Overview

URLjena-malone-fakes-news.blogspot.de/2011/10/kim-kardashian-curls-no-heat.html
IP 142.250.74.33 (United States)
ASN#15169 GOOGLE
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-09 07:57:14 UTC
StatusLoading report..
IDS alerts0
Blocklist alert8
urlquery alerts No alerts detected
Tags None

Domain Summary (41)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
tinypic.com (1) 94220 2012-12-08 06:16:19 UTC 2022-12-08 19:03:39 UTC 143.204.55.72
e1.o.lencr.org (2) 6159 2021-08-20 07:36:30 UTC 2022-12-08 17:11:00 UTC 23.36.77.32
media.onsugar.com (1) 0 2017-02-11 02:41:14 UTC 2022-12-06 09:35:53 UTC 151.101.129.91 Domain (onsugar.com) ranked at: 119871
exposay.com (1) 124326 2012-11-18 19:57:21 UTC 2022-12-08 05:46:24 UTC 104.21.21.20
apis.google.com (2) 105 2013-05-06 20:20:21 UTC 2022-12-08 17:13:56 UTC 142.250.74.46
www.rollingstone.com.mx (1) 0 2014-03-06 00:21:51 UTC 2022-12-01 15:55:43 UTC 104.21.37.172 Unknown ranking
2.bp.blogspot.com (2) 11071 2012-05-21 13:44:19 UTC 2022-12-08 17:30:47 UTC 142.250.74.161
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-12-08 17:20:00 UTC 54.191.210.155
www.google.com (2) 7 2012-11-08 00:08:21 UTC 2022-12-08 17:22:52 UTC 142.250.74.164
farm3.static.flickr.com (4) 134181 2012-07-15 20:52:16 UTC 2022-12-09 05:38:28 UTC 143.204.48.75
afs.googleusercontent.com (3) 12123 2013-05-06 19:11:00 UTC 2022-12-08 17:23:40 UTC 172.217.21.161
fonts.googleapis.com (2) 8877 2012-05-23 12:41:44 UTC 2022-12-08 17:12:12 UTC 142.250.74.106
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-12-08 17:21:04 UTC 34.160.144.191
www.blogger.com (8) 8975 2012-05-22 07:35:03 UTC 2022-12-08 17:30:43 UTC 142.250.74.41
www.redcarpetreport.com (1) 0 2012-12-11 04:43:32 UTC 2022-11-19 14:09:28 UTC 108.179.228.60 Unknown ranking
jena-malone-fakes-news.blogspot.com (3) 0 2012-08-10 19:48:40 UTC 2022-12-08 20:31:36 UTC 142.250.74.33 Unknown ranking
www.contactmusic.com (2) 255576 2012-07-14 15:53:11 UTC 2022-12-07 08:40:48 UTC 172.67.202.7
www.exposay.com (2) 0 2012-09-30 14:19:31 UTC 2022-12-08 05:46:22 UTC 104.21.21.20 Domain (exposay.com) ranked at: 124326
play.google.com (2) 34 2013-05-30 23:24:35 UTC 2022-12-08 17:28:44 UTC 142.250.74.110
jena-malone-fakes-news.blogspot.de (1) 0 2012-12-08 05:23:57 UTC 2022-12-08 23:08:51 UTC 142.250.74.33 Unknown ranking
i55.tinypic.com (1) 0 2012-10-01 23:02:14 UTC 2022-12-07 23:20:23 UTC 143.204.55.72 Domain (tinypic.com) ranked at: 94220
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-12-08 17:15:52 UTC 93.184.220.29
3.bp.blogspot.com (1) 11048 2012-05-21 16:26:21 UTC 2022-12-08 17:30:46 UTC 142.250.74.161
img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-12-08 15:50:00 UTC 34.120.237.76
firefox.settings.services.mozilla.com (2) 867 2020-05-25 20:06:39 UTC 2022-12-08 17:12:32 UTC 35.241.9.150
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-08 17:14:01 UTC 34.117.237.239
partner.googleadservices.com (1) 798 2012-06-26 16:06:42 UTC 2022-12-08 17:18:36 UTC 216.58.207.194
resources.blogblog.com (1) 13274 2017-01-30 04:47:40 UTC 2022-12-08 17:45:21 UTC 142.250.74.41
www.celebritybeautybuzz.com (1) 0 2012-08-08 10:25:27 UTC 2022-11-10 17:36:44 UTC 3.130.253.23 Unknown ranking
baofoodanddrink.files.wordpress.com (2) 0 2016-05-29 23:24:08 UTC 2018-10-06 14:00:06 UTC 192.0.72.20 Domain (wordpress.com) ranked at: 1450
www2.pictures.zimbio.com (2) 214355 2014-10-06 19:15:56 UTC 2022-12-08 20:29:12 UTC 151.101.1.187
lostwebtracker.com (2) 0 2012-07-09 09:37:30 UTC 2022-12-08 20:29:12 UTC 81.17.29.150 Unknown ranking
www.newsgab.com (1) 0 2012-05-29 11:46:43 UTC 2022-12-02 00:47:31 UTC 69.64.61.161 Unknown ranking
4.bp.blogspot.com (1) 11215 2012-05-21 13:44:19 UTC 2022-12-08 17:30:50 UTC 142.250.74.161
r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-12-08 17:12:06 UTC 23.36.77.32
ocsp.pki.goog (27) 175 2017-06-14 07:23:31 UTC 2022-12-08 17:12:01 UTC 142.250.74.131
ww1.lostwebtracker.com (10) 0 2015-04-21 05:39:10 UTC 2022-12-08 05:11:28 UTC 199.59.243.222 Unknown ranking
fonts.gstatic.com (5) 0 2014-04-02 10:51:04 UTC 2022-12-08 17:14:55 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
smallscreenscoop.com (2) 0 2012-07-14 16:41:07 UTC 2022-11-21 10:41:25 UTC 209.188.81.66 Unknown ranking
pagead2.googlesyndication.com (1) 101 2012-05-21 07:15:40 UTC 2022-12-08 17:22:14 UTC 142.250.74.2
www.gstatic.com (1) 0 2012-05-29 15:36:17 UTC 2022-12-08 17:13:06 UTC 216.58.211.3 Domain (gstatic.com) ranked at: 540

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-09 2 jena-malone-fakes-news.blogspot.de/2011/10/kim-kardashian-curls-no-heat.html Malware
2022-12-09 2 jena-malone-fakes-news.blogspot.com/2011/10/kim-kardashian-curls-no-heat.html Malware
2022-12-09 2 jena-malone-fakes-news.blogspot.com/js/cookienotice.js Malware
2022-12-09 2 ww1.lostwebtracker.com/js/parking.2.100.2.js Phishing
2022-12-09 2 ww1.lostwebtracker.com/_fd Phishing
2022-12-09 2 ww1.lostwebtracker.com/js/parking.2.100.2.js Phishing
2022-12-09 2 ww1.lostwebtracker.com/_fd Phishing
2022-12-09 2 ww1.lostwebtracker.com/_tr Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 142.250.74.33
Date UQ / IDS / BL URL IP
2023-01-22 03:16:29 +0000 0 - 0 - 3 todos-clip18.blogspot.co.ke/ 142.250.74.33
2023-01-22 03:16:24 +0000 0 - 0 - 5 batiktya.blogspot.com.es/ 142.250.74.33
2023-01-21 20:02:33 +0000 0 - 0 - 1 rucupih.page.link/1rKbTiEPvsQjeNN37 142.250.74.33
2023-01-21 20:02:25 +0000 0 - 0 - 1 voloxi.page.link/WFxBQdb3mifpEjr77 142.250.74.33
2023-01-21 19:00:55 +0000 12 - 0 - 51 entregascorreos.page.link/es 142.250.74.33


Last 5 reports on ASN: GOOGLE
Date UQ / IDS / BL URL IP
2023-01-27 15:22:01 +0000 0 - 0 - 3 beanosmemesong.blogspot.com/search/label/Robl (...) 142.250.74.1
2023-01-27 15:19:28 +0000 0 - 0 - 1 edf41f52-452f-4671-a310-1da9f1d2ecd8.usrfiles (...) 34.102.176.152
2023-01-27 15:12:51 +0000 0 - 1 - 0 downloads.clubdejeux.com/installateur-clubdej (...) 35.186.205.17
2023-01-27 15:11:55 +0000 0 - 1 - 0 downloads.clubdejeux.com/installateur-clubdej (...) 35.186.205.17
2023-01-27 15:02:37 +0000 0 - 1 - 0 downloads.clubdejeux.com/installateur-clubdej (...) 35.186.205.17


Last 5 reports on domain: jena-malone-fakes-news.blogspot.de
Date UQ / IDS / BL URL IP
2022-12-11 07:42:03 +0000 0 - 0 - 10 jena-malone-fakes-news.blogspot.de/2011/10/li (...) 172.217.21.161
2022-12-09 07:57:14 +0000 0 - 0 - 8 jena-malone-fakes-news.blogspot.de/2011/10/ki (...) 142.250.74.33
2022-12-04 14:50:00 +0000 0 - 0 - 3 jena-malone-fakes-news.blogspot.de/2011/10/pr (...) 142.250.74.33
2022-12-02 09:26:28 +0000 0 - 0 - 10 jena-malone-fakes-news.blogspot.de/2011/10/ja (...) 172.217.21.161
2022-11-29 14:50:57 +0000 0 - 0 - 10 jena-malone-fakes-news.blogspot.de/2011/10/en (...) 142.250.74.161


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-12 02:56:33 +0000 0 - 0 - 15 chase02-secured.com/ 37.48.65.151
2023-01-08 08:28:06 +0000 0 - 0 - 7 natronacountyschools.org/ 199.191.50.73
2023-01-07 13:48:36 +0000 0 - 6 - 11 ww25.lockbit-decryptor.com/ 199.59.243.222
2022-12-09 03:20:50 +0000 0 - 0 - 11 grupobancolombioa.com/valid/confirm-card.php 212.32.237.101
2022-11-27 23:43:30 +0000 0 - 0 - 2 ww25.nouvellevitalev3.com/?subid1=20221128-10 (...) 199.59.243.222

JavaScript

Executed Scripts (61)

