firefox.settings.services.mozilla.com/v1/
54.230.111.118200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: on7pkQ0Vs5Z8G_IKJzPajy8XxbBaN-9ZLkGh4GesUXZ-ylToSBlfrg==
Age: 9847
toosexyforwords.blogspot.com.tr/
142.250.74.161302 Moved Temporarily 182 B URL HTTP/1.1 toosexyforwords.blogspot.com.tr/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 95a9b78f9c3f039c1b28f6f34c5960ec
04804b6b88259fe30f7a87f67a52495d397861a3
9b32fa8cb73063ae73e4b1dbb67f105c9515f768bfd6e0370a14c1967429e1e5
GET / HTTP/1.1
Host: toosexyforwords.blogspot.com.tr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://toosexyforwords.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Wed, 05 Oct 2022 18:31:25 GMT
Expires: Wed, 05 Oct 2022 18:31:25 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 182
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash eabb7d9ffae717f7305d63c057755470
3b7f0baccfdbb8d9ffefa4a2215d4d6094be454a
ab48f17e54075e1ecf034278e82bcacd2e3689773186cc84fba9b79aac907294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB48F17E54075E1ECF034278E82BCACD2E3689773186CC84FBA9B79AAC907294"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7020
Expires: Wed, 05 Oct 2022 20:28:25 GMT
Date: Wed, 05 Oct 2022 18:31:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
54.230.111.64200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 54.230.111.64:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 05 Oct 2022 04:02:33 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: deod0Aq0vB_G1_bdtyVkCrjGXiHcmR8z_U7OuenBvnpVr30EOvo-LQ==
age: 52133
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 18:31:25 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
toosexyforwords.blogspot.com/
142.250.74.161200 OK 24 kB URL HTTP/1.1 toosexyforwords.blogspot.com/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1495)
Hash 0cd4b20501e98fb3937d0459216e5810
a368a80695bbe602846dd457f58191e0b9ba0983
81deadb947b92db2fe635746308b96538d314e67db264ea1568a690669b68413
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: toosexyforwords.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Wed, 05 Oct 2022 18:31:26 GMT
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: private, max-age=0
Last-Modified: Mon, 13 Dec 2021 03:28:02 GMT
ETag: W/"f687665f3cf8047a1d8173a61eb8ee4e6d27576801db597dba49e798994add5e"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 24456
Server: GSE
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 29305d430d4a98929d99f493c8fa0e09
37e64cc35bce4869f3573c565fdd177dc4e128c0
0557db8eed6f9f794247c44d8b7a8cd99caf6716cc48932ce3b3c1d907493869
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 29305d430d4a98929d99f493c8fa0e09
37e64cc35bce4869f3573c565fdd177dc4e128c0
0557db8eed6f9f794247c44d8b7a8cd99caf6716cc48932ce3b3c1d907493869
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
toosexyforwords.blogspot.com/js/cookienotice.js
142.250.74.161200 OK 2.0 kB URL HTTP/1.1 toosexyforwords.blogspot.com/js/cookienotice.js
IP 142.250.74.161:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
Analyzer Verdict Alert fortinet Malware
GET /js/cookienotice.js HTTP/1.1
Host: toosexyforwords.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 10:32:28 GMT
Expires: Tue, 11 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=604800
Last-Modified: Tue, 04 Oct 2022 09:10:01 GMT
Content-Type: text/javascript
Age: 115138
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 047374e90c9a1e02eb7294c0a9a316a2
3d043355314c0c408f547f1faafd3acd6d481f63
e01b0fb379931c35fd707f8cc75e2d6079f77fd5174c30b75934e130d68ed2a5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 29305d430d4a98929d99f493c8fa0e09
37e64cc35bce4869f3573c565fdd177dc4e128c0
0557db8eed6f9f794247c44d8b7a8cd99caf6716cc48932ce3b3c1d907493869
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
216.58.207.201200 OK 7.8 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
IP 216.58.207.201:0
File type ASCII text, with very long lines (35959)
Hash 5aa2d3297bdc86bc81322aedecbb5e79
1c0a3c007e41726e167e79b70ddea76198650884
feae1fac625d0f30b5f10fa00b62df1a5600cd2178062c427e55f289b29cc630
GET /static/v1/widgets/2975350028-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7776
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 16:35:40 GMT
expires: Thu, 05 Oct 2023 16:35:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 04 Oct 2022 18:55:46 GMT
content-type: text/css
age: 6946
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon18_email.gif
216.58.207.201200 OK 164 B URL HTTP/2 resources.blogblog.com/img/icon18_email.gif
IP 216.58.207.201:0
File type GIF image data, version 89a, 18 x 13\012- data
Hash 36b9f993db1b953f3b9b08040aaf9af4
18248661b307586dc291fd2dff4bb59cf7579475
1258cbe1e2900ec3df11a83a6bb6008d7a833f783a6df80b0d5d45a052ac1466
GET /img/icon18_email.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 02:36:19 GMT
expires: Wed, 12 Oct 2022 02:36:19 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 16:56:41 GMT
content-type: image/gif
age: 57307
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/792789798-widgets.js
216.58.207.201200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/792789798-widgets.js
IP 216.58.207.201:0
File type ASCII text, with very long lines (2221)
Hash 02e6bf311e18828a522b4d3a4079084f
a63cd373fa23b4fe11f938d57737e6bfa1ebe789
25d469843aa09be2473931d33aaa37b65ac371874bd98ca84ec780bead3e33e4
GET /static/v1/widgets/792789798-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56804
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 02:15:20 GMT
expires: Tue, 03 Oct 2023 02:15:20 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Oct 2022 00:49:27 GMT
content-type: text/javascript
age: 231366
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon_feed12.png
216.58.207.201200 OK 500 B URL HTTP/2 resources.blogblog.com/img/icon_feed12.png
IP 216.58.207.201:0
File type PNG image data, 12 x 12, 8-bit colormap, non-interlaced\012- data
Hash 44e7355a788fd1082deff0018883758e
50e3a28a44978e85d13c30522e0c71c8d0b24675
3cd341f37642f8a58b0fe14c2645913449c0ffe10be6ba0986275bfef29bc319
GET /img/icon_feed12.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 500
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 06:40:02 GMT
expires: Wed, 12 Oct 2022 06:40:02 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 22:52:56 GMT
content-type: image/png
age: 42684
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/widgets/subscribe-netvibes.png
216.58.207.201200 OK 1.4 kB URL HTTP/2 resources.blogblog.com/img/widgets/subscribe-netvibes.png
IP 216.58.207.201:0
File type PNG image data, 91 x 17, 8-bit colormap, non-interlaced\012- data
Hash c52a5f4ecb6be5d7e93b23ef4122ee4e
4e698a5f455daf3a8ea1e219b1998079f0546716
71b8ad79c680b3e5d452a792c3b418b23f739a0a34005e0f37ec674f4c78cb5d
GET /img/widgets/subscribe-netvibes.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 1445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 11:47:52 GMT
expires: Sat, 08 Oct 2022 11:47:52 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 14:51:29 GMT
content-type: image/png
age: 369814
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/widgets/subscribe-yahoo.png
216.58.207.201200 OK 580 B URL HTTP/2 resources.blogblog.com/img/widgets/subscribe-yahoo.png
IP 216.58.207.201:0
File type PNG image data, 91 x 17, 8-bit colormap, non-interlaced\012- data
Hash 79f602b6ac18bee79b4e2353a6674010
28accf82263aa1a11bb821439d4d185865662530
bbf9b924cc32bff4738bb54d86905476349f90c8b20f748633e56f64379d553e
GET /img/widgets/subscribe-yahoo.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 02:21:47 GMT
expires: Wed, 12 Oct 2022 02:21:47 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 12:57:07 GMT
content-type: image/png
age: 58179
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/widgets/arrow_dropdown.gif
216.58.207.201200 OK 141 B URL HTTP/2 resources.blogblog.com/img/widgets/arrow_dropdown.gif
IP 216.58.207.201:0
File type GIF image data, version 89a, 13 x 10\012- data
Hash 2964a07d60a4e76b299130fb1b4115f6
3b72dcc19f3ad685513eaba612e07e0ed495f2e1
28ab89f0285c48d2faed701905c185c302f2b389584a52ceaa76a91ea64dc3a7
