
Sha256: c9d519a817418028a376cf232c7853fcb855647fbe73a006a3b74f6988472b6b
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: irene-eux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcredirect?visitid=ecde1f60-44db-11ed-accc-1239def5fecf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

                                         
                                         35.174.150.83
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Wed, 05 Oct 2022 18:31:30 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: OXAdnAKU


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            GET /click?seat=2114927&i=2UvsoEe5K8o_0 HTTP/1.1 
Host: xml-v4.netload1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/
Upgrade-Insecure-Requests: 1

                                         
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://go.findservice.xyz/15Gu5p?zoneid=12293994169&pubfeed=397303/397303.12293994169&campaign=671642&cost=0.00055
Pragma: no-cache

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "15FB5CB33A313B72AD16D7411ABED32288E6C022BAFA3ED2F70FC2A02A7E8415"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15771
Expires: Wed, 05 Oct 2022 22:54:21 GMT
Date: Wed, 05 Oct 2022 18:31:30 GMT
Connection: keep-alive

                                        
                                            GET /15Gu5p?zoneid=12293994169&pubfeed=397303/397303.12293994169&campaign=671642&cost=0.00055 HTTP/1.1 
Host: go.findservice.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://irene-eux.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         20.113.188.243
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.23.0
Date: Wed, 05 Oct 2022 18:31:30 GMT
Content-Length: 292
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15Gu5po=20221005211664995452421; domain=.go.findservice.xyz; path=/;expires=Thu, 06 Oct 2022 18:31:30 GMT; httpOnly=true;SameSite=None; Secure; _pc_lc_id=15Gu5p; domain=.go.findservice.xyz; path=/;expires=Thu, 06 Oct 2022 18:31:30 GMT; httpOnly=true;SameSite=None; Secure; peerclickcid=ee965f1366dba21ca9a38c91de0814fc-11246-1005; domain=.go.findservice.xyz; path=/;expires=Thu, 06 Oct 2022 18:31:30 GMT; httpOnly=true;SameSite=None; Secure; _norg=1; domain=.go.findservice.xyz; path=/;expires=Thu, 06 Oct 2022 18:31:30 GMT; httpOnly=true;SameSite=None; Secure;
Location: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Vary: Accept


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   292
Md5:    9198bf3ad2f8a70524c3ef3ae87ce6b0
Sha1:   895ece78324a03e83bee0bd06a869c46b3441e63
Sha256: fe708e0c5f33468936466e7d48963e063d467519006488b7288f130a97923a02
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8946402ADBBEE9726D835E1551F6E6D65A65AE62979B8CB10CB6125E6BEE303D"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11754
Expires: Wed, 05 Oct 2022 21:47:25 GMT
Date: Wed, 05 Oct 2022 18:31:31 GMT
Connection: keep-alive

                                        
                                            GET /?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://irene-eux.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 6637
Connection: keep-alive
set-cookie: sid=t2~2kjb3urecuogykkpfns5ibx4; path=/
cache-control: private, no-transform


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (528), with CRLF line terminators
Size:   6637
Md5:    7cc717235443b04716c6cc467543f8e9
Sha1:   90bad3b187fb1f69e6a51ad3feb48a6b131720c1
Sha256: c31e935f12b3e38870e8ecaca8c67f3f58d244a0759dcc2b17a9660f52ea0ef7

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 18:31:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /media/dating/sinderv2/css/bootstrap.min.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 109540
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "03d06426a30f77095d7511e1ca74d225"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F10B1F536BE
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (65367), with CRLF line terminators
Size:   109540
Md5:    03d06426a30f77095d7511e1ca74d225
Sha1:   d1a349294f6fe94ffb17a50097b37bd81e9ba56a
Sha256: 3f7e6f3cb6ba8e2effbdd260131ce0d2f332fb00ba3feca1a5bc9c3ee7f9e2a6

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/js/vegas.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 21792
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "85310f0fc6d54ab6c4aa2a2efa1e8514"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F6FCBECC28B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   21792
Md5:    85310f0fc6d54ab6c4aa2a2efa1e8514
Sha1:   dbd124ed40a22170b23709711d4572ff93c9fe6f
Sha256: 17d0a5e4e45104aec83860cf51f19bb232747a586a74fc841b9771a9aa9e42b2

