beny-asgar.blogspot.kr/
142.250.74.161302 Moved Temporarily 179 B IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 4c3753b9e118536f01d84442023ae729
16d7277182978ec8ec52d5feb457852fe42d4a3c
8ed7325096fce22a4e1280220b5ac242c13ac3afdbbff6ec5cb850a2bcccaca9
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: beny-asgar.blogspot.kr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://beny-asgar.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 26 Nov 2022 03:18:15 GMT
Expires: Sat, 26 Nov 2022 03:18:15 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 179
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7446
Expires: Sat, 26 Nov 2022 05:22:21 GMT
Date: Sat, 26 Nov 2022 03:18:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2531
Cache-Control: max-age=114910
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:15 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:13:25 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 03:17:29 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 46
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9674
Expires: Sat, 26 Nov 2022 05:59:29 GMT
Date: Sat, 26 Nov 2022 03:18:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: HCy3cTp1gWH1RccvwVfd9fuJYyTteIKOYkqzMhljaswmEfq0BepWdXjT7pV5QcOMvo3qQg0C6ek=
x-amz-request-id: CYXHD748Y2JY4FNT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 02:44:04 GMT
age: 2051
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 03:18:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
beny-asgar.blogspot.com/
142.250.74.161200 OK 17 kB IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4161)
Hash 7cfbd3e572393124704aff4e7d16b25d
bb82ecb665a9cb266cea8ab929e36c83d1fec797
e50b8d4b791c24ea6bc50101d83e069e5b9d8c23a6f4515c0334de102c0837c8
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: beny-asgar.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Sat, 26 Nov 2022 03:18:15 GMT
Date: Sat, 26 Nov 2022 03:18:15 GMT
Cache-Control: private, max-age=0
Last-Modified: Wed, 08 Dec 2021 13:23:37 GMT
ETag: W/"80008529397f1c4c3c203ef13a94c98ebe677a3390926966a95c3ad95a91a94a"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 17325
Server: GSE
beny-asgar.blogspot.com/js/cookienotice.js
142.250.74.161200 OK 2.0 kB URL HTTP/1.1 beny-asgar.blogspot.com/js/cookienotice.js
IP 142.250.74.161:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
Analyzer Verdict Alert fortinet Malware
GET /js/cookienotice.js HTTP/1.1
Host: beny-asgar.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
Date: Sat, 26 Nov 2022 03:18:15 GMT
Expires: Sat, 03 Dec 2022 03:18:15 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 25 Nov 2022 18:49:48 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
pagead2.googlesyndication.com/pagead/show_ads.js
142.250.74.34200 OK 36 kB URL HTTP/1.1 pagead2.googlesyndication.com/pagead/show_ads.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (3577)
Hash cab8d5014a86e55bd7b591c6e1ed9013
b74350b43fde379f39cdd52ca19f626a3f0cfb6c
c7d4be8ea157315195fdd15299a3c9297a30b3ef18f333836604ad7cdf24abea
GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Sat, 26 Nov 2022 03:18:15 GMT
Expires: Sat, 26 Nov 2022 03:18:15 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 10771998867557110048
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 36281
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 2a03384abe9f9728677b1f7b876b4694
41c1c401e79ac5b6edc6fc3cce8b4d085c565ac1
744b3562ef1851ca3c0413020ef5c40e71af514e6ff8da065f6ea9f846e70717
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 01f789642d92b84211d7a9391f4e55af
bfcdc40fa2e82882051aa26c61d81ffd98371506
66e2ca388a8696e08f992e3d34fe75dcccd99a0743605f3bf5e6c1c893750f24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
blogergadgets.googlecode.com/files/blogger-page-navi.v1.js
64.233.164.82404 Not Found 1.6 kB URL HTTP/1.1 blogergadgets.googlecode.com/files/blogger-page-navi.v1.js
IP 64.233.164.82:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 53e8ba9d78d716ac415992baf2b8b52d
69ea09f7d14e71a1b6dc56f79d87ed9fbc94c208
a3cee3ae6a29f4ec7f4b01193da8a9e56e5fc52aa721e9d549cf7b8cf7081b49
GET /files/blogger-page-navi.v1.js HTTP/1.1
Host: blogergadgets.googlecode.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1590
Date: Sat, 26 Nov 2022 03:18:16 GMT
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3201
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Last-Modified: Sat, 26 Nov 2022 02:24:55 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
216.58.207.201200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
IP 216.58.207.201:0
File type ASCII text, with very long lines (30596)
Hash 6f46e6f68353c7911fe34f31faa1518f
ea4dbfa2f87c18e9c51c59a32dfa9afb9c2c3472
0be7e26374fcff6f423b88e5f2a05d1cfdcb56abb4a78fa125e391989782ae0f
GET /static/v1/widgets/55013136-widget_css_bundle.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 20:32:38 GMT
expires: Wed, 22 Nov 2023 20:32:38 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Nov 2022 12:53:21 GMT
content-type: text/css
age: 283538
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b7757171f2e55c37975a5bcdeba7a4ae
1ce146a166c3c1d510d26c855321ca4b2426353d
7675dc8e0d7a554bf286e61db1c9546aa6fc7188cb83c3d9bd5beb80c2351fe5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 01f789642d92b84211d7a9391f4e55af
bfcdc40fa2e82882051aa26c61d81ffd98371506
66e2ca388a8696e08f992e3d34fe75dcccd99a0743605f3bf5e6c1c893750f24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/js/platform.js
142.250.74.174200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1279)
Hash 7ac44ef24e267df17ff72f195b252806
62db12d9ce11a576ccd7fa3544d851c5fd42f3b7
aae7897e7b55999c1b3166309381d19ac488dced51e14071339d8b193a686a61