GET /img/widgets/arrow_dropdown.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 141
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 10:36:43 GMT
expires: Wed, 12 Oct 2022 10:36:43 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 04:51:44 GMT
content-type: image/gif
age: 28483
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon18_edit_allbkg.gif
216.58.207.201200 OK 162 B URL HTTP/2 resources.blogblog.com/img/icon18_edit_allbkg.gif
IP 216.58.207.201:0
File type GIF image data, version 89a, 18 x 18\012- data
Hash c991641178ff05adf0d004298b5eafa9
d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 19:52:13 GMT
expires: Sat, 08 Oct 2022 19:52:13 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 19:52:35 GMT
content-type: image/gif
age: 340753
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/js/platform.js
142.250.74.174200 OK 20 kB URL HTTP/2 apis.google.com/js/platform.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1277)
Hash b5a31516be83fe4f962609045d824f88
939a49a9858bf23561279f9ca2d1941d3256c66f
edb661aa461800e97e3847608a8b2d81cfe345f69a6f84abaa001d8a60500328
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20361
date: Wed, 05 Oct 2022 18:31:26 GMT
expires: Wed, 05 Oct 2022 18:31:26 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "40c22a9ccbd70870"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 29305d430d4a98929d99f493c8fa0e09
37e64cc35bce4869f3573c565fdd177dc4e128c0
0557db8eed6f9f794247c44d8b7a8cd99caf6716cc48932ce3b3c1d907493869
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
4.bp.blogspot.com/-OsognF9zEA4/UiNPoeffVgI/AAAAAAAAARQ/rFg1qkGspjQ/s320/ac.jpg
142.250.74.161200 OK 24 kB URL HTTP/1.1 4.bp.blogspot.com/-OsognF9zEA4/UiNPoeffVgI/AAAAAAAAARQ/rFg1qkGspjQ/s320/ac.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x259, components 3\012- data
Hash a97f896a81b86755de84c02a8ee37020
fb245a801e0ccfd57909591d7ff3051948f17e0d
bcd65755fa9113d4ba33419255ce7c5055e0500d96b1b40e11f36d8160831ae1
GET /-OsognF9zEA4/UiNPoeffVgI/AAAAAAAAARQ/rFg1qkGspjQ/s320/ac.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="ac.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 24510
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v115"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-N-8MRPZzbL0/UiNQIroO5bI/AAAAAAAAASQ/-tG5_zHctaE/s320/MVI_9543a.jpg
142.250.74.161200 OK 19 kB URL HTTP/1.1 3.bp.blogspot.com/-N-8MRPZzbL0/UiNQIroO5bI/AAAAAAAAASQ/-tG5_zHctaE/s320/MVI_9543a.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Hash a09837187a8a3c2a1642478dec669afd
0dd0a7851b7d1cfc8b9e7d0bd7cdf24a2808119f
c0a9a7b1268746d4f9d89e87ba30d761d7f03744896b3b9d2eb23160de7033dc
GET /-N-8MRPZzbL0/UiNQIroO5bI/AAAAAAAAASQ/-tG5_zHctaE/s320/MVI_9543a.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9543a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19422
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v125"
Content-Type: image/jpeg
Age: 0
www.blogger.com/dyn-css/authorization.css?targetBlogID=6116713463870618879&zx=34234300-3bb2-470f-87e2-7517cbb0192f
216.58.207.201200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=6116713463870618879&zx=34234300-3bb2-470f-87e2-7517cbb0192f
IP 216.58.207.201:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=6116713463870618879&zx=34234300-3bb2-470f-87e2-7517cbb0192f HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 05 Oct 2022 18:31:26 GMT
last-modified: Wed, 05 Oct 2022 18:31:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/img/share_buttons_20_3.png
216.58.207.201200 OK 5.1 kB URL HTTP/2 www.blogger.com/img/share_buttons_20_3.png
IP 216.58.207.201:0
File type PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash ad9999106d5f550920b586e8e1704e5a
93fd02c51166402a41f96509cd0ca3fb917877dd
3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3
GET /img/share_buttons_20_3.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 5080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 07:14:19 GMT
expires: Sat, 08 Oct 2022 07:14:19 GMT
cache-control: public, max-age=604800
last-modified: Fri, 30 Sep 2022 19:52:35 GMT
content-type: image/png
age: 386227
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs
142.250.74.174200 OK 58 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (580)
Hash d70fcc84d705c565b31a5835c0938d5b
d28e5dc9fcc6239d67986df3205468072023d2d7
1d558c94793446aa6a7832dde0c39ed7d9c77fd963ffb738c460e4f7369a7f4e
GET /_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57995
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 07:25:42 GMT
expires: Mon, 02 Oct 2023 07:25:42 GMT
cache-control: public, max-age=31536000
age: 299144
last-modified: Sat, 30 Jul 2022 15:17:53 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
142.250.74.162200 OK 67 B URL HTTP/1.1 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 142.250.74.162:0
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 08:27:21 GMT
Expires: Wed, 19 Oct 2022 08:27:21 GMT
Cache-Control: public, max-age=1209600
ETag: 13036835877489095579
Content-Type: text/javascript; charset=UTF-8
Age: 36245
4.bp.blogspot.com/-nofOed0e_IM/UiNP-_XXMvI/AAAAAAAAASA/yIY0xzqoTe8/s320/MVI_0842c.jpg
142.250.74.161200 OK 10 kB URL HTTP/1.1 4.bp.blogspot.com/-nofOed0e_IM/UiNP-_XXMvI/AAAAAAAAASA/yIY0xzqoTe8/s320/MVI_0842c.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Hash b3b376d0decad8ffe5d777382a03be6f
ea45b21ee6d7ebc8efcfd2837f82d2e9c2389f88
d6ef22fbb037ed3f0147f1c8778d513dd11dcf506ccaed363a391a58da5b90fe
GET /-nofOed0e_IM/UiNP-_XXMvI/AAAAAAAAASA/yIY0xzqoTe8/s320/MVI_0842c.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v121"
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="MVI_0842c.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 18:31:26 GMT
Server: fife
Content-Length: 10298
X-XSS-Protection: 0
4.bp.blogspot.com/-X-bPabIGKvs/UiNPYZT51GI/AAAAAAAAAQo/2D_X8LFUPyQ/s320/5a.jpg
142.250.74.161200 OK 13 kB URL HTTP/1.1 4.bp.blogspot.com/-X-bPabIGKvs/UiNPYZT51GI/AAAAAAAAAQo/2D_X8LFUPyQ/s320/5a.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 308x320, components 3\012- data
Hash d30a66f2f0d22a759296abe92fa316f7
97189ba80391d7509148b285fae526c6773a0294
86b7c1b91a612bc53d4072eaaeb7ce925686ec1c94c68877ba94efbd85579b86
GET /-X-bPabIGKvs/UiNPYZT51GI/AAAAAAAAAQo/2D_X8LFUPyQ/s320/5a.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="5a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13106
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v10b"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-swqFdlgpbz4/UjXC2itFwGI/AAAAAAAAAT4/jI6Dp0VL-J4/s320/MVI_9000j.jpg
142.250.74.161200 OK 18 kB URL HTTP/1.1 2.bp.blogspot.com/-swqFdlgpbz4/UjXC2itFwGI/AAAAAAAAAT4/jI6Dp0VL-J4/s320/MVI_9000j.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Hash ef9285616130fbbe0a7cc08f636f1f13
d6a3a87b4202bdbec8da03f0f541e472cf4b70bd
375526fc7ebd1a66e47d096c707e6124dbf044bfc770970fbecef07a9dd8f498
GET /-swqFdlgpbz4/UjXC2itFwGI/AAAAAAAAAT4/jI6Dp0VL-J4/s320/MVI_9000j.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9000j.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 17826
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v13f"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-W2cx1Bg69nk/UiNPejKuesI/AAAAAAAAAQ4/caXxiJ9UiT8/s320/22.jpg
142.250.74.161200 OK 19 kB URL HTTP/1.1 2.bp.blogspot.com/-W2cx1Bg69nk/UiNPejKuesI/AAAAAAAAAQ4/caXxiJ9UiT8/s320/22.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x292, components 3\012- data
Hash dc4e81cbee94f7bb1b3eabf96b451486
e55057fa20214e9fbf92d1e8f8dc1e634f249100
920b23f898797e57a7a364f9b9f097568cbf3c74593ddde4a8883d06d81f8720
GET /-W2cx1Bg69nk/UiNPejKuesI/AAAAAAAAAQ4/caXxiJ9UiT8/s320/22.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="22.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19209
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v10f"
Content-Type: image/jpeg
Age: 0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=profile/exm=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_1?le=scs
142.250.74.174200 OK 12 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=profile/exm=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_1?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (536)