Executed Evals (6)
#1 JavaScript::Eval (size: 15595) - SHA256: a6ea689f7d9dad611f9b9128b7a88274629505eea048bdc0bfcf03552fec5d36
/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */
(function() {
    var J = function(C) {
            return C
        },
        p = this || self,
        l = function(C, O) {
            if (!(C = (O = p.trustedTypes, null), O) || !O.createPolicy) return C;
            try {
                C = O.createPolicy("bg", {
                    createHTML: J,
                    createScript: J,
                    createScriptURL: J
                })
            } catch (v) {
                p.console && p.console.error(v.message)
            }
            return C
        };
    (0, eval)(function(C, O) {
        return (O = l()) && 1 === C.eval(O.createScript("1")) ? function(v) {
            return O.createScript(v)
        } : function(v) {
            return "" + v
        }
    }(p)(Array(7824 * Math.random() | 0).join("\n") + '(function(){var A=function(C,O,J,p,L,v){if(C.C==C)for(L=w(C,J),9==J?(J=function(l,z,I,b){if(I=(b=L.length,(b|0)-4>>3),L.Fl!=I){I=(I<<3)-(z=[0,0,v[1],v[L.Fl=I,2]],4);try{L.G7=C8(z,Oc(I,L),Oc((I|0)+4,L))}catch(t){throw t;}}L.push(L.G7[b&7]^l)},v=w(C,498)):J=function(l){L.push(l)},p&&J(p&255),C=O.length,p=0;p<C;p++)J(O[p])},e=function(C,O){O.K.splice(0,0,C)},v_=function(C,O){return O=O.create().shift(),C.D.create().length||C.U.create().length||(C.D=void 0,C.U=void 0),O},Jx=function(C,O,J,p){for(p=(J=H(O),0);0<C;C--)p=p<<8|K(O);V(J,O,p)},n=function(C,O,J,p){for(p=(J=(O|0)-1,[]);0<=J;J--)p[(O|0)-1-(J|0)]=C>>8*J&255;return p},lo=function(C,O,J,p,L,v){function l(){if(p.C==p){if(p.X){var z=[Y,O,C,void 0,L,v,arguments];if(2==J)var I=W(p,(e(z,p),false),false);else if(1==J){var b=!p.K.length;e(z,p),b&&W(p,false,false)}else I=p8(z,p);return I}L&&v&&L.removeEventListener(v,l,G)}}return l},zN=function(C,O){return T[O](T.prototype,{prototype:C,pop:C,call:C,splice:C,floor:C,replace:C,propertyIsEnumerable:C,parent:C,length:C,stack:C,document:C,console:C})},N=function(C,O){for(O=[];C--;)O.push(255*Math.random()|0);return O},W=function(C,O,J,p,L,v){if(C.K.length){C.O=!(C.K3=(C.O&&0(),O),0);try{p=C.j(),C.o=p,C.R=p,C.u=0,v=$c(C,O),L=C.j()-C.o,C.J+=L,L<(J?0:10)||0>=C.S--||(L=Math.floor(L),C.W.push(254>=L?L:254))}finally{C.O=false}return v}},Ic=function(C,O,J,p,L,v){for(J=(L=((p=(O=C[L8]||{},H(C)),O).Xl=H(C),O.v=[],C).C==C?(K(C)|0)-1:1,H(C)),v=0;v<L;v++)O.v.push(H(C));for((O.i=w(C,p),O).C3=w(C,J);L--;)O.v[L]=w(C,O.v[L]);return O},P=function(C,O,J,p,L,v,l,z,I){if(C.C=(C.H+=((I=(l=(L=(O||C.u++,0<C.l&&C.O&&C.K3&&1>=C.P&&!C.D&&!C.B)&&(!O||1<C.Z-J)&&0==document.hidden,(v=4==C.u)||L?C.j():C.R),l)-C.R,z=I>>14,C).N&&(C.N^=z*(I<<2)),z),z||C.C),v||L)C.R=l,C.u=0;if(!L||l-C.o<C.l-(p?255:O?5:2))return false;return C.B=((V(286,(p=(C.Z=J,w(C,O?215:286)),C),C.F),C).K.push([bo,p,O?J+1:J]),E),true},wV=function(C,O){((O.push(C[0]<<24|C[1]<<16|C[2]<<8|C[3]),O).push(C[4]<<24|C[5]<<16|C[6]<<8|C[7]),O).push(C[8]<<24|C[9]<<16|C[10]<<8|C[11])},x=function(C,O,J,p,L,v){if(!J.I){if(3<(C=((0==(p=w(J,((v=void 0,C)&&C[0]===a&&(v=C[2],O=C[1],C=void 0),358)),p.length)&&(L=w(J,215)>>3,p.push(O,L>>8&255,L&255),void 0!=v&&p.push(v&255)),O="",C)&&(C.message&&(O+=C.message),C.stack&&(O+=":"+C.stack)),w(J,430)),C)){J.C=(v=(O=(C-=(O=O.slice(0,(C|0)-3),O.length|0)+3,Ax(O)),J.C),J);try{A(J,n(O.length,2).concat(O),9,9)}finally{J.C=v}}V(430,J,C)}},tx=function(C,O,J,p,L,v){if(!C.Y){C.P++;try{for(p=(v=0,void 0),J=C.F;--O;)try{if((L=void 0,C).D)p=v_(C,C.D);else{if(v=w(C,286),v>=J)break;p=w(C,(L=(V(215,C,v),H(C)),L))}(p&&p[ew]&2048?p(C,O):x([a,21,L],0,C),P)(C,false,O,false)}catch(l){w(C,391)?x(l,22,C):V(391,C,l)}if(!O){if(C.Da){C.P--,tx(C,261929697120);return}x([a,33],0,C)}}catch(l){try{x(l,22,C)}catch(z){m(z,C)}}C.P--}},$c=function(C,O,J,p){for(;C.K.length;){p=(C.B=null,C.K.pop());try{J=p8(p,C)}catch(L){m(L,C)}if(O&&C.B){(O=C.B,O)(function(){W(C,true,true)});break}}return J},B_=function(C,O,J,p){function L(){}return p=H_(C,function(v){L&&(O&&E(O),J=v,L(),L=void 0)},(J=void 0,!!O))[0],{invoke:function(v,l,z,I){function b(){J(function(t){E(function(){v(t)})},z)}if(!l)return l=p(z),v&&v(l),l;J?b():(I=L,L=function(){E((I(),b))})}}},Qz=function(C,O){if(!(O=(C=null,c.trustedTypes),O)||!O.createPolicy)return C;try{C=O.createPolicy("bg",{createHTML:f8,createScript:f8,createScriptURL:f8})}catch(J){c.console&&c.console.error(J.message)}return C},rV=function(C,O,J){if("object"==(O=typeof C,O))if(C){if(C instanceof Array)return"array";if(C instanceof Object)return O;if("[object Window]"==(J=Object.prototype.toString.call(C),J))return"object";if("[object Array]"==J||"number"==typeof C.length&&"undefined"!=typeof C.splice&&"undefined"!=typeof C.propertyIsEnumerable&&!C.propertyIsEnumerable("splice"))return"array";if("[object Function]"==J||"undefined"!=typeof C.call&&"undefined"!=typeof C.propertyIsEnumerable&&!C.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==O&&"undefined"==typeof C.call)return"object";return O},Oc=function(C,O){return O[C]<<24|O[(C|0)+1]<<16|O[(C|0)+2]<<8|O[(C|0)+3]},K8=function(C,O,J,p){A(O,n((p=H((J=H(O),O)),w(O,J)),C),p)},G={passive:true,capture:true},Ax=function(C,O,J,p,L){for(C=C.replace(/\\r\\n/g,"\\n"),O=[],p=L=0;L<C.length;L++)J=C.charCodeAt(L),128>J?O[p++]=J:(2048>J?O[p++]=J>>6|192:(55296==(J&64512)&&L+1<C.length&&56320==(C.charCodeAt(L+1)&64512)?(J=65536+((J&1023)<<10)+(C.charCodeAt(++L)&1023),O[p++]=J>>18|240,O[p++]=J>>12&63|128):O[p++]=J>>12|224,O[p++]=J>>6&63|128),O[p++]=J&63|128);return O},H=function(C,O){if(C.D)return v_(C,C.U);return(O=D(true,C,8),O)&128&&(O^=128,C=D(true,C,2),O=(O<<2)+(C|0)),O},sc=function(C,O,J){if(3==C.length){for(J=0;3>J;J++)O[J]+=C[J];for(J=(C=0,[13,8,13,12,16,5,3,10,15]);9>C;C++)O[3](O,C%3,J[C])}},Vz=function(C,O,J,p,L){J=w(O,(L=H((J=(C&=(p=C&3,4),H(O)),O)),J)),C&&(J=Ax(""+J)),p&&A(O,n(J.length,2),L),A(O,J,L)},TN=function(C,O,J,p,L){for(L=(p=(O.j8=(O.wZ=zN({get:(O.El=(O.NL=O[R],O.c6=Yc,n8),function(){return this.concat()})},O.G),T[O.G](O.wZ,{value:{value:{}}})),0),[]);128>p;p++)L[p]=String.fromCharCode(p);W(O,true,(e(((e([(F((V((V(107,O,(V(443,O,(F(O,40,(V(430,(F(O,35,(F((F(O,(F(O,(V(9,(F(O,(V(265,O,(V(358,O,(F(O,(V(466,(F((F(O,387,(F(O,(F((F(O,(F(O,489,(F(O,((F(O,(F(O,457,(F(O,64,(F(O,261,(F(((F(O,287,(F(O,485,(V((F(O,477,(V(391,(F((F(O,(V(22,(F(O,496,(F(O,(V(498,O,(V(215,(V(286,((O.f3=function(v){this.C=v},O.H=(O.Y=void 0,O.l=0,p=window.performance||{},O.K=[],1),O).X=(O.W=[],O.L=void 0,O.I=false,(O.h=void 0,O).J=(O.K3=(O.S=25,O.D=void 0,false),O.B=null,O.C=O,O.Yx=(O.O=false,[]),(O.Z=8001,O.o=0,O).A=[],0),O.P=0,(O.F=0,O).g=(O.sl=(O.U=void 0,0),[]),O.R=0,O.u=(O.N=void 0,void 0),[]),O.hU=p.timeOrigin||(p.timing||{}).navigationStart||0,O),0),O),0),[0,0,0])),411),function(v,l,z,I,b,t,B,Q,r,Z,q,f){function k(u,S){for(;Z<u;)f|=K(v)<<Z,Z+=8;return f>>=(Z-=u,S=f&(1<<u)-1,u),S}for(Q=(z=(r=(f=Z=(t=H(v),0),(k(3)|0)+1),l=k(5),0),[]),I=0;z<l;z++)B=k(1),Q.push(B),I+=B?0:1;for(q=(z=((I|0)-1).toString(2).length,[]),I=0;I<l;I++)Q[I]||(q[I]=k(z));for(z=0;z<l;z++)Q[z]&&(q[z]=H(v));for(b=[];r--;)b.push(w(v,H(v)));F(v,t,function(u,S,io,d,y){for(io=(d=(S=0,[]),[]);S<l;S++){if(!(y=q[S],Q)[S]){for(;y>=d.length;)d.push(H(u));y=d[y]}io.push(y)}u.U=(u.D=uo(u,b.slice()),uo(u,io))})}),function(v,l){(v=(l=H(v),w(v.C,l)),v[0]).removeEventListener(v[1],v[2],G)})),O),{}),68),function(v){K8(4,v)}),O),230,function(v,l,z,I,b){0!==(l=w(v,(z=(I=w(v,(b=(l=(I=H((z=(b=H(v),H)(v),v)),H(v)),w(v.C,b)),I)),w(v,z)),l)),b)&&(l=lo(l,I,1,v,b,z),b.addEventListener(z,l,G),V(471,v,[b,z,l]))}),O),677),function(v,l,z,I){(I=(l=(z=H(v),K)(v),H)(v),V)(I,v,w(v,z)>>>l)})),417),O,[]),function(v,l){W_((l=w(v,H(v)),l),v.C)})),function(v,l,z,I){!P(v,true,l,false)&&(l=Ic(v),z=l.i,I=l.C3,v.C==v||z==v.f3&&I==v)&&(V(l.Xl,v,z.apply(I,l.v)),v.R=v.j())})),O).xx=0,O),3,function(v){K8(1,v)}),function(v,l,z,I,b){(l=H((b=(z=H(v),H(v)),v)),v.C==v)&&(I=w(v,z),l=w(v,l),b=w(v,b),I[b]=l,373==z&&(v.h=void 0,2==b&&(v.N=D(false,v,32),v.h=void 0)))})),function(v,l,z){(l=H((z=H(v),v)),V)(l,v,""+w(v,z))})),function(v,l,z,I){V((l=w(v,(I=w(v,(l=H((I=H(v),v)),z=H(v),I)),l)),z),v,+(I==l))})),O.gZ=0,347),function(v,l,z,I){V((l=w(v,(I=w((z=(I=H(v),H(v)),v),I),z)),z),v,l+I)}),O).bm=0,112),function(v){Jx(4,v)}),function(v,l,z,I){if(l=v.Yx.pop()){for(z=K(v);0<z;z--)I=H(v),l[I]=v.X[I];v.X=(l[l[358]=v.X[358],430]=v.X[430],l)}else V(286,v,v.F)})),17),function(v,l,z,I,b){for(l=(I=GN((b=H(v),v)),z=0,[]);z<I;z++)l.push(K(v));V(b,v,l)}),O),181,function(v){Vz(4,v)}),376),function(v,l,z,I,b,t){P(v,true,l,false)||(b=Ic(v.C),l=b.Xl,z=b.i,t=b.C3,b=b.v,I=b.length,z=0==I?new t[z]:1==I?new t[z](b[0]):2==I?new t[z](b[0],b[1]):3==I?new t[z](b[0],b[1],b[2]):4==I?new t[z](b[0],b[1],b[2],b[3]):2(),V(l,v,z))}),function(v,l,z,I){V((l=w((z=(I=(l=(z=H(v),H(v)),H)(v),w(v,z)),v),l),I),v,z in l|0)})),O),351,function(v,l,z){V((l=(l=w(v,(l=H(v),z=H(v),l)),rV(l)),z),v,l)}),O),0),252),function(v,l,z){P(v,true,l,false)||(l=H(v),z=H(v),V(z,v,function(I){return eval(I)}(ZC(w(v.C,l)))))}),[])),F(O,244,function(v,l,z,I,b,t){if(!P(v,true,l,true)){if("object"==(v=w((t=(b=(b=(t=(l=H((z=H(v),v)),H(v)),H(v)),l=w(v,l),w(v,b)),w)(v,t),v),z),rV(v))){for(I in z=[],v)z.push(I);v=z}for(z=(t=0<(I=0,t)?t:1,v.length);I<z;I+=t)l(v.slice(I,(I|0)+(t|0)),b)}}),[160,0,0])),504),function(v,l,z){0!=w((z=w(v,(z=H((l=H(v),v)),z)),v),l)&&V(286,v,z)}),O),N(4)),322),function(v,l,z,I,b,t,B){for(B=(t=(z=w(v,(I=(b=H(v),GN)(v),l="",484)),z).length,0);I--;)B=((B|0)+(GN(v)|0))%t,l+=L[z[B]];V(b,v,l)}),393),function(v,l,z,I){l=w(v,(I=(z=H((I=(l=H(v),H)(v),v)),w(v,I)),l)),V(z,v,l[I])}),O),442,function(v,l,z,I){(l=(z=H((I=H(v),v)),H(v)),V)(l,v,w(v,I)||w(v,z))}),function(){})),O),2048),function(v){Vz(3,v)})),O)),c)),471),O,0),O),486,function(v,l,z,I,b){V((l=w(v,(z=w(v,(b=H((z=(I=H(v),H(v)),l=H(v),v)),z)),b=w(v,b),l)),I),v,lo(l,z,b,v))}),qs)],O),e)([h,J],O),[Sw,C]),O),true))},Ns=function(C,O,J,p){try{p=C[((O|0)+2)%3],C[O]=(C[O]|0)-(C[((O|0)+1)%3]|0)-(p|0)^(1==O?p<<J:p>>>J)}catch(L){throw L;}},GN=function(C,O){return(O=K(C),O&128)&&(O=O&127|K(C)<<7),O},H_=function(C,O,J,p){return(p=g[C.substring(0,3)+"_"])?p(C.substring(3),O,J):Ec(O,C)},F=function(C,O,J){J[V(O,C,J),qs]=2796},g,V=function(C,O,J){if(286==C||215==C)O.X[C]?O.X[C].concat(J):O.X[C]=uo(O,J);else{if(O.I&&373!=C)return;265==C||9==C||417==C||358==C||498==C?O.X[C]||(O.X[C]=P_(118,C,J,O)):O.X[C]=P_(9,C,J,O)}373==C&&(O.N=D(false,O,32),O.h=void 0)},kc=function(C,O,J){return C.V(function(p){J=p},false,O),J},f8=function(C){return C},Ec=function(C,O){return C(function(J){J(O)}),[function(){return O}]},uo=function(C,O,J){return(J=T[C.G](C.j8),J)[C.G]=function(){return O},J.concat=function(p){O=p},J},C8=function(C,O,J,p,L){for(p=(C=(L=C[2]|0,C)[3]|0,0);14>p;p++)J=J>>>8|J<<24,J+=O|0,J^=L+2298,O=O<<3|O>>>29,C=C>>>8|C<<24,C+=L|0,L=L<<3|L>>>29,C^=p+2298,L^=C,O^=J;return[O>>>24&255,O>>>16&255,O>>>8&255,O>>>0&255,J>>>24&255,J>>>16&255,J>>>8&255,J>>>0&255]},K=function(C){return C.D?v_(C,C.U):D(true,C,8)},W_=function(C,O){(O.Yx.push(O.X.slice()),O.X)[286]=void 0,V(286,O,C)},ac=function(C,O,J,p){return(V(286,C,((p=w(C,286),C.g)&&p<C.F?(V(286,C,C.F),W_(J,C)):V(286,C,J),tx(C,O),p)),w)(C,22)},X,w=function(C,O){if((C=C.X[O],void 0)===C)throw[a,30,O];if(C.value)return C.create();return(C.create(4*O*O+-12*O+4),C).prototype},U=function(C,O,J){J=this;try{TN(O,this,C)}catch(p){m(p,this),O(function(L){L(J.Y)})}},P_=function(C,O,J,p,L,v,l,z){return J=[87,-12,-24,-71,(v=C&7,z=xc,14),-5,J,-72,-32,90],l=T[p.G](p.wZ),l[p.G]=function(I){v+=6+7*C,v&=(L=I,7)},l.concat=function(I){return(I=(I=(I=O%16+1,-224*L+(z()|0)*I-I*L+56*L*L+v+J[v+51&7]*O*I- -672*O*L-224*O*O*L+4*O*O*I),J[I]),L=void 0,J[(v+29&7)+(C&2)]=I,J)[v+(C&2)]=-12,I},l},D=function(C,O,J,p,L,v,l,z,I,b,t,B,Q,r){if(t=w(O,286),t>=O.F)throw[a,31];for(r=(v=(B=0,L=O.NL.length,J),t);0<v;)Q=r>>3,I=r%8,p=8-(I|0),p=p<v?p:v,l=O.g[Q],C&&(b=O,b.h!=r>>6&&(b.h=r>>6,z=w(b,373),b.L=C8([0,0,z[1],z[2]],b.N,b.h)),l^=O.L[Q&L]),B|=(l>>8-(I|0)-(p|0)&(1<<p)-1)<<(v|0)-(p|0),v-=p,r+=p;return V(286,(C=B,O),(t|0)+(J|0)),C},m=function(C,O){O.Y=((O.Y?O.Y+"~":"E:")+C.message+":"+C.stack).slice(0,2048)},c=this||self,E=c.requestIdleCallback?function(C){requestIdleCallback(function(){C()},{timeout:4})}:c.setImmediate?function(C){setImmediate(C)}:function(C){setTimeout(C,0)},p8=function(C,O,J,p,L){if((L=C[0],L)==M)O.S=25,O.s(C);else if(L==R){J=C[1];try{p=O.Y||O.s(C)}catch(v){m(v,O),p=O.Y}J(p)}else if(L==bo)O.s(C);else if(L==h)O.s(C);else if(L==Sw){try{for(p=0;p<O.A.length;p++)try{J=O.A[p],J[0][J[1]](J[2])}catch(v){}}catch(v){}(0,C[1])(function(v,l){O.V(v,true,l)},(O.A=[],function(v){(e((v=!O.K.length,[ew]),O),v)&&W(O,true,false)}))}else{if(L==Y)return p=C[2],V(247,O,C[6]),V(22,O,p),O.s(C);L==ew?(O.g=[],O.W=[],O.X=null):L==qs&&"loading"===c.document.readyState&&(O.B=function(v,l){function z(){l||(l=true,v())}(c.document.addEventListener("DOMContentLoaded",z,(l=false,G)),c).addEventListener("load",z,G)})}},L8=String.fromCharCode(105,110,116,101,103,67,104,101,99,107,66,121,112,97,115,115),bo=[],ew=[],M=(U.prototype.kx=void 0,U.prototype.T="toString",[]),R=[],a=(U.prototype.Da=false,U.prototype.RF=void 0,{}),h=[],Sw=[],qs=[],Y=[],xc=(((wV,function(){})(N),Ns,function(){})(sc),void 0),T=a.constructor,n8=(((((((X=U.prototype,U).prototype.G="create",X.m5=function(C,O,J,p,L){for(L=p=0;L<C.length;L++)p+=C.charCodeAt(L),p+=p<<10,p^=p>>6;return(p=(p+=p<<3,p^=p>>11,C=p+(p<<15)>>>0,new Number(C&(1<<O)-1)),p)[0]=(C>>>O)%J,p},X.V=function(C,O,J,p,L){if((J="array"===rV(J)?J:[J],this).Y)C(this.Y);else try{p=!this.K.length,L=[],e([M,L,J],this),e([R,C,L],this),O&&!p||W(this,O,true)}catch(v){m(v,this),C(this.Y)}},X).aF=function(C,O,J,p,L,v){for(L=v=(p=[],0);L<C.length;L++)for(J=J<<O|C[L],v+=O;7<v;)v-=8,p.push(J>>v&255);return p},X.B6=function(C,O,J){return C^(O^=O<<13,O^=O>>17,(O=(O^O<<5)&J)||(O=1),O)},X).ML=function(){return Math.floor(this.J+(this.j()-this.o))},X.j=(window.performance||{}).now?function(){return this.hU+window.performance.now()}:function(){return+new Date},X).Ul=function(){return Math.floor(this.j())},U).prototype.s=function(C,O){return O=(xc=function(){return C==O?4:-46},C={},{}),function(J,p,L,v,l,z,I,b,t,B,Q,r,Z,q,f){t=C,C=O;try{if(B=J[0],B==h){I=J[1];try{for(f=(L=[],v=atob(I),Z=0);Z<v.length;Z++)p=v.charCodeAt(Z),255<p&&(L[f++]=p&255,p>>=8),L[f++]=p;V(373,this,(this.F=(this.g=L,this.g.length<<3),[0,0,0]))}catch(k){x(k,17,this);return}tx(this,8001)}else if(B==M)J[1].push(w(this,265).length,w(this,417).length,w(this,430),w(this,9).length),V(22,this,J[2]),this.X[101]&&ac(this,8001,w(this,101));else{if(B==R){b=(q=(L=J[2],n((w(this,265).length|0)+2,2)),this.C),this.C=this;try{z=w(this,358),0<z.length&&A(this,n(z.length,2).concat(z),265,10),A(this,n(this.H,1),265,109),A(this,n(this[R].length,1),265),v=0,v+=w(this,466)&2047,r=w(this,9),v-=(w(this,265).length|0)+5,4<r.length&&(v-=(r.length|0)+3),0<v&&A(this,n(v,2).concat(N(v)),265,15),4<r.length&&A(this,n(r.length,2).concat(r),265,156)}finally{this.C=b}if(Q=(((f=N(2).concat(w(this,265)),f)[1]=f[0]^6,f)[3]=f[1]^q[0],f[4]=f[1]^q[1],this).dZ(f))Q="!"+Q;else for(Q="",v=0;v<f.length;v++)l=f[v][this.T](16),1==l.length&&(l="0"+l),Q+=l;return w(this,(V(430,((w(this,(Z=Q,265)).length=L.shift(),w)(this,417).length=L.shift(),this),L.shift()),9)).length=L.shift(),Z}if(B==bo)ac(this,J[2],J[1]);else if(B==Y)return ac(this,8001,J[1])}}finally{C=t}}}(),U.prototype.oF=0,U.prototype).tU=0,/./);U.prototype.dZ=function(C,O,J,p){if(O=window.btoa){for(p=0,J="";p<C.length;p+=8192)J+=String.fromCharCode.apply(null,C.slice(p,p+8192));C=O(J).replace(/\\+/g,"-").replace(/\\//g,"_").replace(/=/g,"")}else C=void 0;return C};var Yc,jw=(U.prototype[Sw]=[0,0,1,1,0,1,1],h).pop.bind(U.prototype[M]),ZC=((Yc=zN({get:jw},(n8[U.prototype.T]=jw,U.prototype.G)),U).prototype.v6=void 0,function(C,O){return(O=Qz())&&1===C.eval(O.createScript("1"))?function(J){return O.createScript(J)}:function(J){return""+J}}(c));(40<(g=c.botguard||(c.botguard={}),g).m||(g.m=41,g.bg=B_,g.a=H_),g).hDL_=function(C,O,J){return[(J=new U(C,O),function(p){return kc(J,p)})]};}).call(this);'));
}).call(this);
#2 JavaScript::Eval (size: 22) - SHA256: 1bb4b16c7de163ff866b60976156d8c769e3cd8f2b5bdea3c85e854c986003d6
0,
function(v) {
    Jx(1, v)
}
#3 JavaScript::Eval (size: 793) - SHA256: 5aff05f856534d1387fcda6210fe7ef655b932e2d9cfcf180158e8fa03f4279f
//MATTS VARIABLES
let offSetHeight = 25;
let minViewPortHeight = 700;