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Sat, 26 Nov 2022 03:18:16 GMT
expires: Sat, 26 Nov 2022 03:18:16 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/2342155703-widgets.js
216.58.207.201200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2342155703-widgets.js
IP 216.58.207.201:0
File type ASCII text, with very long lines (2221)
Hash 1217c8e34acb09c7cea97bae4d386ea1
55ee17703d0a7710943e93913bacb49220d98b4b
c2f23437ab938096bf8b40de8b08c4f27bb880b7ef8588481ec5ccc08b58870b
GET /static/v1/widgets/2342155703-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 16:02:03 GMT
expires: Tue, 21 Nov 2023 16:02:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 00:52:59 GMT
content-type: text/javascript
age: 386173
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6983392700438f228fa9b5bba4594fc5
d27c65105b44a2e1ff7663ba0021a475b5b30cd2
557627dbab910f61773f0f818efc6b18bb2b5816175199b997684a799c1c97e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 65992aeb8efb9a0b8fd59687090733fe
526a2afccc93d32849185d153fafe44b72797df9
b6677984b6c3602d7b62df776158c09a3e57eec4c0edbddafb0624200715f10e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 03:08:53 GMT
cache-control: public,max-age=3600
age: 563
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha1_TosRmYaIZ_Oy-SIYn75QDZgnkQ7dW_0aMnk8sAplTrtUmytFdzQcA6chYi-6eNt3wZvx5xBqHipOvjztVUc1vhvao-_on21mpIxPqT4PCx2wp-Qy71RnVnxcdxAalfDNQ3F-fn4SfQ61QTOsims_ea1lsQ=w72-h72-p-k-no-nu
142.250.74.33404 Not Found 1.8 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha1_TosRmYaIZ_Oy-SIYn75QDZgnkQ7dW_0aMnk8sAplTrtUmytFdzQcA6chYi-6eNt3wZvx5xBqHipOvjztVUc1vhvao-_on21mpIxPqT4PCx2wp-Qy71RnVnxcdxAalfDNQ3F-fn4SfQ61QTOsims_ea1lsQ=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 991b3533835f96af3eb46dc2808995e9
f45988ee430254cf0fd5d2ce41fe791bbb6b77c6
f0a55ced8bb05dc5bdf48ec2393512578b831eb3afa55117be03756672cf8846
GET /blogger_img_proxy/ANbyha1_TosRmYaIZ_Oy-SIYn75QDZgnkQ7dW_0aMnk8sAplTrtUmytFdzQcA6chYi-6eNt3wZvx5xBqHipOvjztVUc1vhvao-_on21mpIxPqT4PCx2wp-Qy71RnVnxcdxAalfDNQ3F-fn4SfQ61QTOsims_ea1lsQ=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 26 Nov 2022 03:18:16 GMT
server: fife
content-length: 1759
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b7757171f2e55c37975a5bcdeba7a4ae
1ce146a166c3c1d510d26c855321ca4b2426353d
7675dc8e0d7a554bf286e61db1c9546aa6fc7188cb83c3d9bd5beb80c2351fe5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.downloadfilmescompletos.com/wp-content/themes/Download-Filmes-Completos/js/swfobject.js
190.2.139.23200 OK 7.1 kB URL HTTP/1.1 www.downloadfilmescompletos.com/wp-content/themes/Download-Filmes-Completos/js/swfobject.js
IP 190.2.139.23:0
ASN #49981 WorldStream B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (17618)
Hash 3461663042f8093f96d5578e66bac183
0c340dc41d1d0468b38c177e86cbb72fea5da932
8034a29a2472386afefb69c65e24eb285d46a6270970e26b505ae0caeb199a11
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Download-Filmes-Completos/js/swfobject.js HTTP/1.1
Host: www.downloadfilmescompletos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 26 Nov 2022 03:18:16 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
X-Powered-By: PHP/7.2.34
Content-Encoding: gzip
i42.tinypic.com/219rpc3.jpg
143.204.55.64301 Moved Permanently 0 B URL HTTP/1.1 i42.tinypic.com/219rpc3.jpg
IP 143.204.55.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /219rpc3.jpg HTTP/1.1
Host: i42.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 18:20:04 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ob36Ge7WuA7iY-bliaBm2fs9NeIU62oNuqHcVxNlSsfLwz6sh9qxfQ==
Age: 32293
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
142.250.74.34200 OK 67 B URL HTTP/1.1 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 142.250.74.34:0
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Fri, 25 Nov 2022 22:47:20 GMT
Expires: Fri, 09 Dec 2022 22:47:20 GMT
Cache-Control: public, max-age=1209600
Age: 16256
ETag: 13036835877489095579
Content-Type: text/javascript; charset=UTF-8
push.services.mozilla.com/
34.214.236.46101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.236.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j77rkhmrUt5HQ+Fp2C6I3g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7uDn6SzOMbffgNoD0XmDLsYhy30=
i40.tinypic.com/250pbbr.jpg
143.204.55.72301 Moved Permanently 0 B URL HTTP/1.1 i40.tinypic.com/250pbbr.jpg
IP 143.204.55.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /250pbbr.jpg HTTP/1.1
Host: i40.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 09:12:15 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: I4AVSjbE5q_zYhmSucUz2jHqvq3tWLx8jDWIo0MVr9qsV_Cb1-Ma5g==
Age: 65162
i40.tinypic.com/330tsuq.jpg
143.204.55.72301 Moved Permanently 0 B URL HTTP/1.1 i40.tinypic.com/330tsuq.jpg
IP 143.204.55.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /330tsuq.jpg HTTP/1.1
Host: i40.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Sat, 26 Nov 2022 02:03:58 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: s11dJsqSVWQP-PLJC16xeSQLB4WkhLt_KP8Kbb4p8U58dNZoIaYHlw==
Age: 4459
i41.tinypic.com/r0dnrr.jpg
143.204.55.64301 Moved Permanently 0 B URL HTTP/1.1 i41.tinypic.com/r0dnrr.jpg
IP 143.204.55.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r0dnrr.jpg HTTP/1.1
Host: i41.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 14:23:58 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: q0JshmWCBkPDAZjIBqttC-5hLAcOl6wqqYp1JPiG84iQS4bMX--yqQ==
Age: 46459
www.downloadfilmescompletos.com/wp-content/themes/Download-Filmes-Completos/images/topo-bg.jpg
190.2.139.23301 Moved Permanently 0 B URL HTTP/1.1 www.downloadfilmescompletos.com/wp-content/themes/Download-Filmes-Completos/images/topo-bg.jpg