Hash e4fb51c04ea660686e6550b82c1a18ca
a58d0f29017553ee017db3ff88682c046481baf6
9d1a0929c0bad4402483d5fa706f3433a06414cd5514a3cd48ae6c4a1b61f8cc
GET /_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=profile/exm=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_1?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 12103
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 04:22:47 GMT
expires: Sun, 01 Oct 2023 04:22:47 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 30 Jul 2022 15:17:53 GMT
content-type: text/javascript; charset=UTF-8
age: 396519
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
4.bp.blogspot.com/-bETTSn7a3jE/UiNP7C-7lUI/AAAAAAAAAR4/Rw6VLCKwqV0/s320/MVI_0292a.jpg
142.250.74.161200 OK 12 kB URL HTTP/1.1 4.bp.blogspot.com/-bETTSn7a3jE/UiNP7C-7lUI/AAAAAAAAAR4/Rw6VLCKwqV0/s320/MVI_0292a.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 171x320, components 3\012- data
Hash c5d0cc0932a011c72b7ac29e724a6019
8188ee0b0d5f72526e7cc10ab86b408edb67f58a
c238401fff0a7a39214e4e126e4cb4a653d22747ae5a9abce104ee88712c057f
GET /-bETTSn7a3jE/UiNP7C-7lUI/AAAAAAAAAR4/Rw6VLCKwqV0/s320/MVI_0292a.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_0292a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 11955
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v11f"
Content-Type: image/jpeg
Age: 0
4.bp.blogspot.com/-BBsaLr-gQ3I/UjXCWu8AlcI/AAAAAAAAASo/FgU8inYk4Bs/s320/1.jpg
142.250.74.161200 OK 17 kB URL HTTP/1.1 4.bp.blogspot.com/-BBsaLr-gQ3I/UjXCWu8AlcI/AAAAAAAAASo/FgU8inYk4Bs/s320/1.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x229, components 3\012- data
Hash 37629fa165c183504ca19d2313f1d236
0ee9998f0bebe0be6b015679efaf4987e7e1d6ce
466542845248756086e57edba1721c87a48e63b2ed0dbd8f9a90d6b57495d706
GET /-BBsaLr-gQ3I/UjXCWu8AlcI/AAAAAAAAASo/FgU8inYk4Bs/s320/1.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="1.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 17032
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v12b"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-t3YLAex0sco/UfkbmqTBXMI/AAAAAAAAAP0/yPnP_P-ikvM/s320/042913306.jpg
142.250.74.161200 OK 31 kB URL HTTP/1.1 3.bp.blogspot.com/-t3YLAex0sco/UfkbmqTBXMI/AAAAAAAAAP0/yPnP_P-ikvM/s320/042913306.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 288x320, components 3\012- data
Hash a768b0972fae50271429638b2e6a3eb0
0180c70b6401a274ffd121e592cef85d5a3cefb2
865e4eee4d61f8fbbfdb875e7f45484c8e7106d16ab29a5b46c102fa88635993
GET /-t3YLAex0sco/UfkbmqTBXMI/AAAAAAAAAP0/yPnP_P-ikvM/s320/042913306.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="042913306.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 30702
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vfe"
Content-Type: image/jpeg
Age: 0
4.bp.blogspot.com/-6RjHJzZRaJ4/UjXCjXBs6WI/AAAAAAAAATI/L4dzN9ixbS0/s320/8.jpg
142.250.74.161200 OK 14 kB URL HTTP/1.1 4.bp.blogspot.com/-6RjHJzZRaJ4/UjXCjXBs6WI/AAAAAAAAATI/L4dzN9ixbS0/s320/8.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x169, components 3\012- data
Hash 1e121e4d316f32fea05c0676b1ff3ff9
5fdee2841b662515e6ee5aeb3997bfeea91fe2a8
b8d145e496d31eed4b6062fa6c6c2a9997b742a750120b737b876172743f8071
GET /-6RjHJzZRaJ4/UjXCjXBs6WI/AAAAAAAAATI/L4dzN9ixbS0/s320/8.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="8.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 13737
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v133"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-IVNObjkfQuk/UjXCzeiHz_I/AAAAAAAAATw/9GeNrV1JUX0/s320/MVI_1458d.jpg
142.250.74.161200 OK 18 kB URL HTTP/1.1 2.bp.blogspot.com/-IVNObjkfQuk/UjXCzeiHz_I/AAAAAAAAATw/9GeNrV1JUX0/s320/MVI_1458d.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x259, components 3\012- data
Hash 801792f3ef4f90ad50fff10b8c5ef802
cd0cf81f266e4bafbacc036a717da9276aa517a9
6d699b4d934d6716d3ff5ae9ed6693a7eb08729d333f3f15dd594272e76856c7
GET /-IVNObjkfQuk/UjXCzeiHz_I/AAAAAAAAATw/9GeNrV1JUX0/s320/MVI_1458d.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_1458d.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 18538
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v13d"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-wwwQEraY-k4/UiNQN-hlfyI/AAAAAAAAASY/clEiapzlLxs/s320/MVI_9734e.jpg
142.250.74.161200 OK 20 kB URL HTTP/1.1 2.bp.blogspot.com/-wwwQEraY-k4/UiNQN-hlfyI/AAAAAAAAASY/clEiapzlLxs/s320/MVI_9734e.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x298, components 3\012- data
Hash 204bba7d342a02160332f15d9ca41dfb
2651fc04d29b5552aff23d491193a9d711887259
670772f4f8b82a7b38a80c6dde77221cab7b1d34f0c98bb631823d7893959c65
GET /-wwwQEraY-k4/UiNQN-hlfyI/AAAAAAAAASY/clEiapzlLxs/s320/MVI_9734e.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9734e.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19577
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v127"
Content-Type: image/jpeg
Age: 0
2.bp.blogspot.com/-uki4CvmOX8c/UiNPUlO_A_I/AAAAAAAAAQg/B1jRy9mj2KE/s320/5.jpg
142.250.74.161200 OK 15 kB URL HTTP/1.1 2.bp.blogspot.com/-uki4CvmOX8c/UiNPUlO_A_I/AAAAAAAAAQg/B1jRy9mj2KE/s320/5.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 264x320, components 3\012- data
Hash 0ece2951d54cf742b5b1bc8026f9b289
8251970708b3201d633f41ac325d75aa57ad6986
3bdbcdd50fe48eb5560dcc17d7ba2ad09cf952069cf6721a0d64a5fa289999c8
GET /-uki4CvmOX8c/UiNPUlO_A_I/AAAAAAAAAQg/B1jRy9mj2KE/s320/5.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v109"
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="5.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 18:31:26 GMT
Server: fife
Content-Length: 15245
X-XSS-Protection: 0
2.bp.blogspot.com/-KyPM6sFusA8/UjXCZ8a5pqI/AAAAAAAAASw/lxZo7ZYDzIE/s320/3.jpg
142.250.74.161200 OK 16 kB URL HTTP/1.1 2.bp.blogspot.com/-KyPM6sFusA8/UjXCZ8a5pqI/AAAAAAAAASw/lxZo7ZYDzIE/s320/3.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x235, components 3\012- data
Hash 8c0f611a229567a8c041dcfa366cf08b
3b85131275b3cd39e10dd04964bb2c9ebc426cde
9a1099e40a9abbfd73ba9b7926321e2f156b97d5cb1f92016846a0899be9505a
GET /-KyPM6sFusA8/UjXCZ8a5pqI/AAAAAAAAASw/lxZo7ZYDzIE/s320/3.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v12d"
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="3.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 18:31:26 GMT
Server: fife
Content-Length: 15499
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 29305d430d4a98929d99f493c8fa0e09
37e64cc35bce4869f3573c565fdd177dc4e128c0
0557db8eed6f9f794247c44d8b7a8cd99caf6716cc48932ce3b3c1d907493869
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3.bp.blogspot.com/-OXoxWppfsiE/UjXCdL9IJyI/AAAAAAAAAS4/YRE3s7bsxzQ/s320/4.jpg
142.250.74.161200 OK 14 kB URL HTTP/1.1 3.bp.blogspot.com/-OXoxWppfsiE/UjXCdL9IJyI/AAAAAAAAAS4/YRE3s7bsxzQ/s320/4.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x177, components 3\012- data
Hash 279ec2d53aa77e5671340ffb372dac34
8e42886d6fa760f3c399c484dbf2c7d747d74480
afc43a34a70a10f1be542947083a8c7fd42fa925058673af91be25d744c88729
GET /-OXoxWppfsiE/UjXCdL9IJyI/AAAAAAAAAS4/YRE3s7bsxzQ/s320/4.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="4.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 14038
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v12f"
Content-Type: image/jpeg
Age: 0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1561c6be7c89d1357a80d12de47b6e74
9a705277922ecca583c867af58b3efce099f83bd
e33dc034dbf4b3b627cd3c1af2d942e2ca5704ec9a4aad5c46ad39eb070e82ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6595
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:26 GMT
Last-Modified: Wed, 05 Oct 2022 16:41:31 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
1.bp.blogspot.com/-Y7DR4TQZd1g/UiNPwEhj8aI/AAAAAAAAARg/rsJ9wiDz87s/s320/IMG_1271.jpg
142.250.74.161200 OK 8.4 kB URL HTTP/1.1 1.bp.blogspot.com/-Y7DR4TQZd1g/UiNPwEhj8aI/AAAAAAAAARg/rsJ9wiDz87s/s320/IMG_1271.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 111x320, components 3\012- data
Hash 054bbba1f028caa42f4c9693bc04cc1c
96cfa778f74b45ee1b4af4aa0351adad6a1b1a58