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 18:31:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /cookie/js.cookie.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 4264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a7e9883924072f15259de6888d5ef515"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E991B0C5822
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (1709), with CRLF line terminators
Size:   4264
Md5:    a7e9883924072f15259de6888d5ef515
Sha1:   7f4f6e5938e68f55aef81e0cd0145f008cd28382
Sha256: 985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /util/flag-icon/css/flag-icon.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 40627
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0a47b937981e7389e3ebe63e4a503066"
Last-Modified: Wed, 31 Aug 2022 09:38:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E9D04DA9DB2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   40627
Md5:    0a47b937981e7389e3ebe63e4a503066
Sha1:   01b395ad016a1d9d15016d765f7d2c51a6e2809b
Sha256: d6afd8d9abc2967f29ad396854cd05b1a12dcf9b7084f944c136ca6f540c5a39

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/css/style.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 19825
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "481d04e228d83633ad28310d09905526"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E43E9328B16
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   19825
Md5:    481d04e228d83633ad28310d09905526
Sha1:   f5c81ac5514271f64001c41f5b03e92df55c1a02
Sha256: 25fc219b42657e82593f2b07e3d4ae7d615031234f9b2732f5457338d779cf30

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/css/vegas.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 19822
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "357c7befa8bdef911f02f48f49e10628"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F56F36EBEB0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   19822
Md5:    357c7befa8bdef911f02f48f49e10628
Sha1:   47972e3c4591058dce82dd3b08bed8e0b8ae5c8f
Sha256: 47f3bef4746b798892c7beff212618616b0950f33f416f03db243578f89135e3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /util/utils.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 7512
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "01816d15ca03032751161a746e2fb7c3"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E991B82E2FF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (641), with CRLF line terminators
Size:   7512
Md5:    01816d15ca03032751161a746e2fb7c3
Sha1:   dcc72ea5fa1356490ba473288159df9786b4a3c3
Sha256: 8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/css/animate.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 61188
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "1cbfbb2c4ef85880799a74ab2f290f2a"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F1324B3CDE4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (460), with CRLF line terminators
Size:   61188
Md5:    1cbfbb2c4ef85880799a74ab2f290f2a
Sha1:   9b6366d6c7ad05010f7070db70fba10754be6e9c
Sha256: bfdad6766b12a3826bf32024f0fc13fffbcee84f102034b9270da7e538451031

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/js/trls.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 17300
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "eb1b6bc6776b3e1f520ad0d6c03a92ad"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3FB44ABF3326
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   17300
Md5:    eb1b6bc6776b3e1f520ad0d6c03a92ad
Sha1:   5adcdd94fd541e5ff347cb317418f77ebcd7a714
Sha256: d87b9de60e8a4d614e0f4e34da021c835852d802f8b6de2aee6a3fa034e3b2b5

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/bb.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 639
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d553e4bac91c74bfee2dbabba61e99e"
Last-Modified: Wed, 31 Aug 2022 09:32:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E96347CD8F2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (639), with no line terminators
Size:   639
Md5:    0d553e4bac91c74bfee2dbabba61e99e
Sha1:   5af71e2377c9c012a7826a695f2724901941b19b
Sha256: 1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/js/timer.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 621
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "40fe503eb84093a37b15e39365ffc587"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F5FD22486F4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   621
Md5:    40fe503eb84093a37b15e39365ffc587
Sha1:   911128043c901314d283fe478477d26e2b3d821a
Sha256: 60b0f0de4c72c1ce9c05b36ba776f12538b1d9b80858b7099068a3e7e0415bc1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/exit-new/exit1.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 3473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "625e5e2950612f771e246beb33c9ea61"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E963F1AAAB9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (641), with CRLF line terminators
Size:   3473
Md5:    625e5e2950612f771e246beb33c9ea61
Sha1:   e4fc251c6c000496c285f8dc3fa097040b031681
Sha256: 618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/images/logo-loveme_white1.svg HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 4564
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "896592d7f2fa3d761c0b767e9399b010"
Last-Modified: Wed, 31 Aug 2022 09:34:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3EC74AD3C8A6
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   4564
Md5:    896592d7f2fa3d761c0b767e9399b010
Sha1:   ed1c0502263392938f4cbdd72afb1a8704bf840e
Sha256: 3417f549b6a1018ee687dd84aec136cb7fba2bb5b4c83cf269f9f8e958cc48de

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "448379F35FE26F24D6CA19289999CCD85D277167510992CE48D4640209E5FFA5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1705
Expires: Wed, 05 Oct 2022 18:59:57 GMT
Date: Wed, 05 Oct 2022 18:31:32 GMT
Connection: keep-alive