IP 190.2.139.23:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/themes/Download-Filmes-Completos/images/topo-bg.jpg HTTP/1.1
Host: www.downloadfilmescompletos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.2
Date: Sat, 26 Nov 2022 03:18:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
Location: https://sex-paradise.com.ua/frontend/assets/images/main-logo.png
i43.tinypic.com/n9d10.jpg
143.204.55.79301 Moved Permanently 0 B URL HTTP/1.1 i43.tinypic.com/n9d10.jpg
IP 143.204.55.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /n9d10.jpg HTTP/1.1
Host: i43.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 18:48:09 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pqL4M2OmpqKE0MxNzdTKHFoMkHCWyuNKoFKkFUbm7HPEEkKIvVVtEA==
Age: 30608
i40.tinypic.com/2wly846.jpg
143.204.55.72301 Moved Permanently 0 B URL HTTP/1.1 i40.tinypic.com/2wly846.jpg
IP 143.204.55.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2wly846.jpg HTTP/1.1
Host: i40.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 17:10:47 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wArdAV3OeyDHRdxb9C7Qo0DKSjFQv9_1EZsCv3GykAB-l_cXmyirxQ==
Age: 36450
i44.tinypic.com/2h2qphv.jpg
143.204.55.72301 Moved Permanently 0 B URL HTTP/1.1 i44.tinypic.com/2h2qphv.jpg
IP 143.204.55.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2h2qphv.jpg HTTP/1.1
Host: i44.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 18:48:09 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rse8VR5GkVEmTPhWZQK6GBtg5nQ06yfITcLIW4sI6oVMDCMd12h-KA==
Age: 30608
i44.tinypic.com/9qb8z9.jpg
143.204.55.72301 Moved Permanently 0 B URL HTTP/1.1 i44.tinypic.com/9qb8z9.jpg
IP 143.204.55.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /9qb8z9.jpg HTTP/1.1
Host: i44.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 14:24:03 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wyZAvCMQyu7mDMfSSi6WhwaYubuUmYEwnXw_kcnUpJ22_QqjjA82HA==
Age: 46454
i40.tinypic.com/2nv6kr6.jpg
143.204.55.72301 Moved Permanently 0 B URL HTTP/1.1 i40.tinypic.com/2nv6kr6.jpg
IP 143.204.55.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2nv6kr6.jpg HTTP/1.1
Host: i40.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 17:10:46 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: D2M-5QotVjmBNrRcvbslCaPr--FSwefBLOHs3WcrJNOzIXYj9hDy0g==
Age: 36451
i39.tinypic.com/nzr6f6.jpg
143.204.55.100301 Moved Permanently 0 B URL HTTP/1.1 i39.tinypic.com/nzr6f6.jpg
IP 143.204.55.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nzr6f6.jpg HTTP/1.1
Host: i39.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 15:33:17 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: znbEClJWNoeUBsWejweZsydN8qrb0kmvNRxxO-4OYJatKa2gSWkEwQ==
Age: 42300
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i41.tinypic.com/69kdmp.jpg
143.204.55.64301 Moved Permanently 0 B URL HTTP/1.1 i41.tinypic.com/69kdmp.jpg
IP 143.204.55.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /69kdmp.jpg HTTP/1.1
Host: i41.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 16:35:29 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: e4w7cG0QT9fIGQ1BXD5NvWkzlTK100iCUEmh_RzWxNN8KDNzOJ5-3w==
Age: 38568
i40.tinypic.com/14bpymu.jpg
143.204.55.72301 Moved Permanently 0 B URL HTTP/1.1 i40.tinypic.com/14bpymu.jpg
IP 143.204.55.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /14bpymu.jpg HTTP/1.1
Host: i40.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 12:52:28 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WaacP9DQlpWfK_a2_C1-S-X-bJsNmfkbuDZr-S_Qld0ShWUHDF_txg==
Age: 51949
tinypic.com/images/goodbye.jpg
143.204.55.64200 OK 16 kB URL HTTP/1.1 tinypic.com/images/goodbye.jpg
IP 143.204.55.64:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 32af06ac4b80d728f7e4c8780eb6b6d7
dd3198f4361e94f2c3606474e04a629e42402d02
f610dc2752e938d77dab1c4e9fb1f0f7f53b25e527d130ce4e034b7de09da053
GET /images/goodbye.jpg HTTP/1.1
Host: tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://beny-asgar.blogspot.com/
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 15616
Connection: keep-alive
Last-Modified: Wed, 18 Sep 2019 21:23:53 GMT
Server: AmazonS3
Date: Sat, 26 Nov 2022 01:36:36 GMT
ETag: "32af06ac4b80d728f7e4c8780eb6b6d7"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: eIXbse4t_HwFJXtcVuQGfDtw5oPtGyHnelxxHFGEPNq1-lbbivrV_g==
Age: 6205
i44.tinypic.com/2nbeu04.jpg
143.204.55.72301 Moved Permanently 0 B URL HTTP/1.1 i44.tinypic.com/2nbeu04.jpg
IP 143.204.55.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2nbeu04.jpg HTTP/1.1
Host: i44.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Sat, 26 Nov 2022 03:18:17 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jFlexHnb5YpZWduiidCL3PSjtP9ZziT9gAGG9tpc86S5JDYR8FQAsQ==
1.bp.blogspot.com/-BjsdIzTceO4/Tr1YmuWalfI/AAAAAAAAACM/zvTHZRk96rk/s320/1_google_logo.jpg
142.250.74.161200 OK 12 kB URL HTTP/1.1 1.bp.blogspot.com/-BjsdIzTceO4/Tr1YmuWalfI/AAAAAAAAACM/zvTHZRk96rk/s320/1_google_logo.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x226, components 3\012- data
Hash 7e43b893b0876288f414c50f26a1ae0c
76615852859a5b9601667e8b44b232eb013b9b9c
d47503103301872e674a664a1160b52a9924230ad4a8df25b5921ed342fb5bac
GET /-BjsdIzTceO4/Tr1YmuWalfI/AAAAAAAAACM/zvTHZRk96rk/s320/1_google_logo.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v23"
Expires: Sun, 27 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="1_google_logo.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sat, 26 Nov 2022 03:18:16 GMT
Server: fife
Content-Length: 12354
X-XSS-Protection: 0
1.bp.blogspot.com/-BjsdIzTceO4/Tr1YmuWalfI/AAAAAAAAACM/zvTHZRk96rk/w72-h72-p-k-no-nu/1_google_logo.jpg
142.250.74.161200 OK 2.7 kB URL HTTP/1.1 1.bp.blogspot.com/-BjsdIzTceO4/Tr1YmuWalfI/AAAAAAAAACM/zvTHZRk96rk/w72-h72-p-k-no-nu/1_google_logo.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash a400355e23e691f1877df577479e16ec