7c043818630c54e563b986c64cecb572fa3767b7c876c69312e330ba4862fb73
GET /-Y7DR4TQZd1g/UiNPwEhj8aI/AAAAAAAAARg/rsJ9wiDz87s/s320/IMG_1271.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_1271.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 8444
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v119"
Content-Type: image/jpeg
Age: 0
4.bp.blogspot.com/-jIywZ0SU1hc/TaCterMXbpI/AAAAAAAAAAM/15MikKlCpg4/w1600/Dirty%252C%2BSexy%2BGirls%2Bsmall.jpg
142.250.74.161200 OK 34 kB URL HTTP/1.1 4.bp.blogspot.com/-jIywZ0SU1hc/TaCterMXbpI/AAAAAAAAAAM/15MikKlCpg4/w1600/Dirty%252C%2BSexy%2BGirls%2Bsmall.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 465x700, components 3\012- data
Hash d84d9cbac0e98c2f606027eda41d8b6b
edd22ddb8245d1f254eaa7c5957350ef98bb642d
f9f58b9e625a286d3cfdee358395427dacde87814cc9314ea702230daadbe448
GET /-jIywZ0SU1hc/TaCterMXbpI/AAAAAAAAAAM/15MikKlCpg4/w1600/Dirty%252C%2BSexy%2BGirls%2Bsmall.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="Dirty, Sexy Girls small.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 33815
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 14:34:41 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v3"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-xPSKR5Nl210/UiNP3VXPIrI/AAAAAAAAARw/HzdLa3dpInU/s320/jf.jpg
142.250.74.161200 OK 31 kB URL HTTP/1.1 3.bp.blogspot.com/-xPSKR5Nl210/UiNP3VXPIrI/AAAAAAAAARw/HzdLa3dpInU/s320/jf.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 249x320, components 3\012- data
Hash d441a709b7201b7d3bf7f635e289aedd
4fd5fc82ddc5491e5c94d295fe1c562db90a12be
fe34eb1c04a570d1241f351e8ce723c3978c30685e2729dccb25c9d27cd82839
GET /-xPSKR5Nl210/UiNP3VXPIrI/AAAAAAAAARw/HzdLa3dpInU/s320/jf.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="jf.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 30829
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v11d"
Content-Type: image/jpeg
Age: 0
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.118200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 18:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 05 Oct 2022 18:46:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gQYYuQOJeCMFxOUq9Zc4NRmHmhcVIwtZvNpV7q0oMSjhBKLgqNxcAg==
Age: 113
cdn.widgetserver.com/syndication/subscriber/InsertWidget.js
45.33.2.79200 OK 157 B URL HTTP/1.1 cdn.widgetserver.com/syndication/subscriber/InsertWidget.js
IP 45.33.2.79:0
Hash 67e216a27dda24bdcb086c2385b0cb99
17141c80f5d32bec3691c5ab24741d8b7dd5f0c6
9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7
Analyzer Verdict Alert fortinet Malware
GET /syndication/subscriber/InsertWidget.js HTTP/1.1
Host: cdn.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Wed, 05 Oct 2022 18:31:26 GMT
content-type: application/javascript
content-length: 157
last-modified: Fri, 09 Mar 2018 19:33:30 GMT
etag: "5aa2e18a-9d"
accept-ranges: bytes
connection: close
3.bp.blogspot.com/-OHUAEFnddFM/UjXCsvSyesI/AAAAAAAAATg/nlD5yGF7WA4/s320/IMG_4677.jpg
142.250.74.161200 OK 20 kB URL HTTP/1.1 3.bp.blogspot.com/-OHUAEFnddFM/UjXCsvSyesI/AAAAAAAAATg/nlD5yGF7WA4/s320/IMG_4677.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 320x240, components 3\012- data
Hash 94499f87413ae8f2f3b6b33d2aa64cdf
197ed653d6fbeb463660bef2447e4c3c806f572b
964b9174af21d668fcd13c6432ce3c682c71dbc19b0e069479d09197ac41717b
GET /-OHUAEFnddFM/UjXCsvSyesI/AAAAAAAAATg/nlD5yGF7WA4/s320/IMG_4677.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_4677.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 20224
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v139"
Content-Type: image/jpeg
Age: 0
1.bp.blogspot.com/-QzqDJOmBONk/UcEBpDALKbI/AAAAAAAAAPI/ACUTr0EqBDI/s320/securedownload+(5).jpg
142.250.74.161200 OK 23 kB URL HTTP/1.1 1.bp.blogspot.com/-QzqDJOmBONk/UcEBpDALKbI/AAAAAAAAAPI/ACUTr0EqBDI/s320/securedownload+(5).jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 320x204, components 3\012- data
Hash ec6cea9c14654299c30ac53941dfa881
32228e7be11462b44977bad3018bcf858089f5af
f01e63a74782fc947db0eec8507291ea7b187d65013b4e1f6a0cd336cd97ccb9
GET /-QzqDJOmBONk/UcEBpDALKbI/AAAAAAAAAPI/ACUTr0EqBDI/s320/securedownload+(5).jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="securedownload (5).jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 22906
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf3"
Content-Type: image/jpeg
Age: 0
3.bp.blogspot.com/-YtoennbnYDc/UjXCwRYOdfI/AAAAAAAAATo/xkBWNWi2qEY/s320/MVI_1223a.jpg
142.250.74.161200 OK 17 kB URL HTTP/1.1 3.bp.blogspot.com/-YtoennbnYDc/UjXCwRYOdfI/AAAAAAAAATo/xkBWNWi2qEY/s320/MVI_1223a.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x256, components 3\012- data
Hash 51a77979b221b60014c0fda4de2990c4
84161a2e4ad041019cea02d6cb21bb546bb9f083
0dc597a116b37a97bf62898dcb20a532c9c2b0feee34baad1b83684dc1a1baa8
GET /-YtoennbnYDc/UjXCwRYOdfI/AAAAAAAAATo/xkBWNWi2qEY/s320/MVI_1223a.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_1223a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 16699
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v13b"
Content-Type: image/jpeg
Age: 0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f9371f81e2eeeead7fe351a49f3b1c40
ae23d6c6c57dd7cf568c3a74594c377b7bb7df43
03c4ba0faa3199d061d1bb37df5d48ba6d81f77a83e243922075efc4d4acf456
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1.bp.blogspot.com/-cSNZKRAmze4/UcEBklnoRoI/AAAAAAAAAPA/u8hBHj1Eras/s320/securedownload+(4).jpg
142.250.74.161200 OK 19 kB URL HTTP/1.1 1.bp.blogspot.com/-cSNZKRAmze4/UcEBklnoRoI/AAAAAAAAAPA/u8hBHj1Eras/s320/securedownload+(4).jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 320x144, components 3\012- data
Hash 9faaeb1297873d21d113531a1e96261b
386611acb5d4131934cb90e4007eece8371f23b2
6a80539d080a0ccbb37c627d8889310c72948b8f94a447774453b042aff1e942
GET /-cSNZKRAmze4/UcEBklnoRoI/AAAAAAAAAPA/u8hBHj1Eras/s320/securedownload+(4).jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="securedownload (4).jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19306
X-XSS-Protection: 0
Date: Wed, 05 Oct 2022 18:31:26 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "vf1"
Content-Type: image/jpeg
Age: 0
push.services.mozilla.com/
44.238.3.246101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.3.246:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MnKIdYjYwBtA+CkA4aXFKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Zej3cqk0aLPjv4BdMk6c3Wew4TQ=
cdn.widgetserver.com/
198.58.118.167200 OK 7.2 kB IP 198.58.118.167:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (338)
Hash fdf39b5fe47212d89784f9cf9b23f94a
b0180584affb2b217f237781ff81598692f7ec24
74f33eac13a698b51c1819c58715e7920ac07b0b39fa2f78b90807c0bb09d8fe
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: cdn.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Wed, 05 Oct 2022 18:31:26 GMT
content-type: text/html; charset=utf-8
content-length: 7182
vary: Accept-Language
content-language: en
connection: close
cdn.widgetserver.com/favicon.ico
198.58.118.167200 OK 43 B URL HTTP/1.1 cdn.widgetserver.com/favicon.ico
IP 198.58.118.167:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /favicon.ico HTTP/1.1
Host: cdn.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.widgetserver.com/
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Wed, 05 Oct 2022 18:31:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
connection: close
cdn.widgetserver.com/mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBePK3fc_X-JBQYxCCykM-dKwEcEMBNTEwpxHrRmxQH3OSDuSK2qK6EtGVhZTny5Y-LaaBG1i3ar24DxwAdqAeqe_WwuZW85QWS-cojQ5x2ANB1x17c6h_rspXu7XozrLkIwHbbYw_3CHKctBD9_8JN4fl79F_w:1og9B0:kBXS8xvhjL6o7bpCGdPa7CDyRKU/1/0
198.58.118.167200 OK 256 B URL HTTP/1.1 cdn.widgetserver.com/mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBePK3fc_X-JBQYxCCykM-dKwEcEMBNTEwpxHrRmxQH3OSDuSK2qK6EtGVhZTny5Y-LaaBG1i3ar24DxwAdqAeqe_WwuZW85QWS-cojQ5x2ANB1x17c6h_rspXu7XozrLkIwHbbYw_3CHKctBD9_8JN4fl79F_w:1og9B0:kBXS8xvhjL6o7bpCGdPa7CDyRKU/1/0
IP 198.58.118.167:0
File type ASCII text, with no line terminators
Hash cb4a528169e7e4f4419ec6717571876e
c04e83679cdf2a4ac367d28081d1668c8f960aa7
a163c3c13b15a0120f8032fb97ed402fc27d3cae8812638fc0567ee901f221ab