                                        
                                            GET /media/dating/sinderv2/fonts/5c92d5d3e39a260d5dd06ced7eca070d.woff2 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Length: 22284
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5c92d5d3e39a260d5dd06ced7eca070d"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F3B031712DC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 22284, version 3.786\012- data
Size:   22284
Md5:    5c92d5d3e39a260d5dd06ced7eca070d
Sha1:   64df09fd462e6bb76890b7782578777b901f2003
Sha256: 2a99c11dd137ef8b515b3a95d2bdb38ec99bf745b2865196aa910628bcb144b9

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/fonts/b796339b324ec08006ca04dca90284cf.woff2 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Length: 21796
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b796339b324ec08006ca04dca90284cf"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F462A2B0AC6
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 21796, version 3.786\012- data
Size:   21796
Md5:    b796339b324ec08006ca04dca90284cf
Sha1:   4283d779705f09e68939572df76c52cb41a3ec68
Sha256: d65bbca022f8953936d6e60b9a59fc27f9bfd74ba96257ffe14df83b3d8eb0e3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/js/jquery.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Length: 93064
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "df6173bad69801a82b84701789ab16c5"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F2F5D1FF60C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Size:   331
Md5:    c7ecfe59439b5fd23924fd206cf2fded
Sha1:   056fbd2b17c7f08bfb480d21973a96bf86fbd72a
Sha256: 4027f3320608508754640a6de4cb1cdabdef4654b5a214e875c134802345683f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/fonts/bcf3bb1b7f7a3436181788e748bae013.woff2 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Length: 14772
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "bcf3bb1b7f7a3436181788e748bae013"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F3B035F185E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 14772, version 3.327\012- data
Size:   14772
Md5:    bcf3bb1b7f7a3436181788e748bae013
Sha1:   8ee24d38f618f070a43619f1d471d90f17d666f1
Sha256: 42e50c76c1bf569cb8b597ffc8cdd18a6f4a311832f46fdc1489145027550781

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/fonts/2e5fca371696cab9fb5a9fe214c1319c.woff2 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Length: 21908
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2e5fca371696cab9fb5a9fe214c1319c"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F67709F618A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 21908, version 3.786\012- data
Size:   21908
Md5:    2e5fca371696cab9fb5a9fe214c1319c
Sha1:   4bd3fe039b2f65d10d1b8c1b30c7962bdc313b7a
Sha256: f8b1a05998ba7e93e5c9f41b004496a3576b8d10d9fafc2f7014894ebc3e72e9

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /ExtService.svc/getextparams HTTP/1.1 
Host: data-jsext.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://girlsdivine.life
Connection: keep-alive
Referer: https://girlsdivine.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.37.5.177
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Length: 515
Connection: keep-alive
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (472), with no line terminators
Size:   515
Md5:    2e2a7f61ae1efa530bbcebf1693ac292
Sha1:   37767c8aa04a870dd713da7cb45e451b4b24d3b9
Sha256: f41890a855fd526c0e7d9702328729cea951b676eec1056e0cdc7250a49e9646
                                        
                                            GET /media/dating/sinderv2/images/scandinavia30.jpg HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Length: 226699
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a388364d8d1e4684a2cd72c68d625b73"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3FD6E0B950D3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2018:12:04 13:04:35], baseline, precision 8, 1980x1080, components 3\012- data
Size:   226699
Md5:    a388364d8d1e4684a2cd72c68d625b73
Sha1:   ce210b5b755bae87788ca2eeca7799d284e8477a
Sha256: 36e0d2fd85c40dfc080246c7f7c426fc23ebd8f7937c86ef2b435c345ec5c2a2

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Connection: keep-alive
Cache-Control: no-transform


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3de74da8-9c15-4010-a6fb-c1e0b5fd8804.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13615
x-amzn-requestid: 3aaef924-99ea-407a-acc6-ec7d294952a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaHG_GDcoAMFfuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a522c-488613591ddf46181bdded50;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:08:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2EtPbSkffJVkwiA3hlDRimFxjNmd2FXv4vwcQZ2aYBsiF4ApXgHrLQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:40:34 GMT
age: 49861
etag: "32a3ebb440b3d770c446bef75c39ce788ffeb034"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13615
Md5:    42ab91a02aa34dbcc6d56e75fd0d7fc5
Sha1:   32a3ebb440b3d770c446bef75c39ce788ffeb034
Sha256: 397373a17846231eb149c3a207574b79c5ca6c7832ffd48da9c8f1e8e0aa9f69
                                        
                                            GET /css?family=Roboto:400,300,700|Raleway:400,700&subset=latin,cyrillic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 05 Oct 2022 18:31:31 GMT
date: Wed, 05 Oct 2022 18:31:31 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---