6cbe5c5f4baaabf368b3453031523eb0ba76a633
ab67925e38ac25449d7f3c65360bbabeb12607f8357fc1ebc2f7a92c1c49e24e
GET /-BjsdIzTceO4/Tr1YmuWalfI/AAAAAAAAACM/zvTHZRk96rk/w72-h72-p-k-no-nu/1_google_logo.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v23"
Expires: Sun, 27 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="1_google_logo.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sat, 26 Nov 2022 03:18:16 GMT
Server: fife
Content-Length: 2737
X-XSS-Protection: 0
26-1.blogspot.com/
142.250.74.161200 OK 13 kB IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (11427)
Hash a5fc03cea44efe4fa8e23285f72de3f8
58777c6b80cfdbd10ca2d8f80b9d0e6aacf3f6fa
d1db95b581c5135413ed0153d76dab9b8f537c3b28246dfa4f2227741a0bbcae
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: 26-1.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
X-Robots-Tag: noindex, nofollow
Content-Type: text/html; charset=UTF-8
Expires: Sat, 26 Nov 2022 03:18:16 GMT
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: private, max-age=0
Last-Modified: Tue, 07 Dec 2021 16:35:57 GMT
ETag: W/"01c712d9c817fb0cdc8b26ccf3b9db4dadcce3768da0e4f943b64862546fe831"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 13064
Server: GSE
blogergadgets.googlecode.com/files/blogger-page-navi.v1.js
64.233.164.82404 Not Found 1.6 kB URL HTTP/1.1 blogergadgets.googlecode.com/files/blogger-page-navi.v1.js
IP 64.233.164.82:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 53e8ba9d78d716ac415992baf2b8b52d
69ea09f7d14e71a1b6dc56f79d87ed9fbc94c208
a3cee3ae6a29f4ec7f4b01193da8a9e56e5fc52aa721e9d549cf7b8cf7081b49
GET /files/blogger-page-navi.v1.js HTTP/1.1
Host: blogergadgets.googlecode.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1590
Date: Sat, 26 Nov 2022 03:18:16 GMT
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4d17d6b2d60f8743bbe6ee8a65049a02
ad31785007fefa4ed78b73bec48b627866a29635
61b726a3af7506eec4d5a222cfc5d0d6b4e43c4083004fb3a79ce8d9927bb484
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61B726A3AF7506EEC4D5A222CFC5D0D6B4E43C4083004FB3A79CE8D9927BB484"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9421
Expires: Sat, 26 Nov 2022 05:55:17 GMT
Date: Sat, 26 Nov 2022 03:18:16 GMT
Connection: keep-alive
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6704957484474347&plah=beny-asgar.blogspot.com
142.250.74.34200 OK 120 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6704957484474347&plah=beny-asgar.blogspot.com
IP 142.250.74.34:0
File type ASCII text, with very long lines (6090)
Size 120 kB (119607 bytes)
Hash 527ec59e189cffc72688efb994965e29
5699ff328c939614f27508180152ef3d15dbf186
b917be253388772bdd6e956938c716d40c62e5f6b7b3256f00cd77e7f6b3a9e3
GET /pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6704957484474347&plah=beny-asgar.blogspot.com HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 26 Nov 2022 03:18:16 GMT
expires: Sat, 26 Nov 2022 03:18:16 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 17968436261579759140
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 119607
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.downloadfilmescompletos.com/wp-content/themes/Download-Filmes-Completos/images/geral-rodape.jpg
190.2.139.23301 Moved Permanently 0 B URL HTTP/1.1 www.downloadfilmescompletos.com/wp-content/themes/Download-Filmes-Completos/images/geral-rodape.jpg
IP 190.2.139.23:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/themes/Download-Filmes-Completos/images/geral-rodape.jpg HTTP/1.1
Host: www.downloadfilmescompletos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.2
Date: Sat, 26 Nov 2022 03:18:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
Location: https://sex-paradise.com.ua/frontend/assets/images/main-logo.png
26-1.blogspot.com/js/cookienotice.js
142.250.74.161200 OK 2.0 kB URL HTTP/1.1 26-1.blogspot.com/js/cookienotice.js
IP 142.250.74.161:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
Analyzer Verdict Alert fortinet Malware
GET /js/cookienotice.js HTTP/1.1
Host: 26-1.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://26-1.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
Date: Sat, 26 Nov 2022 03:18:16 GMT
Expires: Sat, 03 Dec 2022 03:18:16 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 25 Nov 2022 18:49:48 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
i41.tinypic.com/2w53ucw.jpg
143.204.55.64301 Moved Permanently 0 B URL HTTP/1.1 i41.tinypic.com/2w53ucw.jpg
IP 143.204.55.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2w53ucw.jpg HTTP/1.1
Host: i41.tinypic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Connection: keep-alive
Date: Fri, 25 Nov 2022 14:24:36 GMT
Location: http://tinypic.com/images/goodbye.jpg
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2tOF79yW7zLuTFZVn9XgEqMJFF3TRtWi36mokUJMYADq8ITFRzwRgQ==
Age: 46420
www.google.com/images/logo_sm.gif
142.250.74.164200 OK 2.5 kB URL HTTP/1.1 www.google.com/images/logo_sm.gif
IP 142.250.74.164:0
File type GIF image data, version 89a, 150 x 55\012- data
Hash 2f4e60912cab3365cf55dd03a13a3cbb
999505ef27b4e4ae2467f7fc8619f11afd5bbaa0
a331d0dc7689a007cd7da459bb7bc287a2ea01331afcc85c4169e1aeab07b371
GET /images/logo_sm.gif HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://26-1.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Length: 2517
Date: Sat, 26 Nov 2022 03:18:16 GMT
Expires: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: private, max-age=31536000
Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sex-paradise.com.ua/frontend/assets/images/main-logo.png
190.2.134.192200 OK 14 kB URL HTTP/1.1 sex-paradise.com.ua/frontend/assets/images/main-logo.png
IP 190.2.134.192:0
ASN #49981 WorldStream B.V.