Analyzer Verdict Alert fortinet Malware
GET /mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBePK3fc_X-JBQYxCCykM-dKwEcEMBNTEwpxHrRmxQH3OSDuSK2qK6EtGVhZTny5Y-LaaBG1i3ar24DxwAdqAeqe_WwuZW85QWS-cojQ5x2ANB1x17c6h_rspXu7XozrLkIwHbbYw_3CHKctBD9_8JN4fl79F_w:1og9B0:kBXS8xvhjL6o7bpCGdPa7CDyRKU/1/0 HTTP/1.1
Host: cdn.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cdn.widgetserver.com/
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Wed, 05 Oct 2022 18:31:27 GMT
content-type: text/html; charset=utf-8
content-length: 256
x-mtm-path: 4
x-mtm-prov: 1:6.31;70:0.00
x-mtm-rd: 0.53
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJjZG4ud2lkZ2V0c2VydmVyLmNvbSIsImh0dHA6Ly93d3cxLndpZGdldHNlcnZlci5jb20vP3RtPTEmc3ViaWQ0PTE2NjQ5OTQ2ODcuMDExMDE4MDAwMCZLVzE9RXVyb3BlJTIwRGVkaWNhdGVkJTIwU2VydmVycyZLVzI9Tm9yd2F5JTIwRGVkaWNhdGVkJTIwU2VydmVycyZLVzM9T3NsbyUyMENvdW50eSUyMERlZGljYXRlZCUyMFNlcnZlcnMmS1c0PU9zbG8lMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJktXNT1DdXN0b20lMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJnNlYXJjaGJveD0wJmJhY2tmaWxsPTAiLDEsIjIwMjItMTAtMDUgMTg6MzE6MjciLDEsIjE2NjQ5OTQ2ODcuMDExMDE4MDAwMCIsMSxudWxsLG51bGxd:1og9B1:m20yhfLfW173ahxkmdI6idgdCfQ; expires=Wed, 05-Oct-2022 19:31:27 GMT; Max-Age=3600; Path=/
connection: close
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3267
Expires: Wed, 05 Oct 2022 19:25:55 GMT
Date: Wed, 05 Oct 2022 18:31:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4fc2ddd86450d64d3fb659ab4e78be58
bbe71936b78a8c34d03ab87948dc840b35c6948f
84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aeOU8fGkf5uHuYZ79k17EzxiFnwm0_z7SeZJElgwECzRyhR2N_SYJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:06:09 GMT
age: 51919
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1de7c17a0ba9295135e7f8b490b6a8d3
70e8d1589f3daf71378965dd197934e220fb6aa4
ee559ce3166479e2b930be7d18525f5c2d164aed8ca005302ddaf3bfe37eec24
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8926
x-amzn-requestid: 27fc8976-af8d-40a3-b701-0642fa135ec4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1GSbIAMFTiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4d4c7837576e0fdb5828fe3b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YzVofPSJC-YVU1Q1V9AnjNeQTa1BQEh6ZiH2HjSeeX5RygysFP7oAA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:25 GMT
age: 74883
etag: "70e8d1589f3daf71378965dd197934e220fb6aa4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 100559d746bedd7c3802661c875c35ee
5261a6c2ee6d6cc87e91ee82e32d8be234db393e
ff06f31267ddcc9a0d84ddc68932872bfed29d072783c3a1dd3790d41c280aec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8816
x-amzn-requestid: b9f3ec8a-f478-4405-b275-e21f2d7d89d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKK7gFPJIAMF-7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f1e3-250348e6140f3c74762263ea;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8f83Wv7OrO7NOd1y1LXjfphRmJjdwrkcAxrxUN4A4qSgsEzIQMq81g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 22:38:40 GMT
age: 71568
etag: "5261a6c2ee6d6cc87e91ee82e32d8be234db393e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d7d7df8d4c440f9db445c3d99e818d6
612b6dbd4ba895c167964ff7e6d9263013b52b0a
bf527a814c78f9e010cce4ba593c9146d54a2137d1f147f7a6250fbad81956ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3585
x-amzn-requestid: 43c510d4-d87c-4665-a132-d798b836d415
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaJbLHEOoAMFfxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a55e0-614faff31425ff183b7ca4dd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:24:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d1LCc44Gj_0Je8adu7Iv3I9MwkaDPgWqlNHI96UAtZub22l210J65A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:53:07 GMT
age: 49101
etag: "612b6dbd4ba895c167964ff7e6d9263013b52b0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 229c99cfb655a8c9f1a22de69fdff73c
6b5db8fbfb56f083d54b13e7660d0e4bc866aa00
f4099e9153c3dc481add95b0f24dbb8f6d65cc74ad5631d9cb6c6f2a0351843d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7021
x-amzn-requestid: 2e30bdac-360e-4d0a-8bb7-c3144e074abe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8ucHb1oAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7f5-18ba6bc50cb32b1e14c882bd;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: UPEhTwAYEIRy-Cnb0ITefEotLyg3rFe_NaGy92xwWe_7hrdo6UQLwQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:56:53 GMT
age: 74075
etag: "6b5db8fbfb56f083d54b13e7660d0e4bc866aa00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3257b782efae9b64e6e18a547866ec50
4daf0c001e86af8477fb097e8ca932edb8e5f981
899f9692e86405aa288d88dd285a6fe26bedab1a2ca4693212476063890b01a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5832
x-amzn-requestid: c4427edd-3d71-47d0-a2d3-b3bfed089535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1FuUoAMFhBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-46ddff150da4141d23fc0d8a;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iR82CJ6A06dpqy_nm6JrmjeUJT-uhI5rr0dr6ZnhrQQo9Jqxh10qRQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:43 GMT
age: 74865
etag: "4daf0c001e86af8477fb097e8ca932edb8e5f981"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
99.83.136.84200 OK 2.5 kB URL HTTP/1.1 www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
IP 99.83.136.84:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2246)
Hash 55c215ec5e5c5f3dbbd202c4743f21bd
0fa473c6cccd354a497560e9fbf0a0f059a37271
61b6e8dbd69152d963ce19228b5cc23edc7fbd9db06d6887b30b3a51fbacd7f6
GET /?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0 HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.widgetserver.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 18:31:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/js3.js
54.230.245.130200 OK 1.1 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP 54.230.245.130:0
File type ASCII text, with very long lines (506)
Hash 64b79b43df8fbf2c5d082964b9116a68
dc3c763519baf0f4c32bb60bfc429651a491ea01
c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637
GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Wed, 05 Oct 2022 09:14:34 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dpEmSWgabrbhrbNzbza45IfSS1jVAz3gDtNQZAVP9AczFVZpGMIeFg==
Age: 33414
www1.widgetserver.com/track.php?domain=widgetserver.com&toggle=browserjs&uid=MTY2NDk5NDY4Ny45MjQyOmE2Yjk0NzQyMzM3MDBhOTBjMDk0NTI2ZWFiYjJjNjE2YjBkMjljZjhlZmI5ZDk2OTllOGUwZWJmNjY0NWZlZjc6NjMzZGNkN2ZlMWE0NA%3D%3D
99.83.136.84200 OK 20 B URL HTTP/1.1 www1.widgetserver.com/track.php?domain=widgetserver.com&toggle=browserjs&uid=MTY2NDk5NDY4Ny45MjQyOmE2Yjk0NzQyMzM3MDBhOTBjMDk0NTI2ZWFiYjJjNjE2YjBkMjljZjhlZmI5ZDk2OTllOGUwZWJmNjY0NWZlZjc6NjMzZGNkN2ZlMWE0NA%3D%3D
IP 99.83.136.84:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=widgetserver.com&toggle=browserjs&uid=MTY2NDk5NDY4Ny45MjQyOmE2Yjk0NzQyMzM3MDBhOTBjMDk0NTI2ZWFiYjJjNjE2YjBkMjljZjhlZmI5ZDk2OTllOGUwZWJmNjY0NWZlZjc6NjMzZGNkN2ZlMWE0NA%3D%3D HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 18:31:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www1.widgetserver.com/ls.php
99.83.136.84201 Created 0 B URL HTTP/1.1 www1.widgetserver.com/ls.php
IP 99.83.136.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2198
Origin: http://www1.widgetserver.com
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
HTTP/1.1 201 Created
Date: Wed, 05 Oct 2022 18:31:29 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 633dcd81fd94e23518795a87
Charset: utf-8
Access-Control-Allow-Origin: http://www1.widgetserver.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_SUPSYTS2PCRh8Ls5zp1NSmxeij00Qvlwhvjl2cyGx0vBj3mon9/x1+ONnws1ZpP257yznaZ50Ban0jeT28eI6Q==
www1.widgetserver.com/favicon.ico
99.83.136.84200 OK 0 B URL HTTP/1.1 www1.widgetserver.com/favicon.ico
IP 99.83.136.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 18:31:29 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www1.widgetserver.com/track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=widgetserver.com&uid=MTY2NDk5NDY4Ny45MjQyOmE2Yjk0NzQyMzM3MDBhOTBjMDk0NTI2ZWFiYjJjNjE2YjBkMjljZjhlZmI5ZDk2OTllOGUwZWJmNjY0NWZlZjc6NjMzZGNkN2ZlMWE0NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzNkY2Q3ZmUxYTJhfHx8MTY2NDk5NDY4OC4zMTg0fDdlNzQ2MWE1ZGViMDFkOTZhMzA0NGQ3MGVkYWI0NGVmYzcxNjIyNmR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw3MTI3NzJjNTVmZjE2ZThlMzM2Y2ZmOTk4MTZhMDg5ZTE3ZTE0MTI2fDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