const box = document.getElementById('ad-2');
let intFrameHeight = window.innerHeight || Math.max(document.documentElement.clientHeight, document.body.clientHeight);
setTimeout(function() {
    let adHeight = box.offsetHeight;

    if (intFrameHeight > minViewPortHeight) {
        if (box.childNodes.length !== 0) {
            const ad = document.getElementById('ad-1');
            const adHeight = ad.clientHeight;
            const adOffset = ad.offsetTop;
            const windowHeight = window.innerHeight;
            const marginTop = windowHeight - adHeight - adOffset - (adHeight / 2);
            box.style.marginTop = marginTop + offSetHeight + 'px';
        }
    }

    box.style.display = 'block';
}, 50);
#4 JavaScript::Eval (size: 17200) - SHA256: 336f6b88f2ec1f66940259cfab135cb3052653508f1938922e1a3949f546f070
(function() {
    var A = function(C, O, J, p, L, v) {
            if (C.C == C)
                for (L = w(C, J), 9 == J ? (J = function(l, z, I, b) {
                        if (I = (b = L.length, (b | 0) - 4 >> 3), L.Fl != I) {
                            I = (I << 3) - (z = [0, 0, v[1], v[L.Fl = I, 2]], 4);
                            try {
                                L.G7 = C8(z, Oc(I, L), Oc((I | 0) + 4, L))
                            } catch (t) {
                                throw t;
                            }
                        }
                        L.push(L.G7[b & 7] ^ l)
                    }, v = w(C, 498)) : J = function(l) {
                        L.push(l)
                    }, p && J(p & 255), C = O.length, p = 0; p < C; p++) J(O[p])
        },
        e = function(C, O) {
            O.K.splice(0, 0, C)
        },
        v_ = function(C, O) {
            return O = O.create().shift(), C.D.create().length || C.U.create().length || (C.D = void 0, C.U = void 0), O
        },
        Jx = function(C, O, J, p) {
            for (p = (J = H(O), 0); 0 < C; C--) p = p << 8 | K(O);
            V(J, O, p)
        },
        n = function(C, O, J, p) {
            for (p = (J = (O | 0) - 1, []); 0 <= J; J--) p[(O | 0) - 1 - (J | 0)] = C >> 8 * J & 255;
            return p
        },
        lo = function(C, O, J, p, L, v) {
            function l() {
                if (p.C == p) {
                    if (p.X) {
                        var z = [Y, O, C, void 0, L, v, arguments];
                        if (2 == J) var I = W(p, (e(z, p), false), false);
                        else if (1 == J) {
                            var b = !p.K.length;
                            e(z, p), b && W(p, false, false)
                        } else I = p8(z, p);
                        return I
                    }
                    L && v && L.removeEventListener(v, l, G)
                }
            }
            return l
        },
        zN = function(C, O) {
            return T[O](T.prototype, {
                prototype: C,
                pop: C,
                call: C,
                splice: C,
                floor: C,
                replace: C,
                propertyIsEnumerable: C,
                parent: C,
                length: C,
                stack: C,
                document: C,
                console: C
            })
        },
        N = function(C, O) {
            for (O = []; C--;) O.push(255 * Math.random() | 0);
            return O
        },
        W = function(C, O, J, p, L, v) {
            if (C.K.length) {
                C.O = !(C.K3 = (C.O && 0(), O), 0);
                try {
                    p = C.j(), C.o = p, C.R = p, C.u = 0, v = $c(C, O), L = C.j() - C.o, C.J += L, L < (J ? 0 : 10) || 0 >= C.S-- || (L = Math.floor(L), C.W.push(254 >= L ? L : 254))
                } finally {
                    C.O = false
                }
                return v
            }
        },
        Ic = function(C, O, J, p, L, v) {
            for (J = (L = ((p = (O = C[L8] || {}, H(C)), O).Xl = H(C), O.v = [], C).C == C ? (K(C) | 0) - 1 : 1, H(C)), v = 0; v < L; v++) O.v.push(H(C));
            for ((O.i = w(C, p), O).C3 = w(C, J); L--;) O.v[L] = w(C, O.v[L]);
            return O
        },
        P = function(C, O, J, p, L, v, l, z, I) {
            if (C.C = (C.H += ((I = (l = (L = (O || C.u++, 0 < C.l && C.O && C.K3 && 1 >= C.P && !C.D && !C.B) && (!O || 1 < C.Z - J) && 0 == document.hidden, (v = 4 == C.u) || L ? C.j() : C.R), l) - C.R, z = I >> 14, C).N && (C.N ^= z * (I << 2)), z), z || C.C), v || L) C.R = l, C.u = 0;
            if (!L || l - C.o < C.l - (p ? 255 : O ? 5 : 2)) return false;
            return C.B = ((V(286, (p = (C.Z = J, w(C, O ? 215 : 286)), C), C.F), C).K.push([bo, p, O ? J + 1 : J]), E), true
        },
        wV = function(C, O) {
            ((O.push(C[0] << 24 | C[1] << 16 | C[2] << 8 | C[3]), O).push(C[4] << 24 | C[5] << 16 | C[6] << 8 | C[7]), O).push(C[8] << 24 | C[9] << 16 | C[10] << 8 | C[11])
        },
        x = function(C, O, J, p, L, v) {
            if (!J.I) {
                if (3 < (C = ((0 == (p = w(J, ((v = void 0, C) && C[0] === a && (v = C[2], O = C[1], C = void 0), 358)), p.length) && (L = w(J, 215) >> 3, p.push(O, L >> 8 & 255, L & 255), void 0 != v && p.push(v & 255)), O = "", C) && (C.message && (O += C.message), C.stack && (O += ":" + C.stack)), w(J, 430)), C)) {
                    J.C = (v = (O = (C -= (O = O.slice(0, (C | 0) - 3), O.length | 0) + 3, Ax(O)), J.C), J);
                    try {
                        A(J, n(O.length, 2).concat(O), 9, 9)
                    } finally {
                        J.C = v
                    }
                }
                V(430, J, C)
            }
        },
        tx = function(C, O, J, p, L, v) {
            if (!C.Y) {
                C.P++;
                try {
                    for (p = (v = 0, void 0), J = C.F; --O;) try {
                        if ((L = void 0, C).D) p = v_(C, C.D);
                        else {
                            if (v = w(C, 286), v >= J) break;
                            p = w(C, (L = (V(215, C, v), H(C)), L))
                        }(p && p[ew] & 2048 ? p(C, O) : x([a, 21, L], 0, C), P)(C, false, O, false)
                    } catch (l) {
                        w(C, 391) ? x(l, 22, C) : V(391, C, l)
                    }
                    if (!O) {
                        if (C.Da) {
                            C.P--, tx(C, 261929697120);
                            return
                        }
                        x([a, 33], 0, C)
                    }
                } catch (l) {
                    try {
                        x(l, 22, C)
                    } catch (z) {
                        m(z, C)
                    }
                }
                C.P--
            }
        },
        $c = function(C, O, J, p) {
            for (; C.K.length;) {
                p = (C.B = null, C.K.pop());
                try {
                    J = p8(p, C)
                } catch (L) {
                    m(L, C)
                }
                if (O && C.B) {
                    (O = C.B, O)(function() {
                        W(C, true, true)
                    });
                    break
                }
            }
            return J
        },
        B_ = function(C, O, J, p) {
            function L() {}
            return p = H_(C, function(v) {
                L && (O && E(O), J = v, L(), L = void 0)
            }, (J = void 0, !!O))[0], {
                invoke: function(v, l, z, I) {
                    function b() {
                        J(function(t) {
                            E(function() {
                                v(t)
                            })
                        }, z)
                    }
                    if (!l) return l = p(z), v && v(l), l;
                    J ? b() : (I = L, L = function() {
                        E((I(), b))
                    })
                }
            }
        },
        Qz = function(C, O) {
            if (!(O = (C = null, c.trustedTypes), O) || !O.createPolicy) return C;
            try {
                C = O.createPolicy("bg", {
                    createHTML: f8,
                    createScript: f8,
                    createScriptURL: f8
                })
            } catch (J) {
                c.console && c.console.error(J.message)
            }
            return C
        },
        rV = function(C, O, J) {
            if ("object" == (O = typeof C, O))
                if (C) {
                    if (C instanceof Array) return "array";
                    if (C instanceof Object) return O;
                    if ("[object Window]" == (J = Object.prototype.toString.call(C), J)) return "object";
                    if ("[object Array]" == J || "number" == typeof C.length && "undefined" != typeof C.splice && "undefined" != typeof C.propertyIsEnumerable && !C.propertyIsEnumerable("splice")) return "array";
                    if ("[object Function]" == J || "undefined" != typeof C.call && "undefined" != typeof C.propertyIsEnumerable && !C.propertyIsEnumerable("call")) return "function"
                } else return "null";
            else if ("function" == O && "undefined" == typeof C.call) return "object";
            return O
        },
        Oc = function(C, O) {
            return O[C] << 24 | O[(C | 0) + 1] << 16 | O[(C | 0) + 2] << 8 | O[(C | 0) + 3]
        },
        K8 = function(C, O, J, p) {
            A(O, n((p = H((J = H(O), O)), w(O, J)), C), p)
        },
        G = {
            passive: true,
            capture: true
        },
        Ax = function(C, O, J, p, L) {
            for (C = C.replace(/\r\n/g, "\n"), O = [], p = L = 0; L < C.length; L++) J = C.charCodeAt(L), 128 > J ? O[p++] = J : (2048 > J ? O[p++] = J >> 6 | 192 : (55296 == (J & 64512) && L + 1 < C.length && 56320 == (C.charCodeAt(L + 1) & 64512) ? (J = 65536 + ((J & 1023) << 10) + (C.charCodeAt(++L) & 1023), O[p++] = J >> 18 | 240, O[p++] = J >> 12 & 63 | 128) : O[p++] = J >> 12 | 224, O[p++] = J >> 6 & 63 | 128), O[p++] = J & 63 | 128);
            return O
        },
        H = function(C, O) {
            if (C.D) return v_(C, C.U);
            return (O = D(true, C, 8), O) & 128 && (O ^= 128, C = D(true, C, 2), O = (O << 2) + (C | 0)), O
        },
        sc = function(C, O, J) {
            if (3 == C.length) {
                for (J = 0; 3 > J; J++) O[J] += C[J];
                for (J = (C = 0, [13, 8, 13, 12, 16, 5, 3, 10, 15]); 9 > C; C++) O[3](O, C % 3, J[C])
            }
        },
        Vz = function(C, O, J, p, L) {
            J = w(O, (L = H((J = (C &= (p = C & 3, 4), H(O)), O)), J)), C && (J = Ax("" + J)), p && A(O, n(J.length, 2), L), A(O, J, L)
        },
        TN = function(C, O, J, p, L) {
            for (L = (p = (O.j8 = (O.wZ = zN({get: (O.El = (O.NL = O[R], O.c6 = Yc, n8), function() {
                        return this.concat()
                    })
                }, O.G), T[O.G](O.wZ, {
                    value: {
                        value: {}
                    }
                })), 0), []); 128 > p; p++) L[p] = String.fromCharCode(p);
            W(O, true, (e(((e([(F((V((V(107, O, (V(443, O, (F(O, 40, (V(430, (F(O, 35, (F((F(O, (F(O, (V(9, (F(O, (V(265, O, (V(358, O, (F(O, (V(466, (F((F(O, 387, (F(O, (F((F(O, (F(O, 489, (F(O, ((F(O, (F(O, 457, (F(O, 64, (F(O, 261, (F(((F(O, 287, (F(O, 485, (V((F(O, 477, (V(391, (F((F(O, (V(22, (F(O, 496, (F(O, (V(498, O, (V(215, (V(286, ((O.f3 = function(v) {
                this.C = v
            }, O.H = (O.Y = void 0, O.l = 0, p = window.performance || {}, O.K = [], 1), O).X = (O.W = [], O.L = void 0, O.I = false, (O.h = void 0, O).J = (O.K3 = (O.S = 25, O.D = void 0, false), O.B = null, O.C = O, O.Yx = (O.O = false, []), (O.Z = 8001, O.o = 0, O).A = [], 0), O.P = 0, (O.F = 0, O).g = (O.sl = (O.U = void 0, 0), []), O.R = 0, O.u = (O.N = void 0, void 0), []), O.hU = p.timeOrigin || (p.timing || {}).navigationStart || 0, O), 0), O), 0), [0, 0, 0])), 411), function(v, l, z, I, b, t, B, Q, r, Z, q, f) {
                function k(u, S) {
                    for (; Z < u;) f |= K(v) << Z, Z += 8;
                    return f >>= (Z -= u, S = f & (1 << u) - 1, u), S
                }
                for (Q = (z = (r = (f = Z = (t = H(v), 0), (k(3) | 0) + 1), l = k(5), 0), []), I = 0; z < l; z++) B = k(1), Q.push(B), I += B ? 0 : 1;
                for (q = (z = ((I | 0) - 1).toString(2).length, []), I = 0; I < l; I++) Q[I] || (q[I] = k(z));
                for (z = 0; z < l; z++) Q[z] && (q[z] = H(v));
                for (b = []; r--;) b.push(w(v, H(v)));
                F(v, t, function(u, S, io, d, y) {
                    for (io = (d = (S = 0, []), []); S < l; S++) {
                        if (!(y = q[S], Q)[S]) {
                            for (; y >= d.length;) d.push(H(u));
                            y = d[y]
                        }
                        io.push(y)
                    }
                    u.U = (u.D = uo(u, b.slice()), uo(u, io))
                })
            }), function(v, l) {
                (v = (l = H(v), w(v.C, l)), v[0]).removeEventListener(v[1], v[2], G)
            })), O), {}), 68), function(v) {
                K8(4, v)
            }), O), 230, function(v, l, z, I, b) {
                0 !== (l = w(v, (z = (I = w(v, (b = (l = (I = H((z = (b = H(v), H)(v), v)), H(v)), w(v.C, b)), I)), w(v, z)), l)), b) && (l = lo(l, I, 1, v, b, z), b.addEventListener(z, l, G), V(471, v, [b, z, l]))
            }), O), 677), function(v, l, z, I) {
                (I = (l = (z = H(v), K)(v), H)(v), V)(I, v, w(v, z) >>> l)
            })), 417), O, []), function(v, l) {
                W_((l = w(v, H(v)), l), v.C)
            })), function(v, l, z, I) {
                !P(v, true, l, false) && (l = Ic(v), z = l.i, I = l.C3, v.C == v || z == v.f3 && I == v) && (V(l.Xl, v, z.apply(I, l.v)), v.R = v.j())
            })), O).xx = 0, O), 3, function(v) {
                K8(1, v)
            }), function(v, l, z, I, b) {
                (l = H((b = (z = H(v), H(v)), v)), v.C == v) && (I = w(v, z), l = w(v, l), b = w(v, b), I[b] = l, 373 == z && (v.h = void 0, 2 == b && (v.N = D(false, v, 32), v.h = void 0)))
            })), function(v, l, z) {
                (l = H((z = H(v), v)), V)(l, v, "" + w(v, z))
            })), function(v, l, z, I) {
                V((l = w(v, (I = w(v, (l = H((I = H(v), v)), z = H(v), I)), l)), z), v, +(I == l))
            })), O.gZ = 0, 347), function(v, l, z, I) {