File type PNG image data, 160 x 69, 8-bit/color RGB, non-interlaced\012- data
Hash fd5e189c3440bc8d68c6e3ba5d782dfa
f1269b884ffcf8a6bd419ae1e92bb0e52fb755d4
3dd80a7ff6210d4c7cac5cf3d90d6155c108a6d1f3b0026d85997e8ae7e02e4a
GET /frontend/assets/images/main-logo.png HTTP/1.1
Host: sex-paradise.com.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://beny-asgar.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sat, 26 Nov 2022 03:18:16 GMT
Content-Type: image/png
Content-Length: 14460
Last-Modified: Mon, 26 Sep 2016 15:39:01 GMT
Connection: keep-alive
ETag: "57e94115-387c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000, max-age=31536000, public
Accept-Ranges: bytes
2.bp.blogspot.com/-zs_qwVkfRV0/Trv6TobCxsI/AAAAAAAAABs/76fTdMJ653g/s320/butterfly10.jpg
142.250.74.161200 OK 20 kB URL HTTP/1.1 2.bp.blogspot.com/-zs_qwVkfRV0/Trv6TobCxsI/AAAAAAAAABs/76fTdMJ653g/s320/butterfly10.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x209, components 3\012- data
Hash 277ffe3702a5a0cedc689ffd064e1ec6
024e77e772d31a48f8b453e64c45acb6d8de217c
981bf97f962ef1927269f92261d59d4995dbe00a08661123488dc8880a7326c7
GET /-zs_qwVkfRV0/Trv6TobCxsI/AAAAAAAAABs/76fTdMJ653g/s320/butterfly10.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v1b"
Expires: Sun, 27 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="butterfly10.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sat, 26 Nov 2022 03:18:16 GMT
Server: fife
Content-Length: 20467
X-XSS-Protection: 0
3.bp.blogspot.com/-KmtY8XKlfpA/Trv6T0T6QuI/AAAAAAAAAB8/gtpjKoqe2wI/s320/butterfly11.jpg
142.250.74.161200 OK 29 kB URL HTTP/1.1 3.bp.blogspot.com/-KmtY8XKlfpA/Trv6T0T6QuI/AAAAAAAAAB8/gtpjKoqe2wI/s320/butterfly11.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x236, components 3\012- data
Hash a7a49b181d5582eeb6760c5d550a3bfb
fb2c63437dab7dc775da0e1044c5dfc428f75257
21184d47b82774235ded19ef56f959d54bcfe30897a938ef28b11eb1fb142772
GET /-KmtY8XKlfpA/Trv6T0T6QuI/AAAAAAAAAB8/gtpjKoqe2wI/s320/butterfly11.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v1f"
Expires: Sun, 27 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="butterfly11.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sat, 26 Nov 2022 03:18:16 GMT
Server: fife
Content-Length: 28847
X-XSS-Protection: 0
1.bp.blogspot.com/-XPE-8h7l-BU/Trv6SvoNzrI/AAAAAAAAABY/0H1G9XgWcC8/s320/butterfly14.jpg
142.250.74.161200 OK 33 kB URL HTTP/1.1 1.bp.blogspot.com/-XPE-8h7l-BU/Trv6SvoNzrI/AAAAAAAAABY/0H1G9XgWcC8/s320/butterfly14.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x213, components 3\012- data
Hash e1b5f2debe2000df2431d469af2639a1
af96b4707348d19ce1a484dcaa07eab349602c09
aa5e11d7df90a54dcc8fc8190479225572fae3741f693ed82ad1fb6c577ec7d3
GET /-XPE-8h7l-BU/Trv6SvoNzrI/AAAAAAAAABY/0H1G9XgWcC8/s320/butterfly14.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v16"
Expires: Sun, 27 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="butterfly14.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sat, 26 Nov 2022 03:18:16 GMT
Server: fife
Content-Length: 33123
X-XSS-Protection: 0
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 490d1c41e2c1a3eab342897ce2cd7cf9
7149af5d9797e2164e27017a232d8ab4486ea468
fe9ddbc5c58cab3d45c1f557244d72009e8ba777d57c308650fd828a785db291
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE9DDBC5C58CAB3D45C1F557244D72009E8BA777D57C308650FD828A785DB291"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14946
Expires: Sat, 26 Nov 2022 07:27:22 GMT
Date: Sat, 26 Nov 2022 03:18:16 GMT
Connection: keep-alive
1.bp.blogspot.com/-Tn0IwH4Cbek/Trv6Tbe6ByI/AAAAAAAAABg/laFRqjU_KvE/s320/butterfly15.jpg
142.250.74.161200 OK 31 kB URL HTTP/1.1 1.bp.blogspot.com/-Tn0IwH4Cbek/Trv6Tbe6ByI/AAAAAAAAABg/laFRqjU_KvE/s320/butterfly15.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x242, components 3\012- data
Hash 449ba98cc4c9eb24ce86d40db9b78c67
a9f69377bca4ab81765bd772efeae21853b4cbcb
da08fc4ce4ae9cf21dbab6d9c3c3fe0f82e8c299f2a3b5cabd30bed8606a60d7
GET /-Tn0IwH4Cbek/Trv6Tbe6ByI/AAAAAAAAABg/laFRqjU_KvE/s320/butterfly15.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v18"
Expires: Sun, 27 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="butterfly15.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sat, 26 Nov 2022 03:18:16 GMT
Server: fife
Content-Length: 30932
X-XSS-Protection: 0
1.bp.blogspot.com/-cnKLKCzoASY/Trv6SRy-NeI/AAAAAAAAABI/RsCMXHTZyNo/s320/butterfly13.jpg
142.250.74.161200 OK 32 kB URL HTTP/1.1 1.bp.blogspot.com/-cnKLKCzoASY/Trv6SRy-NeI/AAAAAAAAABI/RsCMXHTZyNo/s320/butterfly13.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x192, components 3\012- data
Hash e1d985fcddd264aee9a6e7dd2434b393
a7ac2004541084b88fa4f79e71628e8eda985728
84944442d0f8425e4797caa09f79d37b8d95dcdda50c822cbe50cf59eb796cbe
GET /-cnKLKCzoASY/Trv6SRy-NeI/AAAAAAAAABI/RsCMXHTZyNo/s320/butterfly13.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v12"
Expires: Sun, 27 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="butterfly13.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sat, 26 Nov 2022 03:18:16 GMT
Server: fife
Content-Length: 32174
X-XSS-Protection: 0
1.bp.blogspot.com/-cnKLKCzoASY/Trv6SRy-NeI/AAAAAAAAABI/RsCMXHTZyNo/w72-h72-p-k-no-nu/butterfly13.jpg