99.83.136.84200 OK 20 B URL HTTP/1.1 www1.widgetserver.com/track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=widgetserver.com&uid=MTY2NDk5NDY4Ny45MjQyOmE2Yjk0NzQyMzM3MDBhOTBjMDk0NTI2ZWFiYjJjNjE2YjBkMjljZjhlZmI5ZDk2OTllOGUwZWJmNjY0NWZlZjc6NjMzZGNkN2ZlMWE0NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzNkY2Q3ZmUxYTJhfHx8MTY2NDk5NDY4OC4zMTg0fDdlNzQ2MWE1ZGViMDFkOTZhMzA0NGQ3MGVkYWI0NGVmYzcxNjIyNmR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw3MTI3NzJjNTVmZjE2ZThlMzM2Y2ZmOTk4MTZhMDg5ZTE3ZTE0MTI2fDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
IP 99.83.136.84:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=widgetserver.com&uid=MTY2NDk5NDY4Ny45MjQyOmE2Yjk0NzQyMzM3MDBhOTBjMDk0NTI2ZWFiYjJjNjE2YjBkMjljZjhlZmI5ZDk2OTllOGUwZWJmNjY0NWZlZjc6NjMzZGNkN2ZlMWE0NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzNkY2Q3ZmUxYTJhfHx8MTY2NDk5NDY4OC4zMTg0fDdlNzQ2MWE1ZGViMDFkOTZhMzA0NGQ3MGVkYWI0NGVmYzcxNjIyNmR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw3MTI3NzJjNTVmZjE2ZThlMzM2Y2ZmOTk4MTZhMDg5ZTE3ZTE0MTI2fDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1
Host: www1.widgetserver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1664994687.0110180000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 18:31:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
irene-eux.com/zcvisitor/ecde1f60-44db-11ed-accc-1239def5fecf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ecfa32e2-44db-11ed-accc-1239def5fecf
35.174.150.83200 996 B URL HTTP/1.1 irene-eux.com/zcvisitor/ecde1f60-44db-11ed-accc-1239def5fecf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ecfa32e2-44db-11ed-accc-1239def5fecf
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 78c2774bc080727537abd1b7ec3b3c81
c3d645d7189b42add681334f190ebe82696c252d
0ffb165ac24cab83b2b9e02126bae83812b478711ade3c9414e87f36b3c396a9
GET /zcvisitor/ecde1f60-44db-11ed-accc-1239def5fecf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ecfa32e2-44db-11ed-accc-1239def5fecf HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 05 Oct 2022 18:31:29 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: xUTMrHbe
irene-eux.com/zcredirect?visitid=ecde1f60-44db-11ed-accc-1239def5fecf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
35.174.150.83200 304 B URL HTTP/1.1 irene-eux.com/zcredirect?visitid=ecde1f60-44db-11ed-accc-1239def5fecf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7ad1c64bf1c7d74543e57e1bc3102fc5
d1c124af158fbc22e553e6f32fd9c788cc52a78f
c9d519a817418028a376cf232c7853fcb855647fbe73a006a3b74f6988472b6b
GET /zcredirect?visitid=ecde1f60-44db-11ed-accc-1239def5fecf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcvisitor/ecde1f60-44db-11ed-accc-1239def5fecf/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ecfa32e2-44db-11ed-accc-1239def5fecf
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 05 Oct 2022 18:31:29 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: NRgpKlHm
irene-eux.com/favicon.ico
35.174.150.83404 653 B URL HTTP/1.1 irene-eux.com/favicon.ico
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: irene-eux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcredirect?visitid=ecde1f60-44db-11ed-accc-1239def5fecf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
HTTP/1.1 404
Date: Wed, 05 Oct 2022 18:31:30 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: OXAdnAKU
xml-v4.netload1.com/click?seat=2114927&i=2UvsoEe5K8o_0
198.134.116.17302 Found 0 B URL HTTP/1.1 xml-v4.netload1.com/click?seat=2114927&i=2UvsoEe5K8o_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?seat=2114927&i=2UvsoEe5K8o_0 HTTP/1.1
Host: xml-v4.netload1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://go.findservice.xyz/15Gu5p?zoneid=12293994169&pubfeed=397303/397303.12293994169&campaign=671642&cost=0.00055
Pragma: no-cache
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 18fb7323b2e43989788f0391969ca1af
ef74b5d2f1251f29b9cd9c0da01dc42dbe806893
15fb5cb33a313b72ad16d7411abed32288e6c022bafa3ed2f70fc2a02a7e8415
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15FB5CB33A313B72AD16D7411ABED32288E6C022BAFA3ED2F70FC2A02A7E8415"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15771
Expires: Wed, 05 Oct 2022 22:54:21 GMT
Date: Wed, 05 Oct 2022 18:31:30 GMT
Connection: keep-alive
go.findservice.xyz/15Gu5p?zoneid=12293994169&pubfeed=397303/397303.12293994169&campaign=671642&cost=0.00055
20.113.188.243302 Found 292 B URL HTTP/1.1 go.findservice.xyz/15Gu5p?zoneid=12293994169&pubfeed=397303/397303.12293994169&campaign=671642&cost=0.00055
IP 20.113.188.243:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with no line terminators
Hash 9198bf3ad2f8a70524c3ef3ae87ce6b0
895ece78324a03e83bee0bd06a869c46b3441e63
fe708e0c5f33468936466e7d48963e063d467519006488b7288f130a97923a02
GET /15Gu5p?zoneid=12293994169&pubfeed=397303/397303.12293994169&campaign=671642&cost=0.00055 HTTP/1.1
Host: go.findservice.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://irene-eux.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Wed, 05 Oct 2022 18:31:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 292
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15Gu5po=20221005211664995452421; domain=.go.findservice.xyz; path=/;expires=Thu, 06 Oct 2022 18:31:30 GMT; httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15Gu5p; domain=.go.findservice.xyz; path=/;expires=Thu, 06 Oct 2022 18:31:30 GMT; httpOnly=true;SameSite=None; Secure;
peerclickcid=ee965f1366dba21ca9a38c91de0814fc-11246-1005; domain=.go.findservice.xyz; path=/;expires=Thu, 06 Oct 2022 18:31:30 GMT; httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.go.findservice.xyz; path=/;expires=Thu, 06 Oct 2022 18:31:30 GMT; httpOnly=true;SameSite=None; Secure;
Location: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Vary: Accept
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8e0f6d2e50bf75e4b7fd8847c91dc1cc
e0f413805ef0fe2f974122ea428db75107fcbf29
8946402adbbee9726d835e1551f6e6d65a65ae62979b8cb10cb6125e6bee303d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8946402ADBBEE9726D835E1551F6E6D65A65AE62979B8CB10CB6125E6BEE303D"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11754
Expires: Wed, 05 Oct 2022 21:47:25 GMT
Date: Wed, 05 Oct 2022 18:31:31 GMT
Connection: keep-alive
girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
88.99.80.95200 OK 6.6 kB URL HTTP/1.1 girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (528), with CRLF line terminators
Hash 7cc717235443b04716c6cc467543f8e9
90bad3b187fb1f69e6a51ad3feb48a6b131720c1
c31e935f12b3e38870e8ecaca8c67f3f58d244a0759dcc2b17a9660f52ea0ef7
Analyzer Verdict Alert quad9 Sinkholed
GET /?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005 HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://irene-eux.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: text/html
Content-Length: 6637
Connection: keep-alive
set-cookie: sid=t2~2kjb3urecuogykkpfns5ibx4; path=/
cache-control: private, no-transform
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
girlsdivine.life/media/dating/sinderv2/css/bootstrap.min.css
88.99.80.95200 OK 110 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/css/bootstrap.min.css
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65367), with CRLF line terminators
Size 110 kB (109540 bytes)
Hash 03d06426a30f77095d7511e1ca74d225
d1a349294f6fe94ffb17a50097b37bd81e9ba56a
3f7e6f3cb6ba8e2effbdd260131ce0d2f332fb00ba3feca1a5bc9c3ee7f9e2a6
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/css/bootstrap.min.css HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: text/css
Content-Length: 109540
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "03d06426a30f77095d7511e1ca74d225"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F10B1F536BE
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/js/vegas.js