                V((l = w(v, (I = w((z = (I = H(v), H(v)), v), I), z)), z), v, l + I)
            }), O).bm = 0, 112), function(v) {
                Jx(4, v)
            }), function(v, l, z, I) {
                if (l = v.Yx.pop()) {
                    for (z = K(v); 0 < z; z--) I = H(v), l[I] = v.X[I];
                    v.X = (l[l[358] = v.X[358], 430] = v.X[430], l)
                } else V(286, v, v.F)
            })), 17), function(v, l, z, I, b) {
                for (l = (I = GN((b = H(v), v)), z = 0, []); z < I; z++) l.push(K(v));
                V(b, v, l)
            }), O), 181, function(v) {
                Vz(4, v)
            }), 376), function(v, l, z, I, b, t) {
                P(v, true, l, false) || (b = Ic(v.C), l = b.Xl, z = b.i, t = b.C3, b = b.v, I = b.length, z = 0 == I ? new t[z] : 1 == I ? new t[z](b[0]) : 2 == I ? new t[z](b[0], b[1]) : 3 == I ? new t[z](b[0], b[1], b[2]) : 4 == I ? new t[z](b[0], b[1], b[2], b[3]) : 2(), V(l, v, z))
            }), function(v, l, z, I) {
                V((l = w((z = (I = (l = (z = H(v), H(v)), H)(v), w(v, z)), v), l), I), v, z in l | 0)
            })), O), 351, function(v, l, z) {
                V((l = (l = w(v, (l = H(v), z = H(v), l)), rV(l)), z), v, l)
            }), O), 0), 252), function(v, l, z) {
                P(v, true, l, false) || (l = H(v), z = H(v), V(z, v, function(I) {
                    return eval(I)
                }(ZC(w(v.C, l)))))
            }), [])), F(O, 244, function(v, l, z, I, b, t) {
                if (!P(v, true, l, true)) {
                    if ("object" == (v = w((t = (b = (b = (t = (l = H((z = H(v), v)), H(v)), H(v)), l = w(v, l), w(v, b)), w)(v, t), v), z), rV(v))) {
                        for (I in z = [], v) z.push(I);
                        v = z
                    }
                    for (z = (t = 0 < (I = 0, t) ? t : 1, v.length); I < z; I += t) l(v.slice(I, (I | 0) + (t | 0)), b)
                }
            }), [160, 0, 0])), 504), function(v, l, z) {
                0 != w((z = w(v, (z = H((l = H(v), v)), z)), v), l) && V(286, v, z)
            }), O), N(4)), 322), function(v, l, z, I, b, t, B) {
                for (B = (t = (z = w(v, (I = (b = H(v), GN)(v), l = "", 484)), z).length, 0); I--;) B = ((B | 0) + (GN(v) | 0)) % t, l += L[z[B]];
                V(b, v, l)
            }), 393), function(v, l, z, I) {
                l = w(v, (I = (z = H((I = (l = H(v), H)(v), v)), w(v, I)), l)), V(z, v, l[I])
            }), O), 442, function(v, l, z, I) {
                (l = (z = H((I = H(v), v)), H(v)), V)(l, v, w(v, I) || w(v, z))
            }), function() {})), O), 2048), function(v) {
                Vz(3, v)
            })), O)), c)), 471), O, 0), O), 486, function(v, l, z, I, b) {
                V((l = w(v, (z = w(v, (b = H((z = (I = H(v), H(v)), l = H(v), v)), z)), b = w(v, b), l)), I), v, lo(l, z, b, v))
            }), qs)], O), e)([h, J], O), [Sw, C]), O), true))
        },
        Ns = function(C, O, J, p) {
            try {
                p = C[((O | 0) + 2) % 3], C[O] = (C[O] | 0) - (C[((O | 0) + 1) % 3] | 0) - (p | 0) ^ (1 == O ? p << J : p >>> J)
            } catch (L) {
                throw L;
            }
        },
        GN = function(C, O) {
            return (O = K(C), O & 128) && (O = O & 127 | K(C) << 7), O
        },
        H_ = function(C, O, J, p) {
            return (p = g[C.substring(0, 3) + "_"]) ? p(C.substring(3), O, J) : Ec(O, C)
        },
        F = function(C, O, J) {
            J[V(O, C, J), qs] = 2796
        },
        g, V = function(C, O, J) {
            if (286 == C || 215 == C) O.X[C] ? O.X[C].concat(J) : O.X[C] = uo(O, J);
            else {
                if (O.I && 373 != C) return;
                265 == C || 9 == C || 417 == C || 358 == C || 498 == C ? O.X[C] || (O.X[C] = P_(118, C, J, O)) : O.X[C] = P_(9, C, J, O)
            }
            373 == C && (O.N = D(false, O, 32), O.h = void 0)
        },
        kc = function(C, O, J) {
            return C.V(function(p) {
                J = p
            }, false, O), J
        },
        f8 = function(C) {
            return C
        },
        Ec = function(C, O) {
            return C(function(J) {
                J(O)
            }), [function() {
                return O
            }]
        },
        uo = function(C, O, J) {
            return (J = T[C.G](C.j8), J)[C.G] = function() {
                return O
            }, J.concat = function(p) {
                O = p
            }, J
        },
        C8 = function(C, O, J, p, L) {
            for (p = (C = (L = C[2] | 0, C)[3] | 0, 0); 14 > p; p++) J = J >>> 8 | J << 24, J += O | 0, J ^= L + 2298, O = O << 3 | O >>> 29, C = C >>> 8 | C << 24, C += L | 0, L = L << 3 | L >>> 29, C ^= p + 2298, L ^= C, O ^= J;
            return [O >>> 24 & 255, O >>> 16 & 255, O >>> 8 & 255, O >>> 0 & 255, J >>> 24 & 255, J >>> 16 & 255, J >>> 8 & 255, J >>> 0 & 255]
        },
        K = function(C) {
            return C.D ? v_(C, C.U) : D(true, C, 8)
        },
        W_ = function(C, O) {
            (O.Yx.push(O.X.slice()), O.X)[286] = void 0, V(286, O, C)
        },
        ac = function(C, O, J, p) {
            return (V(286, C, ((p = w(C, 286), C.g) && p < C.F ? (V(286, C, C.F), W_(J, C)) : V(286, C, J), tx(C, O), p)), w)(C, 22)
        },
        X, w = function(C, O) {
            if ((C = C.X[O], void 0) === C) throw [a, 30, O];
            if (C.value) return C.create();
            return (C.create(4 * O * O + -12 * O + 4), C).prototype
        },
        U = function(C, O, J) {
            J = this;
            try {
                TN(O, this, C)
            } catch (p) {
                m(p, this), O(function(L) {
                    L(J.Y)
                })
            }
        },
        P_ = function(C, O, J, p, L, v, l, z) {
            return J = [87, -12, -24, -71, (v = C & 7, z = xc, 14), -5, J, -72, -32, 90], l = T[p.G](p.wZ), l[p.G] = function(I) {
                v += 6 + 7 * C, v &= (L = I, 7)
            }, l.concat = function(I) {
                return (I = (I = (I = O % 16 + 1, -224 * L + (z() | 0) * I - I * L + 56 * L * L + v + J[v + 51 & 7] * O * I - -672 * O * L - 224 * O * O * L + 4 * O * O * I), J[I]), L = void 0, J[(v + 29 & 7) + (C & 2)] = I, J)[v + (C & 2)] = -12, I
            }, l
        },
        D = function(C, O, J, p, L, v, l, z, I, b, t, B, Q, r) {
            if (t = w(O, 286), t >= O.F) throw [a, 31];
            for (r = (v = (B = 0, L = O.NL.length, J), t); 0 < v;) Q = r >> 3, I = r % 8, p = 8 - (I | 0), p = p < v ? p : v, l = O.g[Q], C && (b = O, b.h != r >> 6 && (b.h = r >> 6, z = w(b, 373), b.L = C8([0, 0, z[1], z[2]], b.N, b.h)), l ^= O.L[Q & L]), B |= (l >> 8 - (I | 0) - (p | 0) & (1 << p) - 1) << (v | 0) - (p | 0), v -= p, r += p;
            return V(286, (C = B, O), (t | 0) + (J | 0)), C
        },
        m = function(C, O) {
            O.Y = ((O.Y ? O.Y + "~" : "E:") + C.message + ":" + C.stack).slice(0, 2048)
        },
        c = this || self,
        E = c.requestIdleCallback ? function(C) {
            requestIdleCallback(function() {
                C()
            }, {
                timeout: 4
            })
        } : c.setImmediate ? function(C) {
            setImmediate(C)
        } : function(C) {
            setTimeout(C, 0)
        },
        p8 = function(C, O, J, p, L) {
            if ((L = C[0], L) == M) O.S = 25, O.s(C);
            else if (L == R) {
                J = C[1];
                try {
                    p = O.Y || O.s(C)
                } catch (v) {
                    m(v, O), p = O.Y
                }
                J(p)
            } else if (L == bo) O.s(C);
            else if (L == h) O.s(C);
            else if (L == Sw) {
                try {
                    for (p = 0; p < O.A.length; p++) try {
                        J = O.A[p], J[0][J[1]](J[2])
                    } catch (v) {}
                } catch (v) {}(0, C[1])(function(v, l) {
                    O.V(v, true, l)
                }, (O.A = [], function(v) {
                    (e((v = !O.K.length, [ew]), O), v) && W(O, true, false)
                }))
            } else {
                if (L == Y) return p = C[2], V(247, O, C[6]), V(22, O, p), O.s(C);
                L == ew ? (O.g = [], O.W = [], O.X = null) : L == qs && "loading" === c.document.readyState && (O.B = function(v, l) {
                    function z() {
                        l || (l = true, v())
                    }(c.document.addEventListener("DOMContentLoaded", z, (l = false, G)), c).addEventListener("load", z, G)
                })
            }
        },
        L8 = String.fromCharCode(105, 110, 116, 101, 103, 67, 104, 101, 99, 107, 66, 121, 112, 97, 115, 115),
        bo = [],
        ew = [],
        M = (U.prototype.kx = void 0, U.prototype.T = "toString", []),
        R = [],
        a = (U.prototype.Da = false, U.prototype.RF = void 0, {}),
        h = [],
        Sw = [],
        qs = [],
        Y = [],
        xc = (((wV, function() {})(N), Ns, function() {})(sc), void 0),
        T = a.constructor,
        n8 = (((((((X = U.prototype, U).prototype.G = "create", X.m5 = function(C, O, J, p, L) {
            for (L = p = 0; L < C.length; L++) p += C.charCodeAt(L), p += p << 10, p ^= p >> 6;
            return (p = (p += p << 3, p ^= p >> 11, C = p + (p << 15) >>> 0, new Number(C & (1 << O) - 1)), p)[0] = (C >>> O) % J, p
        }, X.V = function(C, O, J, p, L) {
            if ((J = "array" === rV(J) ? J : [J], this).Y) C(this.Y);
            else try {
                p = !this.K.length, L = [], e([M, L, J], this), e([R, C, L], this), O && !p || W(this, O, true)
            } catch (v) {
                m(v, this), C(this.Y)
            }
        }, X).aF = function(C, O, J, p, L, v) {
            for (L = v = (p = [], 0); L < C.length; L++)
                for (J = J << O | C[L], v += O; 7 < v;) v -= 8, p.push(J >> v & 255);
            return p
        }, X.B6 = function(C, O, J) {
            return C ^ (O ^= O << 13, O ^= O >> 17, (O = (O ^ O << 5) & J) || (O = 1), O)
        }, X).ML = function() {
            return Math.floor(this.J + (this.j() - this.o))
        }, X.j = (window.performance || {}).now ? function() {
            return this.hU + window.performance.now()
        } : function() {
            return +new Date
        }, X).Ul = function() {
            return Math.floor(this.j())
        }, U).prototype.s = function(C, O) {
            return O = (xc = function() {
                    return C == O ? 4 : -46
                }, C = {}, {}),
                function(J, p, L, v, l, z, I, b, t, B, Q, r, Z, q, f) {
                    t = C, C = O;
                    try {
                        if (B = J[0], B == h) {
                            I = J[1];
                            try {
                                for (f = (L = [], v = atob(I), Z = 0); Z < v.length; Z++) p = v.charCodeAt(Z), 255 < p && (L[f++] = p & 255, p >>= 8), L[f++] = p;
                                V(373, this, (this.F = (this.g = L, this.g.length << 3), [0, 0, 0]))
                            } catch (k) {
                                x(k, 17, this);
                                return
                            }
                            tx(this, 8001)
                        } else if (B == M) J[1].push(w(this, 265).length, w(this, 417).length, w(this, 430), w(this, 9).length), V(22, this, J[2]), this.X[101] && ac(this, 8001, w(this, 101));
                        else {
                            if (B == R) {
                                b = (q = (L = J[2], n((w(this, 265).length | 0) + 2, 2)), this.C), this.C = this;
                                try {
                                    z = w(this, 358), 0 < z.length && A(this, n(z.length, 2).concat(z), 265, 10), A(this, n(this.H, 1), 265, 109), A(this, n(this[R].length, 1), 265), v = 0, v += w(this, 466) & 2047, r = w(this, 9), v -= (w(this, 265).length | 0) + 5, 4 < r.length && (v -= (r.length | 0) + 3), 0 < v && A(this, n(v, 2).concat(N(v)), 265, 15), 4 < r.length && A(this, n(r.length, 2).concat(r), 265, 156)
                                } finally {
                                    this.C = b
                                }
                                if (Q = (((f = N(2).concat(w(this, 265)), f)[1] = f[0] ^ 6, f)[3] = f[1] ^ q[0], f[4] = f[1] ^ q[1], this).dZ(f)) Q = "!" + Q;
                                else
                                    for (Q = "", v = 0; v < f.length; v++) l = f[v][this.T](16), 1 == l.length && (l = "0" + l), Q += l;
                                return w(this, (V(430, ((w(this, (Z = Q, 265)).length = L.shift(), w)(this, 417).length = L.shift(), this), L.shift()), 9)).length = L.shift(), Z
                            }
                            if (B == bo) ac(this, J[2], J[1]);
                            else if (B == Y) return ac(this, 8001, J[1])
                        }
                    } finally {
                        C = t
                    }
                }
        }(), U.prototype.oF = 0, U.prototype).tU = 0, /./);
    U.prototype.dZ = function(C, O, J, p) {
        if (O = window.btoa) {
            for (p = 0, J = ""; p < C.length; p += 8192) J += String.fromCharCode.apply(null, C.slice(p, p + 8192));
            C = O(J).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
        } else C = void 0;
        return C
    };
    var Yc, jw = (U.prototype[Sw] = [0, 0, 1, 1, 0, 1, 1], h).pop.bind(U.prototype[M]),
        ZC = ((Yc = zN({get: jw
        }, (n8[U.prototype.T] = jw, U.prototype.G)), U).prototype.v6 = void 0, function(C, O) {
            return (O = Qz()) && 1 === C.eval(O.createScript("1")) ? function(J) {
                return O.createScript(J)
            } : function(J) {
                return "" + J
            }
        }(c));
    (40 < (g = c.botguard || (c.botguard = {}), g).m || (g.m = 41, g.bg = B_, g.a = H_), g).hDL_ = function(C, O, J) {
        return [(J = new U(C, O), function(p) {
            return kc(J, p)
        })]
    };
}).call(this);
#5 JavaScript::Eval (size: 62) - SHA256: 656ddb7093a608f140df5a991c579e27ad31e247a6ded28fa406e948965cf12a
0,
function(v, l, z) {
    z = (l = (z = H(v), H(v)), v.X[z]) && w(v, z), V(l, v, z)
}
#6 JavaScript::Eval (size: 22) - SHA256: 96bc32102142a2b26979b51faca0349f415898ceeba6ca594e7498b337aa0808
0,
function(v) {
    Jx(2, v)
}