142.250.74.161200 OK 5.2 kB URL HTTP/1.1 1.bp.blogspot.com/-cnKLKCzoASY/Trv6SRy-NeI/AAAAAAAAABI/RsCMXHTZyNo/w72-h72-p-k-no-nu/butterfly13.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash cad526c67a7d177c5e8063cdaa91b6c6
0373a6417f2c0de548407d2d7ad479695f7bd98c
741309979802c83fa5a476f0f1801b1c9e1d3e7b17c448c42cc0f293513ccbc6
GET /-cnKLKCzoASY/Trv6SRy-NeI/AAAAAAAAABI/RsCMXHTZyNo/w72-h72-p-k-no-nu/butterfly13.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v12"
Expires: Sun, 27 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="butterfly13.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sat, 26 Nov 2022 03:18:16 GMT
Server: fife
Content-Length: 5161
X-XSS-Protection: 0
cleverjump.org/counter.js
217.23.10.44200 OK 5.6 kB URL HTTP/1.1 cleverjump.org/counter.js
IP 217.23.10.44:0
ASN #49981 WorldStream B.V.
File type ASCII text, with CRLF line terminators
Hash 83126dc4af783a2179ab362a5bbec530
b1fe91477d92ab09066f28ddda5b31a4bf0f1689
cb1ef4607e93916a5dd30beae4617069924cb5f10edb65d8f93468c3fbdc1dc4
GET /counter.js HTTP/1.1
Host: cleverjump.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 26 Nov 2022 03:18:16 GMT
Content-Type: application/javascript
Content-Length: 5571
Last-Modified: Wed, 20 Jan 2021 12:50:32 GMT
Connection: keep-alive
ETag: "60082718-15c3"
Expires: Sun, 27 Nov 2022 03:18:16 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 69b4c95baca69139e9e4f7e5ffa6bace
a33af721a9defcb815716234aafdb69de7169455
9f752625bea112bc5402067fd695ba893590e6de9844de640a663e4e8fdc1475
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 163d4912a06d8358abc770dc0351d7b4
1e8dc04b95e704679ab729f81716466ea8a3e591
72245d178d481350af611804e557032ffb7bb3a3e8cdb83f3332a5ffba78d193
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 65992aeb8efb9a0b8fd59687090733fe
526a2afccc93d32849185d153fafe44b72797df9
b6677984b6c3602d7b62df776158c09a3e57eec4c0edbddafb0624200715f10e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=beny-asgar.blogspot.com&callback=_gfp_s_&client=ca-pub-6704957484474347&gpid_exp=1
172.217.21.162200 OK 254 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=beny-asgar.blogspot.com&callback=_gfp_s_&client=ca-pub-6704957484474347&gpid_exp=1
IP 172.217.21.162:0
File type ASCII text, with very long lines (391), with no line terminators
Hash 880048372b3633a5745e844750821d4f
741ce4831ea7b6a7b9e072d01b99b67cf17cddde
eadbd3441e5c8c0f8026255e249b29a98e44d871ebf04a3ffb5aa189c83cbbe7
GET /gampad/cookie.js?domain=beny-asgar.blogspot.com&callback=_gfp_s_&client=ca-pub-6704957484474347&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 26 Nov 2022 03:18:16 GMT
server: cafe
cache-control: private
content-length: 254
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=beny-asgar.blogspot.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=beny-asgar.blogspot.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=beny-asgar.blogspot.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 26 Nov 2022 03:18:16 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=beny-asgar.blogspot.com
216.58.207.226200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=beny-asgar.blogspot.com
IP 216.58.207.226:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=beny-asgar.blogspot.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 26 Nov 2022 03:18:16 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 163d4912a06d8358abc770dc0351d7b4
1e8dc04b95e704679ab729f81716466ea8a3e591
72245d178d481350af611804e557032ffb7bb3a3e8cdb83f3332a5ffba78d193
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6704957484474347&output=html&h=600&slotname=4051998447&adk=2946081991&adf=2872600186&pi=t.ma~as.4051998447&w=120&lmt=1638969817&url=http%3A%2F%2Fbeny-asgar.blogspot.com%2F&host=pub-1556223355139109&wgl=1&dt=1669432695616&bpp=74&bdt=578&idt=460&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&correlator=5603330672040&frm=20&pv=2&ga_vid=70838778.1669432696&ga_sid=1669432696&ga_hid=1803842989&ga_fc=0&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=734&ady=796&biw=1268&bih=939&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774649%2C42531706%2C44774653%2C44778780%2C44770880%2C44774292%2C44777948&oid=2&pvsid=4123982139230225&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C939&vis=1&rsz=%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=kXxtTb5edL&p=http%3A//beny-asgar.blogspot.com&dtd=638
142.250.74.130400 Bad Request 46 B URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6704957484474347&output=html&h=600&slotname=4051998447&adk=2946081991&adf=2872600186&pi=t.ma~as.4051998447&w=120&lmt=1638969817&url=http%3A%2F%2Fbeny-asgar.blogspot.com%2F&host=pub-1556223355139109&wgl=1&dt=1669432695616&bpp=74&bdt=578&idt=460&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&correlator=5603330672040&frm=20&pv=2&ga_vid=70838778.1669432696&ga_sid=1669432696&ga_hid=1803842989&ga_fc=0&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=734&ady=796&biw=1268&bih=939&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774649%2C42531706%2C44774653%2C44778780%2C44770880%2C44774292%2C44777948&oid=2&pvsid=4123982139230225&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C939&vis=1&rsz=%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=kXxtTb5edL&p=http%3A//beny-asgar.blogspot.com&dtd=638