88.99.80.95200 OK 22 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/js/vegas.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
Hash 85310f0fc6d54ab6c4aa2a2efa1e8514
dbd124ed40a22170b23709711d4572ff93c9fe6f
17d0a5e4e45104aec83860cf51f19bb232747a586a74fc841b9771a9aa9e42b2
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/js/vegas.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: application/javascript
Content-Length: 21792
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "85310f0fc6d54ab6c4aa2a2efa1e8514"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F6FCBECC28B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 18:31:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
girlsdivine.life/cookie/js.cookie.js
88.99.80.95200 OK 4.3 kB URL HTTP/1.1 girlsdivine.life/cookie/js.cookie.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1709), with CRLF line terminators
Hash a7e9883924072f15259de6888d5ef515
7f4f6e5938e68f55aef81e0cd0145f008cd28382
985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c
Analyzer Verdict Alert quad9 Sinkholed
GET /cookie/js.cookie.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: application/javascript
Content-Length: 4264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a7e9883924072f15259de6888d5ef515"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E991B0C5822
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/util/flag-icon/css/flag-icon.css
88.99.80.95200 OK 41 kB URL HTTP/1.1 girlsdivine.life/util/flag-icon/css/flag-icon.css
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 0a47b937981e7389e3ebe63e4a503066
01b395ad016a1d9d15016d765f7d2c51a6e2809b
d6afd8d9abc2967f29ad396854cd05b1a12dcf9b7084f944c136ca6f540c5a39
Analyzer Verdict Alert quad9 Sinkholed
GET /util/flag-icon/css/flag-icon.css HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: text/css
Content-Length: 40627
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0a47b937981e7389e3ebe63e4a503066"
Last-Modified: Wed, 31 Aug 2022 09:38:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E9D04DA9DB2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/css/style.css
88.99.80.95200 OK 20 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/css/style.css
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 481d04e228d83633ad28310d09905526
f5c81ac5514271f64001c41f5b03e92df55c1a02
25fc219b42657e82593f2b07e3d4ae7d615031234f9b2732f5457338d779cf30
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/css/style.css HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: text/css
Content-Length: 19825
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "481d04e228d83633ad28310d09905526"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E43E9328B16
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/css/vegas.css
88.99.80.95200 OK 20 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/css/vegas.css
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 357c7befa8bdef911f02f48f49e10628
47972e3c4591058dce82dd3b08bed8e0b8ae5c8f
47f3bef4746b798892c7beff212618616b0950f33f416f03db243578f89135e3
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/css/vegas.css HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: text/css
Content-Length: 19822
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "357c7befa8bdef911f02f48f49e10628"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F56F36EBEB0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/util/utils.js
88.99.80.95200 OK 7.5 kB URL HTTP/1.1 girlsdivine.life/util/utils.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 01816d15ca03032751161a746e2fb7c3
dcc72ea5fa1356490ba473288159df9786b4a3c3
8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea
Analyzer Verdict Alert quad9 Sinkholed
GET /util/utils.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: application/javascript
Content-Length: 7512
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "01816d15ca03032751161a746e2fb7c3"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E991B82E2FF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/css/animate.css
88.99.80.95200 OK 61 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/css/animate.css
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (460), with CRLF line terminators
Hash 1cbfbb2c4ef85880799a74ab2f290f2a
9b6366d6c7ad05010f7070db70fba10754be6e9c
bfdad6766b12a3826bf32024f0fc13fffbcee84f102034b9270da7e538451031
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/css/animate.css HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: text/css
Content-Length: 61188
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "1cbfbb2c4ef85880799a74ab2f290f2a"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F1324B3CDE4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/js/trls.js
88.99.80.95200 OK 17 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/js/trls.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
Hash eb1b6bc6776b3e1f520ad0d6c03a92ad
5adcdd94fd541e5ff347cb317418f77ebcd7a714
d87b9de60e8a4d614e0f4e34da021c835852d802f8b6de2aee6a3fa034e3b2b5
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/js/trls.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: application/javascript
Content-Length: 17300
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "eb1b6bc6776b3e1f520ad0d6c03a92ad"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3FB44ABF3326
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/bb.js
88.99.80.95200 OK 639 B URL HTTP/1.1 girlsdivine.life/media/bb.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (639), with no line terminators
Hash 0d553e4bac91c74bfee2dbabba61e99e
5af71e2377c9c012a7826a695f2724901941b19b
1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68
Analyzer Verdict Alert quad9 Sinkholed
GET /media/bb.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: application/javascript
Content-Length: 639
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d553e4bac91c74bfee2dbabba61e99e"
Last-Modified: Wed, 31 Aug 2022 09:32:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E96347CD8F2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/js/timer.js
88.99.80.95200 OK 621 B URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/js/timer.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
Hash 40fe503eb84093a37b15e39365ffc587
911128043c901314d283fe478477d26e2b3d821a
60b0f0de4c72c1ce9c05b36ba776f12538b1d9b80858b7099068a3e7e0415bc1
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/js/timer.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: application/javascript
Content-Length: 621
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "40fe503eb84093a37b15e39365ffc587"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F5FD22486F4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/exit-new/exit1.js
88.99.80.95200 OK 3.5 kB URL HTTP/1.1 girlsdivine.life/media/exit-new/exit1.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 625e5e2950612f771e246beb33c9ea61
e4fc251c6c000496c285f8dc3fa097040b031681
618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46
Analyzer Verdict Alert quad9 Sinkholed
GET /media/exit-new/exit1.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: application/javascript
Content-Length: 3473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "625e5e2950612f771e246beb33c9ea61"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3E963F1AAAB9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/images/logo-loveme_white1.svg
88.99.80.95200 OK 4.6 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/images/logo-loveme_white1.svg
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 896592d7f2fa3d761c0b767e9399b010
ed1c0502263392938f4cbdd72afb1a8704bf840e
3417f549b6a1018ee687dd84aec136cb7fba2bb5b4c83cf269f9f8e958cc48de
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/images/logo-loveme_white1.svg HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: image/svg+xml
Content-Length: 4564
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "896592d7f2fa3d761c0b767e9399b010"
Last-Modified: Wed, 31 Aug 2022 09:34:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3EC74AD3C8A6