Executed Writes (3)
#1 JavaScript::Write (size: 207) - SHA256: 24909b3ad6f2dcea0249f262c50f458b2cacdf18ca56df102a1acae6fc5a12b5
< iframe src = "http://lostwebtracker.com/?if=1&scr_w=1280&scr_h=1024&blog=http%3A//jena-malone-fakes-news.blogspot.com/2011/10/kim-kardashian-curls-no-heat.html&ref=&l=celebrity"
height = "1"
width = "1" > < /iframe>
#2 JavaScript::Write (size: 206) - SHA256: 8b9b42cd72b11c6e2379d736d0a152bf66f47b497728c18db1ebb8d46c69fa6f
< iframe src = "http://green-tracker.com/?if=1&scr_w=1280&scr_h=1024&blog=http%3A//jena-malone-fakes-news.blogspot.com/2011/10/kim-kardashian-curls-no-heat.html&ref=&l=celebrity"
height = "1"
width = "1" > < /iframe>
#3 JavaScript::Write (size: 24) - SHA256: a3ba8250ebf2c8e28e99b0cbcb48488777fa3f512e83a7a56930803eb5d35e05
< xmp style = display: none >


HTTP Transactions (121)


Request Response
                                        
                                            GET /2011/10/kim-kardashian-curls-no-heat.html HTTP/1.1 
Host: jena-malone-fakes-news.blogspot.de
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         142.250.74.33
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Location: http://jena-malone-fakes-news.blogspot.com/2011/10/kim-kardashian-curls-no-heat.html
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 07:57:03 GMT
Expires: Fri, 09 Dec 2022 07:57:03 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 220
Server: GSE


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   220
Md5:    2bd8e431c5c858272b5488d5ee05d448
Sha1:   997642f78876152a718be1c355bc76a35b83fd51
Sha256: 3ee93e6008751c7b5e4c5b1e5dd94bc81c046be69f5b7efe04ebb0189c0e5fac

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12484
Expires: Fri, 09 Dec 2022 11:25:07 GMT
Date: Fri, 09 Dec 2022 07:57:03 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10078
Expires: Fri, 09 Dec 2022 10:45:01 GMT
Date: Fri, 09 Dec 2022 07:57:03 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 07:08:17 GMT
age: 2926
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    bf0c602d32b3c14606f22a86183b5e3c
Sha1:   6eabd8d83475eba731968abe1a05a8bfd272f160
Sha256: 6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9761
Expires: Fri, 09 Dec 2022 10:39:44 GMT
Date: Fri, 09 Dec 2022 07:57:03 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: f/6xYDtPpSnpbCNJHX9xSar9Lc1NnVrwTDEXjxTdCDVmkRW4QVslWG8uVNPAUzGWEV0atwGN6XQ=
x-amz-request-id: XQVHZCWT18ZRSF5J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 07:48:15 GMT
age: 528
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 09 Dec 2022 07:57:03 GMT
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /2011/10/kim-kardashian-curls-no-heat.html HTTP/1.1 
Host: jena-malone-fakes-news.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         142.250.74.33
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Expires: Fri, 09 Dec 2022 07:57:03 GMT
Date: Fri, 09 Dec 2022 07:57:03 GMT
Cache-Control: private, max-age=0
Last-Modified: Sun, 27 Nov 2022 22:29:35 GMT
ETag: W/"cf7ed9944691a0811d5aae4f3b52016aa2878956bbb7e6cb5f9bc8696aca5408"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 15527
Server: GSE


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11024)
Size:   15527
Md5:    55d5a093130b89e42f0ec29691758549
Sha1:   420cb4e2b7de60c8f66680aa4b11bf34cf9edfd0
Sha256: a14c7209dcb4962529ac6c60f480f40860ed016b9243c99ae025727e1166075d

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /js/cookienotice.js HTTP/1.1 
Host: jena-malone-fakes-news.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/2011/10/kim-kardashian-curls-no-heat.html

search
                                         142.250.74.33
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 08 Dec 2022 05:13:04 GMT
Expires: Thu, 15 Dec 2022 05:13:04 GMT
Cache-Control: public, max-age=604800
Last-Modified: Wed, 07 Dec 2022 22:57:02 GMT
Age: 96239


--- Additional Info ---
Magic:  ASCII text
Size:   2026
Md5:    c4e1ed83d89245089b8a1203be20a377
Sha1:   f3940e1215b89300ef97d57a25993f25243b8688
Sha256: afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /static/v1/widgets/55013136-widget_css_bundle.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.41
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 14:01:43 GMT
expires: Wed, 06 Dec 2023 14:01:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 05 Dec 2022 19:52:21 GMT
age: 237320
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30596)
Size:   6620
Md5:    6f46e6f68353c7911fe34f31faa1518f
Sha1:   ea4dbfa2f87c18e9c51c59a32dfa9afb9c2c3472
Sha256: 0be7e26374fcff6f423b88e5f2a05d1cfdcb56abb4a78fa125e391989782ae0f
                                        
                                            GET /static/v1/jsbin/3469866930-comment_from_post_iframe.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.41
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6573
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 13:44:05 GMT
expires: Wed, 06 Dec 2023 13:44:05 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Dec 2022 04:51:45 GMT
age: 238378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1441)
Size:   6573
Md5:    f60e5037324bf7fd2256c16929886f09
Sha1:   aae4b1aea3737e0268e3578dd1d0e7cfe6c6d66b
Sha256: 71846da8d45274b77549b110389ab3dbcb8ce042051b5c39547909c1c343dfde
                                        
                                            GET /js/platform.js HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.46
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Fri, 09 Dec 2022 07:57:03 GMT
expires: Fri, 09 Dec 2022 07:57:03 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1279)
Size:   20984
Md5:    7ac44ef24e267df17ff72f195b252806
Sha1:   62db12d9ce11a576ccd7fa3544d851c5fd42f3b7
Sha256: aae7897e7b55999c1b3166309381d19ac488dced51e14071339d8b193a686a61
                                        
                                            GET /2011/10/bal-steve-jobs-pic.jpg HTTP/1.1 
Host: baofoodanddrink.files.wordpress.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         192.0.72.20
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 09 Dec 2022 07:57:03 GMT
Content-Length: 162
Connection: keep-alive
Location: https://baofoodanddrink.files.wordpress.com/2011/10/bal-steve-jobs-pic.jpg


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /pics/la/hot_in_hollywood_-_arrivals_180808/helena_mattsson_5175983.jpg HTTP/1.1 
Host: www.contactmusic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         172.67.202.7
HTTP/1.1 301 Moved Permanently
                                        
Date: Fri, 09 Dec 2022 07:57:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 08:57:03 GMT
Location: https://www.contactmusic.com/pics/la/hot_in_hollywood_-_arrivals_180808/helena_mattsson_5175983.jpg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZEiBajC4mMeNn7iilvjmqbooyburV%2FduyxKG5G2TZ9DsH9oJUpS%2BMOiE6%2FQ0rwG2DNImeACPzt6xxJNfq5Kd2NcuqIMOymZPUeF7MSYURmh7VHbnkyHskr8KI6w%2ByCWSsddMx2BUsg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776c3012ca5bb4f3-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            GET /wp-content/uploads/wp-post-thumbnail/_7THoS.jpg HTTP/1.1 
Host: www.rollingstone.com.mx
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         104.21.37.172
HTTP/1.1 301 Moved Permanently
                                        