IP 142.250.74.130:0
File type HTML document, ASCII text, with very long lines (603), with no line terminators
Hash 0c80c3a2604d656b7e461160bf5eba0f
d4f5c720a2b94f5f13b2e569035a7b14a513630d
470b81d27902c371ec202ef835ecf76bf54c8e222dab8b77eb8d2fd45652c955
GET /pagead/ads?client=ca-pub-6704957484474347&output=html&h=600&slotname=4051998447&adk=2946081991&adf=2872600186&pi=t.ma~as.4051998447&w=120&lmt=1638969817&url=http%3A%2F%2Fbeny-asgar.blogspot.com%2F&host=pub-1556223355139109&wgl=1&dt=1669432695616&bpp=74&bdt=578&idt=460&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&correlator=5603330672040&frm=20&pv=2&ga_vid=70838778.1669432696&ga_sid=1669432696&ga_hid=1803842989&ga_fc=0&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=734&ady=796&biw=1268&bih=939&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774649%2C42531706%2C44774653%2C44778780%2C44770880%2C44774292%2C44777948&oid=2&pvsid=4123982139230225&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C1280%2C939&vis=1&rsz=%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=kXxtTb5edL&p=http%3A//beny-asgar.blogspot.com&dtd=638 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 400 Bad Request
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 26 Nov 2022 03:18:17 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 26-Nov-2022 03:33:17 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cleverjump.org/hit?z0;s1280*1024*24;f2TUC7F1rOydn0dU9cwFVfFAHGXXp0j;cshb2;r;uhttp%3A%2F%2Fbeny-asgar.blogspot.com%2F;hBeny75%20All%20Content;0.8414621874060971
217.23.10.44200 OK 0 B URL HTTP/1.1 cleverjump.org/hit?z0;s1280*1024*24;f2TUC7F1rOydn0dU9cwFVfFAHGXXp0j;cshb2;r;uhttp%3A%2F%2Fbeny-asgar.blogspot.com%2F;hBeny75%20All%20Content;0.8414621874060971
IP 217.23.10.44:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hit?z0;s1280*1024*24;f2TUC7F1rOydn0dU9cwFVfFAHGXXp0j;cshb2;r;uhttp%3A%2F%2Fbeny-asgar.blogspot.com%2F;hBeny75%20All%20Content;0.8414621874060971 HTTP/1.1
Host: cleverjump.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 26 Nov 2022 03:18:17 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
P3P: CP=CleverJump
Set-Cookie: _cjuh=5wK6o32qqwVIYUyjETDOqJ1qsdSOTh; expires=Sun, 26-Nov-2023 03:18:17 GMT; Max-Age=31536000; path=/hit; httponly; SameSite=None; Secure
cleverjump.org/hit/get-uid.php
217.23.10.44200 OK 0 B URL HTTP/1.1 cleverjump.org/hit/get-uid.php
IP 217.23.10.44:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /hit/get-uid.php HTTP/1.1
Host: cleverjump.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://beny-asgar.blogspot.com
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 26 Nov 2022 03:18:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
Access-Control-Allow-Origin: http://beny-asgar.blogspot.com
Access-Control-Allow-Credentials: true
1.bp.blogspot.com/-bIcpS-oCSCM/Trv6Ukh1dbI/AAAAAAAAACE/IYRyyKN-6do/s320/butterfly12.jpg
142.250.74.161200 OK 37 kB URL HTTP/1.1 1.bp.blogspot.com/-bIcpS-oCSCM/Trv6Ukh1dbI/AAAAAAAAACE/IYRyyKN-6do/s320/butterfly12.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x225, components 3\012- data
Hash 2b928680efe52981220a4d6428eea227
6fd66211dacb3b6a4f6197e15d75368e3e07fae7
044aee2cc514bea140540c7c65a83b6b1d224f4903d1e7d236489101c775f61f
GET /-bIcpS-oCSCM/Trv6Ukh1dbI/AAAAAAAAACE/IYRyyKN-6do/s320/butterfly12.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v21"
Expires: Sun, 27 Nov 2022 03:18:17 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="butterfly12.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Sat, 26 Nov 2022 03:18:17 GMT
Server: fife
Content-Length: 37088
X-XSS-Protection: 0
www.imageboo.com/files/wtw8zeyts1cvg3sjkhb7.ico
185.53.177.54400 Bad Request 20 B URL HTTP/1.1 www.imageboo.com/files/wtw8zeyts1cvg3sjkhb7.ico
IP 185.53.177.54:0
ASN #61969 Team Internet AG
File type ASCII text, with no line terminators
Hash 64b3d0bcb16e406cdd665ec49fefb7f1
8da5d8ac9123e50bbd4293b111f6f640f864256b
cfe229c58e25f36ffab9053add1dcfdf3abe1cb26b7b0a3d22e9514f757b98d5
Analyzer Verdict Alert fortinet Malware
GET /files/wtw8zeyts1cvg3sjkhb7.ico HTTP/1.1
Host: www.imageboo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
HTTP/1.1 400 Bad Request
Server: nginx
Date: Sat, 26 Nov 2022 03:18:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Blocked: 11015.10
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 0754a39846284dd8d4fbfe285a83a6b0
d4deed21378a63659bb0bbf0ab636f838e2fe745
e0f3d9d5e8eef220c221b3002bbf14e86d56c841e9e5bfea2ed83a3b5fbb26cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env
142.250.74.34200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env
IP 142.250.74.34:0
File type JSON data\012- , ASCII text, with very long lines (14601), with no line terminators
Hash 062be6085e02cd2f15a54836b97a9591
2c300b7382b82123d9d4a5d5f25e3d65227a178e
560e639e9b53aa8372ab7ed1808c815ca31685e42b45bafc446b20ec392097a4
GET /getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://beny-asgar.blogspot.com
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sat, 26 Nov 2022 03:18:17 GMT
server: cafe
content-length: 11020
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cleverjump.org/hit/get-uid.php
217.23.10.44200 OK 30 B URL HTTP/1.1 cleverjump.org/hit/get-uid.php
IP 217.23.10.44:0
ASN #49981 WorldStream B.V.