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a4b6b64ade5a970c48d48d5c0793dfb
54bbe505a0c0d765f77ccb5402d5dc90d56f4f23
448379f35fe26f24d6ca19289999ccd85d277167510992ce48d4640209e5ffa5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "448379F35FE26F24D6CA19289999CCD85D277167510992CE48D4640209E5FFA5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1705
Expires: Wed, 05 Oct 2022 18:59:57 GMT
Date: Wed, 05 Oct 2022 18:31:32 GMT
Connection: keep-alive
girlsdivine.life/media/dating/sinderv2/fonts/5c92d5d3e39a260d5dd06ced7eca070d.woff2
88.99.80.95200 OK 22 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/fonts/5c92d5d3e39a260d5dd06ced7eca070d.woff2
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format (Version 2), TrueType, length 22284, version 3.786\012- data
Hash 5c92d5d3e39a260d5dd06ced7eca070d
64df09fd462e6bb76890b7782578777b901f2003
2a99c11dd137ef8b515b3a95d2bdb38ec99bf745b2865196aa910628bcb144b9
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/fonts/5c92d5d3e39a260d5dd06ced7eca070d.woff2 HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Type: font/woff2
Content-Length: 22284
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5c92d5d3e39a260d5dd06ced7eca070d"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F3B031712DC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/fonts/b796339b324ec08006ca04dca90284cf.woff2
88.99.80.95200 OK 22 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/fonts/b796339b324ec08006ca04dca90284cf.woff2
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format (Version 2), TrueType, length 21796, version 3.786\012- data
Hash b796339b324ec08006ca04dca90284cf
4283d779705f09e68939572df76c52cb41a3ec68
d65bbca022f8953936d6e60b9a59fc27f9bfd74ba96257ffe14df83b3d8eb0e3
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/fonts/b796339b324ec08006ca04dca90284cf.woff2 HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Type: font/woff2
Content-Length: 21796
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b796339b324ec08006ca04dca90284cf"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F462A2B0AC6
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/js/jquery.js
88.99.80.95200 OK 331 B URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/js/jquery.js
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash c7ecfe59439b5fd23924fd206cf2fded
056fbd2b17c7f08bfb480d21973a96bf86fbd72a
4027f3320608508754640a6de4cb1cdabdef4654b5a214e875c134802345683f
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/js/jquery.js HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:31 GMT
Content-Type: application/javascript
Content-Length: 93064
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "df6173bad69801a82b84701789ab16c5"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F2F5D1FF60C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:31 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/fonts/bcf3bb1b7f7a3436181788e748bae013.woff2
88.99.80.95200 OK 15 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/fonts/bcf3bb1b7f7a3436181788e748bae013.woff2
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format (Version 2), TrueType, length 14772, version 3.327\012- data
Hash bcf3bb1b7f7a3436181788e748bae013
8ee24d38f618f070a43619f1d471d90f17d666f1
42e50c76c1bf569cb8b597ffc8cdd18a6f4a311832f46fdc1489145027550781
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/fonts/bcf3bb1b7f7a3436181788e748bae013.woff2 HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Type: font/woff2
Content-Length: 14772
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "bcf3bb1b7f7a3436181788e748bae013"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F3B035F185E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/media/dating/sinderv2/fonts/2e5fca371696cab9fb5a9fe214c1319c.woff2
88.99.80.95200 OK 22 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/fonts/2e5fca371696cab9fb5a9fe214c1319c.woff2
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format (Version 2), TrueType, length 21908, version 3.786\012- data
Hash 2e5fca371696cab9fb5a9fe214c1319c
4bd3fe039b2f65d10d1b8c1b30c7962bdc313b7a
f8b1a05998ba7e93e5c9f41b004496a3576b8d10d9fafc2f7014894ebc3e72e9
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/fonts/2e5fca371696cab9fb5a9fe214c1319c.woff2 HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Type: font/woff2
Content-Length: 21908
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2e5fca371696cab9fb5a9fe214c1319c"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3F67709F618A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
data-jsext.com/ExtService.svc/getextparams
54.37.5.177200 OK 515 B URL HTTP/1.1 data-jsext.com/ExtService.svc/getextparams
IP 54.37.5.177:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (472), with no line terminators
Hash 2e2a7f61ae1efa530bbcebf1693ac292
37767c8aa04a870dd713da7cb45e451b4b24d3b9
f41890a855fd526c0e7d9702328729cea951b676eec1056e0cdc7250a49e9646
GET /ExtService.svc/getextparams HTTP/1.1
Host: data-jsext.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://girlsdivine.life
Connection: keep-alive
Referer: https://girlsdivine.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 515
Connection: keep-alive
Access-Control-Allow-Origin: *
girlsdivine.life/media/dating/sinderv2/images/scandinavia30.jpg
88.99.80.95200 OK 227 kB URL HTTP/1.1 girlsdivine.life/media/dating/sinderv2/images/scandinavia30.jpg
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2018:12:04 13:04:35], baseline, precision 8, 1980x1080, components 3\012- data
Size 227 kB (226699 bytes)
Hash a388364d8d1e4684a2cd72c68d625b73
ce210b5b755bae87788ca2eeca7799d284e8477a
36e0d2fd85c40dfc080246c7f7c426fc23ebd8f7937c86ef2b435c345ec5c2a2
Analyzer Verdict Alert quad9 Sinkholed
GET /media/dating/sinderv2/images/scandinavia30.jpg HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Content-Type: image/jpeg
Content-Length: 226699
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a388364d8d1e4684a2cd72c68d625b73"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B3FD6E0B950D3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 05 Oct 2023 18:31:32 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
girlsdivine.life/favicon.ico
88.99.80.95204 No Content 0 B URL HTTP/1.1 girlsdivine.life/favicon.ico
IP 88.99.80.95:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: girlsdivine.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=12293994169_laxy&cid=ee965f1366dba21ca9a38c91de0814fc-11246-1005
Cookie: sid=t2~2kjb3urecuogykkpfns5ibx4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 05 Oct 2022 18:31:32 GMT
Connection: keep-alive
Cache-Control: no-transform
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3de74da8-9c15-4010-a6fb-c1e0b5fd8804.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3de74da8-9c15-4010-a6fb-c1e0b5fd8804.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 42ab91a02aa34dbcc6d56e75fd0d7fc5
32a3ebb440b3d770c446bef75c39ce788ffeb034
397373a17846231eb149c3a207574b79c5ca6c7832ffd48da9c8f1e8e0aa9f69
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3de74da8-9c15-4010-a6fb-c1e0b5fd8804.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13615
x-amzn-requestid: 3aaef924-99ea-407a-acc6-ec7d294952a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaHG_GDcoAMFfuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a522c-488613591ddf46181bdded50;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:08:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2EtPbSkffJVkwiA3hlDRimFxjNmd2FXv4vwcQZ2aYBsiF4ApXgHrLQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:40:34 GMT
age: 49861
etag: "32a3ebb440b3d770c446bef75c39ce788ffeb034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:400,300,700|Raleway:400,700&subset=latin,cyrillic
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,300,700|Raleway:400,700&subset=latin,cyrillic
IP 142.250.74.10:0
GET /css?family=Roboto:400,300,700|Raleway:400,700&subset=latin,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 05 Oct 2022 18:31:31 GMT
date: Wed, 05 Oct 2022 18:31:31 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2