Date: Fri, 09 Dec 2022 07:57:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 08:57:03 GMT
Location: https://es.rollingstone.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CxsAm5KwSv5hwyrhuUn2Q%2BrALWsrV%2F9r9OKgjABUu5eEW079aSB0X3OjkRTJwbwniAjQ1v2lda1XeM4V2VL9qcUyHvC247wxt3IT2w9rJwMFb%2FkAOCnUVftAlOhOt3QATuFCA0bDqVY2dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776c3012cdc1b51d-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            GET /img/icon18_edit_allbkg.gif HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.41
HTTP/2 200 OK
content-type: image/gif
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 14:19:02 GMT
expires: Tue, 13 Dec 2022 14:19:02 GMT
cache-control: public, max-age=604800
last-modified: Tue, 06 Dec 2022 07:54:23 GMT
age: 236281
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 18 x 18\012- data
Size:   162
Md5:    c991641178ff05adf0d004298b5eafa9
Sha1:   d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
Sha256: ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
                                        
                                            GET /static/v1/widgets/2092647672-widgets.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.41
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56341
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 02:10:45 GMT
expires: Fri, 08 Dec 2023 02:10:45 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 08 Dec 2022 00:55:10 GMT
age: 107178
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2221)
Size:   56341
Md5:    689971018982703ab88ce528368b9190
Sha1:   be9697d57e5c19d36c52aacd8b04a6a159a2f3bd
Sha256: cf8b513cfd596cffc3a7e456eccc198b8e409f5aaf624d5dbeecdd748dce0cef
                                        
                                            GET /_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.46
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57794
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 17:26:49 GMT
expires: Thu, 07 Dec 2023 17:26:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
age: 138614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (580)
Size:   57794
Md5:    813b15c3004464f6bd39fd0773b04757
Sha1:   bd2218fe1e647f61132aad70d29cd91fd0416f26
Sha256: 446c6d83404c0fc4bc1ca6e1c0895f9400309185a534b3f4b6d500e668efeadf
                                        
                                            GET /img/share_buttons_20_3.png HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         142.250.74.41
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 5080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 17:28:13 GMT
expires: Tue, 13 Dec 2022 17:28:13 GMT
cache-control: public, max-age=604800
last-modified: Tue, 06 Dec 2022 04:51:45 GMT
age: 224930
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size:   5080
Md5:    ad9999106d5f550920b586e8e1704e5a
Sha1:   93fd02c51166402a41f96509cd0ca3fb917877dd
Sha256: 3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3
                                        
                                            GET /34sjw2r.png HTTP/1.1 
Host: i55.tinypic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         143.204.55.72
HTTP/1.1 301 Moved Permanently
                                        
Content-Length: 0
Connection: keep-alive
Date: Fri, 09 Dec 2022 07:57:04 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7NXxL9Q0SVCOReZn8x5g-fYoxPWJKImMrTwIm6_duP7HQUGO2xfDlw==

                                        
                                            GET /pc/Kate%2BMoss%2BKate%2BMoss%2BPhotoshoot%2B7A4sPExSVpgl.jpg HTTP/1.1 
Host: www2.pictures.zimbio.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         151.101.1.187
HTTP/1.1 301 Moved Permanently
                                        
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://www2.pictures.zimbio.com/pc/Kate%2BMoss%2BKate%2BMoss%2BPhotoshoot%2B7A4sPExSVpgl.jpg
Accept-Ranges: bytes
Date: Fri, 09 Dec 2022 07:57:03 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1679-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1670572624.953597,VS0,VE0
X-Response-Time: 92
Strict-Transport-Security: max-age=31557600

                                        
                                            GET /pagead/js/google_top_exp.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         142.250.74.2
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Fri, 09 Dec 2022 07:02:46 GMT
Expires: Fri, 23 Dec 2022 07:02:46 GMT
Cache-Control: public, max-age=1209600
ETag: 13036835877489095579
Age: 3257


--- Additional Info ---
Magic:  ASCII text
Size:   67
Md5:    9bbc3ca32ec951a484589ce0e6b4db73
Sha1:   753d6f6183b33b2dee5dde2208fca91c17f5bb13
Sha256: b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
                                        
                                            GET /_oJpV6yalpOk/TShR3_k-DgI/AAAAAAAABts/z3u1uifRli8/s1600/The-best-top-desktop-anastacia-wallpapers-15-anastacia-wearing-leather-pants-and-black-top-and-thong-wallpaper.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         142.250.74.161
HTTP/1.1 404 Not Found
Content-Type: image/png
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Fri, 09 Dec 2022 07:57:03 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0


--- Additional Info ---
Magic:  PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Size:   832
Md5:    596246739a83bb45e30e13437e0810d9
Sha1:   203d99f5cb1f2c816d6f9974cc5a73cf412892a6
Sha256: 94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
                                        
                                            GET /celebrity-photos/elijah-kelly-eye-black-salute-directors-83rd-yDYhd3.jpg HTTP/1.1 
Host: www.exposay.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         104.21.21.20
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Date: Fri, 09 Dec 2022 07:57:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.exposay.com/celebrity-photos/elijah-kelly-eye-black-salute-directors-83rd-yDYhd3.jpg
Cache-Control: max-age=16070400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b30g6XEiveNZd7yoLJDAbLOh%2B4vpXCs2uAFkMcKYoEi%2Bdo0pyn8xqH8fpZL%2BeZWqsG0XopZtfDiJr5tkyy%2FnRsmibDppvFhNM%2F3lcP8sxObe9LhfLaHr2SpUlcChrdXkEVo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776c30130a95fab4-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /?if=1&scr_w=1280&scr_h=1024&blog=http%3A//jena-malone-fakes-news.blogspot.com/2011/10/kim-kardashian-curls-no-heat.html&ref=&l=celebrity HTTP/1.1 
Host: lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Upgrade-Insecure-Requests: 1

search
                                         81.17.29.150
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 625
date: Fri, 09 Dec 2022 07:57:03 GMT
server: nginx
set-cookie: sid=11c03b18-7797-11ed-af8c-f16db764a126; path=/; domain=.lostwebtracker.com; expires=Wed, 27 Dec 2090 11:11:10 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (625), with no line terminators
Size:   625
Md5:    dd67c7b6fe1db6bd2f5d2a532eaa16f4
Sha1:   c6c453a3aa7a5c69f4c0c52e16c0c181b092741c
Sha256: 8fdb186d5ab36a7758953b9e703a6c39444e318344e0474eafb03d237307aca1
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 07:07:55 GMT
age: 2949
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /images/goodbye.jpg HTTP/1.1 
Host: tinypic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://jena-malone-fakes-news.blogspot.com/
Connection: keep-alive

search
                                         143.204.55.72
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Content-Length: 15616
Connection: keep-alive
Last-Modified: Wed, 18 Sep 2019 21:23:53 GMT
Server: AmazonS3
Date: Fri, 09 Dec 2022 05:44:26 GMT
ETag: "32af06ac4b80d728f7e4c8780eb6b6d7"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DeDPLrDPC-XSLKe298V2ragURAc_tyaxmj9ancxEyJqref1s1XRMCA==
Age: 7959


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Size:   15616
Md5:    32af06ac4b80d728f7e4c8780eb6b6d7
Sha1:   dd3198f4361e94f2c3606474e04a629e42402d02
Sha256: f610dc2752e938d77dab1c4e9fb1f0f7f53b25e527d130ce4e034b7de09da053
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=146363
Date: Fri, 09 Dec 2022 07:57:04 GMT
Etag: "6392830b-117"
Expires: Sun, 11 Dec 2022 00:36:27 GMT
Last-Modified: Fri, 09 Dec 2022 00:36:27 GMT
Server: nginx
Content-Length: 279

                                        
                                            GET /img/logo-16.png HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         142.250.74.41
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 279
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 06 Dec 2022 07:09:35 GMT
Expires: Tue, 13 Dec 2022 07:09:35 GMT
Cache-Control: public, max-age=604800
Last-Modified: Mon, 05 Dec 2022 06:50:28 GMT
Age: 262049


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   279
Md5:    5ffecab6c722bb0adc3fce8d83b27993
Sha1:   0e59b05d3da526e82bb4f5d47c5d94e2a318dafb
Sha256: cca664ca16fde285160e80eae6ba4501c27b1dd1ce09aec1e84caa74b5baff53
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5081
Cache-Control: max-age=95669
Date: Fri, 09 Dec 2022 07:57:04 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:31:33 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /attachments/celebrity-pictures/215076d1254844415-katrina-bowden-red-dress-over-striped-bikini-beach-pool-miami-kb-5-.jpg HTTP/1.1 
Host: www.newsgab.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         69.64.61.161
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Fri, 09 Dec 2022 07:57:04 GMT
Content-Length: 261
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   261
Md5:    8d17551b48bf5d6a803d3d3f074f7463
Sha1:   42a9d667874fb2f79d92427c8997732da373e489
Sha256: d3217f37f5f31befdf7d4e3348ab0ccb3ef262396900457ae48bb2059edcdc0a
                                        
                                            GET /-9f_hQ7XBIvA/TWLsB6LB76I/AAAAAAAAARE/lHA-RFSlKDY/s1600/inside-victoria-justice-18-bday-06.JPG HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
ETag: "v111"
Expires: Sat, 10 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="inside-victoria-justice-18-bday-06.JPG"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Fri, 09 Dec 2022 07:57:04 GMT
Server: fife
Content-Length: 245807
X-XSS-Protection: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=7, description=Pictured: Nickelodeon's Victoria Justice celebrates her 18th birthday at Tru in Los Angeles on February 19th, 2011. , orientation=upper-left, software=Google], baseline, precision 8, 1222x815, components 3\012- data
Size:   245807
Md5:    e3310846442c711d94c7d7734cee4e51
Sha1:   efa6835cdb5b7b769e1b0340d4baf8478812466e
Sha256: c3d83ac7653d84f48dc540d74bb95816ded747470346f2408fd4401366c20fa6
                                        
                                            GET /-ycy2j6Mx9hE/TbKwO4AHiLI/AAAAAAAAAuE/ywybAtrNgec/s1600/kim-kardashian-plastic-9.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
ETag: "v2e1"
Expires: Sat, 10 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="kim-kardashian-plastic-9.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Fri, 09 Dec 2022 07:57:04 GMT
Server: fife
Content-Length: 19340
X-XSS-Protection: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 376x354, components 3\012- data
Size:   19340
Md5:    d49f0d75832c3460d1cd873d6886fd87
Sha1:   38da81d3f95e5cfff2385180e4cf51a3ea7f09b0
Sha256: c12208f207c374ce1c82c99f369b3376517787da0da5858c5cb3eed58cbd6f22
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "9E7CDCEC8498749C8F9918C212421BF3AEFA20AC5204E99DE64E3F4552E8482F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Dec 2022 13:57:04 GMT
Date: Fri, 09 Dec 2022 07:57:04 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pc/Kate%2BMoss%2BKate%2BMoss%2BPhotoshoot%2B7A4sPExSVpgl.jpg HTTP/1.1 
Host: www2.pictures.zimbio.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jena-malone-fakes-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.1.187
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx/1.4.6 (Ubuntu)
last-modified: Wed, 28 Sep 2011 15:10:29 GMT
etag: "4e8338e5-1b49e"
expires: Sun, 12 Mar 2023 07:57:04 GMT
cache-control: max-age=8035200, stale-while-revalidate=604800, stale-if-error=604800
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 09 Dec 2022 07:57:04 GMT
age: 0
x-served-by: cache-bfi-kbfi7400094-BFI, cache-bma1643-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1670572624.118480,VS0,VE175
x-response-time: 175263
strict-transport-security: max-age=31557600
content-length: 111774
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 396x594, components 3\012- data
Size:   111774
Md5:    9e509932a5fe57dc5b8585a954f02670
Sha1:   7562d2eb414e9a0f25ee1aa0190400677bb872b9
Sha256: e44da1cf89bbbeafee93846653c3c1f1307bbcafaa5906423cb52ccecc6d4894
                                        
                                            GET /2011/10/bal-steve-jobs-pic.jpg HTTP/1.1 
Host: baofoodanddrink.files.wordpress.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jena-malone-fakes-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.72.20
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Fri, 09 Dec 2022 07:57:04 GMT
content-length: 94435
last-modified: Fri, 07 Oct 2011 16:41:19 GMT
expires: Sat, 31 Dec 2022 04:33:38 GMT
x-orig-src: 01_mogdir
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: https://baofoodanddrink.wordpress.com
vary: Origin
x-nc: MISS arn 20 np
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1303x543, components 3\012- data
Size:   94435
Md5:    1bd4d168c13b1fba7bff29b420a7dce5
Sha1:   999ce5c317c624e63b5b6324becfb459c18b3a26
Sha256: 23c6b00f8a4b76837a2c786f9de9df0d040d1aaba4144f6330a8816e4a40499a
                                        
                                            GET /_gw74eml2a3o/TQuLPz0SJWI/AAAAAAAAEN4/VWPTVpLQ9Do/s1600/DSC_0329.JPG HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
ETag: "v177a"
Expires: Sat, 10 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="DSC_0329.JPG"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Fri, 09 Dec 2022 07:57:04 GMT
Server: fife
Content-Length: 180146
X-XSS-Protection: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 1600x1071, components 3\012- data
Size:   180146
Md5:    fbfb4416c54878b8e5dfd5f4bea5c7fc
Sha1:   491ea1736a08a9eecbc42d758ae22161988a8966
Sha256: 903d2fa868554c1a862e8c5b8e47263818b6408a74088975797373ba8dab5ac6
                                        
                                            GET /files/2010/01/03/3/192/1922729/ae420013ffea7098_anna-paquin.jpg HTTP/1.1 
Host: media.onsugar.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         151.101.129.91
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Connection: keep-alive
Content-Length: 48357
Last-Modified: Mon, 09 Jan 2017 03:38:19 GMT
ETag: "958dbe2e7e10e97a2ca331c01e818d92"
Server: AmazonS3
cache-control: max-age=2592000
Accept-Ranges: bytes
Date: Fri, 09 Dec 2022 07:57:04 GMT
Via: 1.1 varnish
Age: 0
X-Served-By: cache-bma1652-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1670572624.851261,VS0,VE516
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x519, components 3\012- data
Size:   48357
Md5:    958dbe2e7e10e97a2ca331c01e818d92
Sha1:   68ecf56256e744c8fe1218a256d87d287837b508
Sha256: ea32bb8c7e3c828e4106fb649616c17878c802c2901c5ef5d64a43d194361854
                                        
                                            GET /pics/la/hot_in_hollywood_-_arrivals_180808/helena_mattsson_5175983.jpg HTTP/1.1 
Host: www.contactmusic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jena-malone-fakes-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.202.7
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 09 Dec 2022 07:57:04 GMT
content-length: 67332
last-modified: Mon, 31 Oct 2016 03:17:13 GMT
etag: W/"5816b7b9-11eb0"
server1: 08
cache-control: public, max-age=31536000
x-vcache: MISS
x-cache-host: lb1
x-grace: none
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQLeVsA3WNhUXMU7m2zTOb8ZfFMqnv0xV%2Bptiik4ixXXiaKsxspb%2FbvJvcQ8YaNxuokYlsULfRsT5fA54ohqJj3TYeF5w0K0qdDaLAu6yZUFTyIR1W4OfVc4gvgXjrbdR9hke%2FACiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776c3014fbd2b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 500x767, components 3\012- data
Size:   67332
Md5:    b7a311425c6b36afe60061051fbe12f8
Sha1:   3ea6d2dd025123808e55ed000d61a3a66382909b
Sha256: 41a008ecc56b4beffcdfa7df989f2ccfc0a5a424d90f5225057dfe1459a3e645
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=146363
Date: Fri, 09 Dec 2022 07:57:04 GMT
Etag: "6392830b-117"
Expires: Sun, 11 Dec 2022 00:36:27 GMT
Last-Modified: Fri, 09 Dec 2022 00:36:27 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XZDvLnf0+yquIj1BBmsnew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.191.210.155
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nKcJLad6tPwOyJe+5c+bVmQjNr0=

                                        
                                            GET /dyn-css/authorization.css?targetBlogID=3149726064121069171&zx=bb111e9f-c32a-4cfe-895b-6acc1e8eaba0 HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.41
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 09 Dec 2022 07:57:04 GMT
last-modified: Fri, 09 Dec 2022 07:57:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   21
Md5:    a62e4d501434033d5d177e67d3aafdd0
Sha1:   34f7300c9ed47334cf10826d57af785321e3138b
Sha256: b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
                                        
                                            GET /navbar.g?targetBlogID=3149726064121069171&blogName=Mary-Margaret%27s+blog&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://jena-malone-fakes-news.blogspot.com/search&blogLocale=ro&v=2&homepageUrl=http://jena-malone-fakes-news.blogspot.com/&targetPostID=8787194792631882070&blogPostOrPageUrl=http://jena-malone-fakes-news.blogspot.com/2011/10/kim-kardashian-curls-no-heat.html&vt=693636708800616653&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__ HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.41
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 09 Dec 2022 07:57:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 2662
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3172)
Size:   2662
Md5:    5c26f39f4a0e9d90b7c2aa34897ef96d
Sha1:   35c4967d4a398f014c1ef6432a2e3997ba49e1b0
Sha256: ae7a4a99117f23fb0511a9f8c4eb2a625541ca883ae0a83319dddb73e79c786d
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9DD01B3437AC36574C07F57814F16E0328E17F1C1457AE46572884E562251A69"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Fri, 09 Dec 2022 13:56:46 GMT
Date: Fri, 09 Dec 2022 07:57:04 GMT
Connection: keep-alive

                                        
                                            GET /?blog=http%3A%2F%2Fjena-malone-fakes-news.blogspot.com%2F2011%2F10%2Fkim-kardashian-curls-no-heat.html&ch=1&if=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDU3OTgyMywiaWF0IjoxNjcwNTcyNjIzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc25oMXNxZ3R2cG5xN3U0bjQ0OXZyZTIiLCJuYmYiOjE2NzA1NzI2MjMsInRzIjoxNjcwNTcyNjIzOTk4NzAxfQ.MuoAFr6_EEc5jAlSHoyV6Mk2f_fEtsKudgYa4RmIuBI&l=celebrity&ref=&scr_h=1024&scr_w=1280&sid=11c03b18-7797-11ed-af8c-f16db764a126 HTTP/1.1 
Host: lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lostwebtracker.com/?if=1&scr_w=1280&scr_h=1024&blog=http%3A//jena-malone-fakes-news.blogspot.com/2011/10/kim-kardashian-curls-no-heat.html&ref=&l=celebrity
Upgrade-Insecure-Requests: 1

search
                                         81.17.29.150
HTTP/1.1 302 Found
                                        
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Fri, 09 Dec 2022 07:57:03 GMT
location: http://ww1.lostwebtracker.com
server: nginx
set-cookie: sid=11c03b18-7797-11ed-af8c-f16db764a126; path=/; domain=.lostwebtracker.com; expires=Wed, 27 Dec 2090 11:11:11 GMT; max-age=2147483647; HttpOnly


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   11
Md5:    32682312d17c7cbf18e73594f5570319
Sha1:   60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
Sha256: e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
                                        
                                            GET /site/wp-content/uploads/2010/05/IMG_6730-e1274318052856-386x580.jpg HTTP/1.1 
Host: www.redcarpetreport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         108.179.228.60
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Server: Apache
Location: https://www.redcarpetreport.com/site/wp-content/uploads/2010/05/IMG_6730-e1274318052856-386x580.jpg
Content-Length: 307
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   307
Md5:    7e0a556134b24fd1c60669ff261cb8c6
Sha1:   421e0d4ab67f4a720cb354ab4e5277071af82078
Sha256: 9152201e3704d8f257bd18b56c7da0591820bf2f93954f24aeaa93edbc220873
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
expires: Fri, 09 Dec 2022 07:57:04 GMT
date: Fri, 09 Dec 2022 07:57:04 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 665
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1034), with no line terminators
Size:   665
Md5:    34e37af4d526255a20a2056cd5f4addf
Sha1:   bcac186d6a49539e69a3f67aa08d0188966f5623
Sha256: 51a2c479b272414cb9d7e1ec62edffbad01217068b73d516d33cb8f26a4fc634
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 
Host: play.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.110
HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
                                        
access-control-allow-origin: https://www.blogger.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
date: Fri, 09 Dec 2022 07:57:04 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+944; expires=Sun, 08-Dec-2024 07:57:04 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 09 Dec 2022 07:57:04 GMT
cache-control: private
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 
Host: play.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
X-Goog-AuthUser: 0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 2975
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.110
HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
                                        
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://www.blogger.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-encoding: gzip
date: Fri, 09 Dec 2022 07:57:04 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=jZ0TIaFgHC3bVh1n67tWG5caP8loFteWx81WGmZLNogSu44nIqmsGEbZ_MaKI1VvD7e_KasUOJ8Id7rxXJ2r8LMnE9x4m8LYoxZmoCb_-F1Zs0bl36V9BozFxZCp7GsQ4auwKJXtAGFmXVWtaU0ijuwhZeDdzOQ5arOcAvvtEgA; expires=Sat, 10-Jun-2023 07:57:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none CONSENT=PENDING+710; expires=Sun, 08-Dec-2024 07:57:04 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 09 Dec 2022 07:57:04 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   131
Md5:    babb6f090aeebc6f421624475b4aefff
Sha1:   06079b7547949822c118224e51604f4c5ebf80c8
Sha256: b2fe8b91f31edc7284cc9690e90dd4a38d985598374df68967d917590beb55dd
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "9E7CDCEC8498749C8F9918C212421BF3AEFA20AC5204E99DE64E3F4552E8482F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Dec 2022 13:57:04 GMT
Date: Fri, 09 Dec 2022 07:57:04 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.211.3
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 13:40:02 GMT
expires: Thu, 07 Dec 2023 13:40:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
age: 152222
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (730)
Size:   162976
Md5:    79d18cf4265108d7cecca1bf4ada6109
Sha1:   e51d0285a545381d4c39e9e0292a650ffeeecbb9
Sha256: 59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
                                        
                                            GET /comment/frame/3149726064121069171?po=8787194792631882070&hl=ro&blogspotRpcToken=5043127 HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.41
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 09 Dec 2022 07:57:04 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-oLhDs40cOq_tZRpdOSLKTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/BloggerCommentUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/BloggerCommentUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/BloggerCommentUi/cspreport
cross-origin-resource-policy: same-site
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin; report-to="BloggerCommentUi"
report-to: {"group":"BloggerCommentUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/BloggerCommentUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=bxHol-YYBAHlKRS3sLI4taLZGnRvMAZrkWTbr52ZB9cOLHiTU8isZ7itrLZwSDingYmnumyWFKy0uApdjBq22_RUt9fVNXZ5oyl1J_IiPaFuVGWCuVOcQK1-gvLFgmqIMmjwsc9LyBYALQv5nqKebDdN1A-wGPVciVIJo-CNb58; expires=Sat, 10-Jun-2023 07:57:04 GMT; path=/; domain=.blogger.com; Secure; HttpOnly
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (33820)
Size:   17439
Md5:    b6cd30718411350623f381913df29ce5
Sha1:   7df3f2c796da8350b63b973fd7a1cb3e09401780
Sha256: 27bd14c4a6b18f7939a19f81f0ccfda4161ba72f62c1892308e730fb3ed61bbe
                                        
                                            GET /js/parking.2.100.2.js HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.lostwebtracker.com/

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: openresty
Date: Fri, 09 Dec 2022 07:57:04 GMT
Last-Modified: Mon, 14 Nov 2022 17:46:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (65536), with no line terminators
Size:   22285
Md5:    239c79e8ead12ade233b4b98f3a1d68d
Sha1:   ebb33fbc73ffa07c517270874bef61576c7aecf6
Sha256: 148cf1738ec4c4800fa6e1fa02ea75d6cc76c5d0096b11dc1af4b47ffbcf2d0b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2DE9EC7D6C1BCA92C804D2AEEE17D2D3E16BD8D9DCDFDE4AF139D7F5CBF1F431"
Last-Modified: Wed, 07 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21555
Expires: Fri, 09 Dec 2022 13:56:20 GMT
Date: Fri, 09 Dec 2022 07:57:05 GMT
Connection: keep-alive

                                        
                                            POST /_fd HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.lostwebtracker.com/
Content-Type: application/json
Origin: http://ww1.lostwebtracker.com
Connection: keep-alive
Content-Length: 0

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: openresty
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 09 Dec 2022 07:57:05 GMT
X-Version: 2.100.2
Set-Cookie: parking_session=845148a8-ac67-4d9b-b8dd-fff47d529757; expires=Fri, 09-Dec-2022 08:12:05 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (5369), with no line terminators
Size:   2665
Md5:    e0a0574c1d63279b498817d4c4d8e9be
Sha1:   def993e1b0ee58598e3af3146fd07350d07f42e5
Sha256: 95058acc1a4bee99629693f856616825af65bac528adb81370b50461886624e8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 21:46:16 GMT
expires: Fri, 08 Dec 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 36649
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size:   15552
Md5:    285467176f7fe6bb6a9c6873b3dad2cc
Sha1:   ea04e4ff5142ddd69307c183def721a160e0a64e
Sha256: 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
                                        
                                            GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Dec 2022 12:31:58 GMT
expires: Sun, 03 Dec 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 501907
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size:   15344
Md5:    5d4aeb4e5f5ef754e307d7ffaef688bd
Sha1:   06db651cdf354c64a7383ea9c77024ef4fb4cef8
Sha256: 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
                                        
                                            GET /px.gif?ch=1&rn=9.19330989163566 HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.lostwebtracker.com/

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Fri, 09 Dec 2022 07:57:05 GMT
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /px.gif?ch=2&rn=9.19330989163566 HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.lostwebtracker.com/

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Fri, 09 Dec 2022 07:57:05 GMT
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /2654/5709897801_43c4d29504.jpg HTTP/1.1 
Host: farm3.static.flickr.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         143.204.48.75
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: CloudFront
Date: Fri, 09 Dec 2022 07:57:05 GMT
Content-Length: 167
Connection: keep-alive
Location: https://farm3.static.flickr.com/2654/5709897801_43c4d29504.jpg
X-Cache: Redirect from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Lnb8FC5Myd461xLNbvXHQQ8wwQ0PYSzVU6sxJNMDrbFuzCI7_I0gtw==


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   167
Md5:    f5d40b7259645010f9a248858ad14178
Sha1:   b3051d17a6ec8c9e166bf09a62b48261ab86957b
Sha256: 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
                                        
                                            GET /2599/3814608132_9907e5d889.jpg HTTP/1.1 
Host: farm3.static.flickr.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         143.204.48.75
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: CloudFront
Date: Fri, 09 Dec 2022 07:57:05 GMT
Content-Length: 167
Connection: keep-alive
Location: https://farm3.static.flickr.com/2599/3814608132_9907e5d889.jpg
X-Cache: Redirect from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NBbB7Z13GVIFjTXbWWvMLg3fP6gNY_WLhrOolgX-y4aHgpYEsustCg==


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   167
Md5:    f5d40b7259645010f9a248858ad14178
Sha1:   b3051d17a6ec8c9e166bf09a62b48261ab86957b
Sha256: 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: jena-malone-fakes-news.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/2011/10/kim-kardashian-curls-no-heat.html

search
                                         142.250.74.33
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Expires: Fri, 09 Dec 2022 07:57:05 GMT
Date: Fri, 09 Dec 2022 07:57:05 GMT
Cache-Control: private, max-age=86400
Last-Modified: Sun, 27 Nov 2022 22:29:35 GMT
ETag: W/"cf7ed9944691a0811d5aae4f3b52016aa2878956bbb7e6cb5f9bc8696aca5408"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Size:   412
Md5:    501c61a70f5c41181aa050d9110909ca
Sha1:   5b985d5671a7caf686fdfb1df13488c4407f6c9f
Sha256: c4aaf001607ee331f6871b4dbbf45942b1e197726714fd106e46d70cc10ee97e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1 
Host: afs.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.217.21.161
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 06:17:47 GMT
expires: Sat, 10 Dec 2022 05:17:47 GMT
cache-control: public, max-age=82800
age: 5958
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Size:   278
Md5:    bb7fc36f627255dd4783f849dca0932e
Sha1:   80e89ef8f3c2c8ee982523757fce214ea7323a69
Sha256: 735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647
                                        
                                            GET /ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b HTTP/1.1 
Host: afs.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.217.21.161
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 272
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 14:18:20 GMT
expires: Fri, 09 Dec 2022 13:18:20 GMT
cache-control: public, max-age=82800
age: 63525
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Size:   272
Md5:    ab1acb76dd408583614a7a6cedf41866
Sha1:   e2d2d7074479023d37474ab62755b658d22d4ab1
Sha256: 8622edbe2503910e3cbeecef073a09e662fd2507436c3aabf885d155afd96565
                                        
                                            GET /s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 21:54:21 GMT
expires: Fri, 08 Dec 2023 21:54:21 GMT
cache-control: public, max-age=31536000
age: 36164
last-modified: Tue, 26 Apr 2022 14:38:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Size:   17156
Md5:    402cbe860d64ae2e13145e34cbc7889c
Sha1:   7af4691dc306b7583365b9ff2ead0c1f6db017c5
Sha256: da748253b458c5fc9c9a5e3c108b1cda280f52df4008702b9cea695ec23332aa
                                        
                                            GET /css?family=Michroma&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 07:57:05 GMT
date: Fri, 09 Dec 2022 07:57:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13765
Expires: Fri, 09 Dec 2022 11:46:30 GMT
Date: Fri, 09 Dec 2022 07:57:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13765
Expires: Fri, 09 Dec 2022 11:46:30 GMT
Date: Fri, 09 Dec 2022 07:57:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13765
Expires: Fri, 09 Dec 2022 11:46:30 GMT
Date: Fri, 09 Dec 2022 07:57:05 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/uploads/2011/02/pretty-little-liars-spencer-hair.jpg HTTP/1.1 
Host: smallscreenscoop.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         209.188.81.66
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://smallscreenscoop.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  data
Size:   1089
Md5:    b8f6c760bc6e3352b046896ddf4bc164
Sha1:   8d242539c3144ee15b92b67570608c2b845be890
Sha256: 7a6121c28ff0bf7b12686c504e29dec3768662ff5399f517af47d7a15dd07aab
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13765
Expires: Fri, 09 Dec 2022 11:46:30 GMT
Date: Fri, 09 Dec 2022 07:57:05 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 15319
etag: "7558222788f06623ddae6e883413e38e1146281e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7897
Md5:    8c3214044657f3b876d1f1848bca5684
Sha1:   7558222788f06623ddae6e883413e38e1146281e
Sha256: e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5530
x-amzn-requestid: adecbb8c-cec3-46a0-b32c-0026b8421fe5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4d8Fg6IAMF61g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903abf-4bcb385f27cb438c36a2cd5e;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UDD0v-1I1sFVMsJl64nQDe_hHExMrSLXPrbou_J79YEQf3YwS2oklA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 06:50:54 GMT
age: 3971
etag: "0d5969394b370a5c77c53ed58f55e5f8a45da3ab"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5530
Md5:    a22fc7807fb3337f0af5e546c7ad366a
Sha1:   0d5969394b370a5c77c53ed58f55e5f8a45da3ab
Sha256: 98b4f4fd27dc036697fb0328083bce6e691b7493428f3a54991087d9d1165d97
                                        
                                            GET /2599/3814608132_9907e5d889.jpg HTTP/1.1 
Host: farm3.static.flickr.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jena-malone-fakes-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.48.75
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 09 Dec 2022 07:57:05 GMT
edge-control: public, max-age=31536000
surrogate-control: public, max-age=31536000
cache-control: public, max-age=31536000
expires: Sat, 09 Dec 2023 07:57:05 GMT
imagewidth: 500
imageheight: 453
last-modified: Wed, 24 Apr 2019 08:56:48 GMT
etag: "a0789b0a4c73a7253f83ca8c73443186.1"
streaming: false
origintype: D
server: Jubilee
quote: "I'm not a kid anymore, I'm one of you, one of the X-Men. It means more to me than anything in the world."
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
powered-by: Mutation/1.0
hiring: Change the world of photography with us. https://www.flickr.com/jobs/
ourvalues: Grow Together (#1 of 5)
x-request-id: 4a2a00e7
x-frame-options: DENY
p3p: CP="This is not a P3P policy. We respect your privacy."
x-env: a=live, b=jubilee, c=4cf206a9, e=b1cfc1fdb4a90fbd7ed7449176940c7c057c6af1
x-ttfb: 0.0534
x-ttdb-l: 62868
mib: 2
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ylAoHJ-WYoAHH_1YUQuFPixuRw1Lpk3wpakwyphawd-n-vobkSEonw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 500x453, components 3\012- data
Size:   67708
Md5:    de74c77c5327a448d7e33640204e15c2
Sha1:   d058129d6353324c7f336392aedb9c1fd659a7d1
Sha256: aa2791833710d0d22ee7c19dec4ee62ba0d17f36100f147688bd17058ed1577a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47563cf2-d887-4c1d-a3b9-0b5151226171.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8709
x-amzn-requestid: 8c5094d3-3286-44db-bd3f-9369cd8220eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c2LYGGm6oAMFn1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63925900-2ea563bc1b5aa87a0ebd6251;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oHNHICPfq1U2qYhNmrtf5_56-jtn-zOMPGvBdhXICE493RfJ1cFCvA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:59:55 GMT
age: 35830
etag: "cac4e03ae9857def8b094e005647c3e49c34d686"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, max compression\012- data
Size:   62229
Md5:    6d49ab2b3bdff71b8c06569df8834447
Sha1:   ec265ad2026d34d822f8f197552b9d4579c20da0
Sha256: 58d630dceae8cf9b6ab4f5e4530c305caed9a6d4d92c70d0ac6aa06f0440d8c2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7Dp35PIr_WYUI1bBa21AvmCMEPi0d3jnhuS8eEk3Q3CXRcGWAnkD8g==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 17:01:04 GMT
age: 53761
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5188
Md5:    fba9a3854df65740512f96efe7442e58
Sha1:   8fbff7725c842d70e047c635a725723a9dc9c55a
Sha256: 6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 13:49:59 GMT
age: 65226
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   31786
Md5:    1e9de14b458014a55a69a360db0a2f2a
Sha1:   0af5b098f719ac370c462e4b71d7ecd1916471c7
Sha256: 7ee9183b4ec7ceb2d2f552adf33cb4a9531b61d126fe1984cfb75f8e0b585de0
                                        
                                            GET /wp-content/uploads/2010/09/kim-kardashian-thing-spanx-393x590.jpg HTTP/1.1 
Host: www.celebritybeautybuzz.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         3.130.253.23
HTTP/1.0 404 Not Found
content-type: text/html
                                        
cache-control: no-cache
x-reason: MediaRequest


--- Additional Info ---
Magic:  data
Size:   1132
Md5:    fe54c91a4d16c7a9bb86627c8595a35a
Sha1:   f8c7e00c0484f74dad59ee639e9462b88b05c009
Sha256: 1a0e56d3b0ec1a7aab73cdf1eae4cb252d99bfa13f73b442329e134e85e5fc92
                                        
                                            GET /js/parking.2.100.2.js HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.lostwebtracker.com/
Cookie: parking_session=3903f0ef-bba7-b704-2745-eff37624fa5f

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: openresty
Date: Fri, 09 Dec 2022 07:57:06 GMT
Last-Modified: Mon, 14 Nov 2022 17:46:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (65536), with no line terminators
Size:   22285
Md5:    239c79e8ead12ade233b4b98f3a1d68d
Sha1:   ebb33fbc73ffa07c517270874bef61576c7aecf6
Sha256: 148cf1738ec4c4800fa6e1fa02ea75d6cc76c5d0096b11dc1af4b47ffbcf2d0b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /_fd HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.lostwebtracker.com/
Content-Type: application/json
Origin: http://ww1.lostwebtracker.com
Connection: keep-alive
Cookie: parking_session=3903f0ef-bba7-b704-2745-eff37624fa5f
Content-Length: 0

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: openresty
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 09 Dec 2022 07:57:06 GMT
X-Version: 2.100.2
Set-Cookie: parking_session=3903f0ef-bba7-b704-2745-eff37624fa5f; expires=Fri, 09-Dec-2022 08:12:06 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (4109), with no line terminators
Size:   2110
Md5:    f71ca3c58d91d6a96e8585dac432def4
Sha1:   4b183cafb904b7b9ec264442758fa59cf1a7dd57
Sha256: 3511a06335f6325a4bc4387d9c5acd6b6bb4b349adc05503c90888bdbf125551

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /px.gif?ch=2&rn=3.7087213561081187 HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.lostwebtracker.com/
Cookie: parking_session=3903f0ef-bba7-b704-2745-eff37624fa5f

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Fri, 09 Dec 2022 07:57:06 GMT
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /px.gif?ch=1&rn=3.7087213561081187 HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.lostwebtracker.com/
Cookie: parking_session=3903f0ef-bba7-b704-2745-eff37624fa5f

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: openresty
Date: Fri, 09 Dec 2022 07:57:06 GMT
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.lostwebtracker.com/
Cookie: parking_session=3903f0ef-bba7-b704-2745-eff37624fa5f

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: openresty
Date: Fri, 09 Dec 2022 07:57:06 GMT
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-216.ec2.internal
Accept-Ranges: bytes

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gampad/cookie.js?domain=ww1.lostwebtracker.com&client=dp-bodis29_3ph_js&product=SAS&callback=__sasCookie HTTP/1.1 
Host: partner.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.lostwebtracker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.194
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 09 Dec 2022 07:57:06 GMT
server: cafe
cache-control: private
content-length: 248
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (376), with no line terminators
Size:   248
Md5:    82b6484277d8f27572a28f1262fbaf1f
Sha1:   8fe4bc76e21a53a81b78de2b4e5bfa7b3fe1fe91
Sha256: 58df84dd90b17b2c8f859f5b9c98125b8e3bbb0d852a974a95775215be647e5f
                                        
                                            GET /adsense/domains/caf.js HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.lostwebtracker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Fri, 09 Dec 2022 07:57:06 GMT
expires: Fri, 09 Dec 2022 07:57:06 GMT
cache-control: private, max-age=3600
etag: "14181701328128387770"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   55463
Md5:    b0cece73a89beecbc0cd0e015e77dd8d
Sha1:   a215e7b6c73b65164fd5270d22b29eb9544fb4a0
Sha256: e29552a3782103a39f0371e81e278593bfe7918f401ae93e0257e71a49be4856
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Michroma&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 07:57:06 GMT
date: Fri, 09 Dec 2022 07:57:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (390)
Size:   552
Md5:    3ae821533645aa6e503e21990703c050
Sha1:   7f98fde15e93e75afad6c3b8738e9d6ae7e53e46
Sha256: 2cad3d8109f565218b15713f3c3992b8301f949fc73dd8b28b8bb2a41887350f
                                        
                                            GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1 
Host: afs.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.217.21.161
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 06:17:47 GMT
expires: Sat, 10 Dec 2022 05:17:47 GMT
cache-control: public, max-age=82800
age: 5959
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Size:   278
Md5:    bb7fc36f627255dd4783f849dca0932e
Sha1:   80e89ef8f3c2c8ee982523757fce214ea7323a69
Sha256: 735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Dec 2022 07:57:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 21:54:21 GMT
expires: Fri, 08 Dec 2023 21:54:21 GMT
cache-control: public, max-age=31536000
age: 36165
last-modified: Tue, 26 Apr 2022 14:38:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Size:   17156
Md5:    402cbe860d64ae2e13145e34cbc7889c
Sha1:   7af4691dc306b7583365b9ff2ead0c1f6db017c5
Sha256: da748253b458c5fc9c9a5e3c108b1cda280f52df4008702b9cea695ec23332aa
                                        
                                            GET /s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ww1.lostwebtracker.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 21:55:50 GMT
expires: Tue, 05 Dec 2023 21:55:50 GMT
cache-control: public, max-age=31536000
age: 295276
last-modified: Mon, 18 Jul 2022 19:12:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 13888, version 1.0\012- data
Size:   13888
Md5:    099548fac114f5f6498c5c75b943581d
Sha1:   7505fcaf9f4fe36634352b322a9f5fed1256a9f6
Sha256: e36165510050fc4ef1d87cc430dd4d1d0f6a705c5f4aa7b3a97493921884bb05
                                        
                                            POST /_tr HTTP/1.1 
Host: ww1.lostwebtracker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.lostwebtracker.com/
Content-Type: application/json
Origin: http://ww1.lostwebtracker.com
Content-Length: 2161
Connection: keep-alive
Cookie: parking_session=3903f0ef-bba7-b704-2745-eff37624fa5f; __gsas=ID=3e21dd2e56093963:T=1670572626:S=ALNI_MZp4X4_JVdQE5n6GHIYe1IsaL_Rcg

search
                                         199.59.243.222
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: openresty
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 09 Dec 2022 07:57:06 GMT
X-Version: 2.100.2
Set-Cookie: parking_session=3903f0ef-bba7-b704-2745-eff37624fa5f; expires=Fri, 09-Dec-2022 08:12:06 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   22
Md5:    5cfde9b47de2d84bd26fc473632647c0
Sha1:   fd53c70631b6068328be57daec71bd94bf004d41
Sha256: 47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: exposay.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jena-malone-fakes-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.21.20
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
date: Fri, 09 Dec 2022 07:57:04 GMT
location: https://www.exposay.com/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HTGonw%2FNVZspUD5zUpAurAt73Hatp0r7zHU1kS1uZRc8eLisoBD4uPmMUmGsmCpPWMgmNJ%2BhW4nNGo%2BcU0HQNsJJdzYv6MezTQmQFD9%2B%2Bo1lazXZi08BCTGMGQTI6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776c30188d3c0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /celebrity-photos/elijah-kelly-eye-black-salute-directors-83rd-yDYhd3.jpg HTTP/1.1 
Host: www.exposay.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jena-malone-fakes-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.21.20
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
                                        
date: Fri, 09 Dec 2022 07:57:04 GMT
location: https://exposay.com
x-powered-by: PHP/8.0.26, PleskLin
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: max-age=16070400, must-revalidate
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FLtjuyivnFGJuTIe8bR7XK0RWfTNNY8v6uLo04eKkTTePVQDpXEtIggi%2Fr6lkOYXnn%2BoT1C0somlId%2BG71MtNBR5n9WaSPelbHdAqF0kNozQn9qyDKkievdagWwGYUVQHQk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776c3015cb2d0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /2654/5709897801_43c4d29504.jpg HTTP/1.1 
Host: farm3.static.flickr.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jena-malone-fakes-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.48.75
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
                                        
date: Fri, 09 Dec 2022 07:57:05 GMT
edge-control: public, max-age=300
surrogate-control: public, max-age=300
cache-control: public, max-age=300
expires: Fri, 09 Dec 2022 08:02:05 GMT
server: Jubilee
quote: "I'm not a kid anymore, I'm one of you, one of the X-Men. It means more to me than anything in the world."
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
powered-by: Mutation/1.0
hiring: Change the world of photography with us. https://www.flickr.com/jobs/
ourvalues: Deliver Awesome (#3 of 5)
x-request-id: 666697bb
x-frame-options: DENY
p3p: CP="This is not a P3P policy. We respect your privacy."
x-env: a=live, b=jubilee, c=21738c41, e=b1cfc1fdb4a90fbd7ed7449176940c7c057c6af1
x-ttfb: 0.0047
x-ttdb-l: 43
mib: 2
content-encoding: gzip
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ww4ZovTYwhiluvtIX9PYvFBveSZjl2CzkA1xIUthojJxevGH46DFbw==
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-content/uploads/2011/02/pretty-little-liars-fashion-emily-480x360.jpg HTTP/1.1 
Host: smallscreenscoop.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jena-malone-fakes-news.blogspot.com/

search
                                         209.188.81.66
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 09 Dec 2022 07:57:04 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://smallscreenscoop.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---