File type ASCII text, with no line terminators
Hash a28250cf21d3d47894d8d24f1c39f3d5
c84f19d240863ae7ea353e85946840e655a7c551
f6822ed4e5c56a056d92b47a9ab68c95f8a43f8406a6f952d4bbb8d5de41261c
Analyzer Verdict Alert fortinet Malware
GET /hit/get-uid.php HTTP/1.1
Host: cleverjump.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://beny-asgar.blogspot.com
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Cookie: _cjuh=5wK6o32qqwVIYUyjETDOqJ1qsdSOTh
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 26 Nov 2022 03:18:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
Access-Control-Allow-Origin: http://beny-asgar.blogspot.com
Access-Control-Allow-Credentials: true
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 9f77ee08c588d427b057eff8c9680d8c
26f765e4563acb057df4a3e49f50346567cafaea
bf75efdaa7e228686b2c4ea1167a30e234af14e0a8389f4542d1ecd1d83a2ec2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 76544babbcf6515110bd81aaee8e7e63
043497692868c67ac84cdfe70d0a484517abd1c2
a19d5958d683662375a2469d1d7e551188469b967eb6f2bae2d5e43dac51a4f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash c9d7fd390d4669c21e3cff3689303b88
ac562c5f2efa55a4f0b6fe6f98f436840cc4a8c5
2765e390837392d5201f790f19f9fb993a90574e3e834c41b8fe74a23ab17d60
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://beny-asgar.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 26 Nov 2022 03:18:17 GMT
date: Sat, 26 Nov 2022 03:18:17 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-sbEXQCRfaMNQAGleQ9JDoA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ivisitas.blogspot.com/2000/01/associados.html
142.250.74.161200 OK 2.2 kB URL HTTP/2 ivisitas.blogspot.com/2000/01/associados.html
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1411)
Hash 92b2796ff687cb7dc5e18f883132c067
5f37d0e56b8d7cdbfb27c479db307e03ea0ee0ea
cb1c2964ab6cf5d6e73358972ffb9d5399bb626b5127c0ca05d734e0efb33f79
GET /2000/01/associados.html HTTP/1.1
Host: ivisitas.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://26-1.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-robots-tag: all
content-type: text/html; charset=UTF-8
expires: Sat, 26 Nov 2022 03:18:17 GMT
date: Sat, 26 Nov 2022 03:18:17 GMT
cache-control: private, max-age=0
last-modified: Sun, 30 Jan 2022 22:25:28 GMT
etag: W/"6fd62896087d90d35a6cec696b5a1f4c879caa14a3664c93f262cb47cc96bfb6"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 2211
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 0754a39846284dd8d4fbfe285a83a6b0
d4deed21378a63659bb0bbf0ab636f838e2fe745
e0f3d9d5e8eef220c221b3002bbf14e86d56c841e9e5bfea2ed83a3b5fbb26cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 03:18:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1.bp.blogspot.com/-e3lymykccNU/YL7pznBbhBI/AAAAAAAADJo/yd8Zy20I6l8r9FnHbI8igyiy6uPvnjdSQCLcBGAsYHQ/s0/DRIVE.gif
142.250.74.161200 OK 15 kB URL HTTP/2 1.bp.blogspot.com/-e3lymykccNU/YL7pznBbhBI/AAAAAAAADJo/yd8Zy20I6l8r9FnHbI8igyiy6uPvnjdSQCLcBGAsYHQ/s0/DRIVE.gif
IP 142.250.74.161:0
File type GIF image data, version 89a, 121 x 30\012- data
Hash 9f7591e63a7f1c86d9ffba1973e00fdb
71d90a2ae48b35ad298b111d1f67471d63c9eda7
d5cce454f3daafc78acabd39d8e614d5a44f13eac1b9644dd2615c8fdc39b03b
GET /-e3lymykccNU/YL7pznBbhBI/AAAAAAAADJo/yd8Zy20I6l8r9FnHbI8igyiy6uPvnjdSQCLcBGAsYHQ/s0/DRIVE.gif HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ivisitas.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="DRIVE.gif"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 15439
x-xss-protection: 0
date: Sat, 26 Nov 2022 01:25:40 GMT
expires: Tue, 15 Nov 2022 14:38:16 GMT
cache-control: public, max-age=86400, no-transform
age: 6757
etag: "vc9c"
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ivisitas.blogspot.com/js/cookienotice.js
142.250.74.161200 OK 2.0 kB URL HTTP/2 ivisitas.blogspot.com/js/cookienotice.js
IP 142.250.74.161:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: ivisitas.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ivisitas.blogspot.com/2000/01/associados.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 11:01:41 GMT
expires: Tue, 29 Nov 2022 11:01:41 GMT
cache-control: public, max-age=604800
last-modified: Tue, 22 Nov 2022 06:50:29 GMT
content-type: text/javascript
age: 317796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 27897a7a4f3d335e0c60f5c6790a478c
6e8350d5568779051aa70e2eea1d3e9789e2eb50
64a05e047b52efbac209c45db0e1955a1f80139b21f53c8b55aae67b0f904f28
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 03:18:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 17:29:14 GMT
Expires: Tue, 29 Nov 2022 17:29:13 GMT
Etag: "6e8350d5568779051aa70e2eea1d3e9789e2eb50"
Cache-Control: max-age=309655,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76ff79d80899b524-OSL
whos.amung.us/swidget/iiivisitas.gif
172.67.8.141307 Temporary Redirect 311 B URL HTTP/2 whos.amung.us/swidget/iiivisitas.gif
IP 172.67.8.141:0
File type PNG image data, 80 x 15, 8-bit colormap, non-interlaced\012- data
Hash 0b02311fa56843b25b76c45ea81f8267
864cff8cd01a69af1ff137200fa2b15f34cff6fa
b1c40e48658e4685764df73206a95aa33274cd3fc186d1d5a967aa794d60887c
GET /swidget/iiivisitas.gif HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ivisitas.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Sat, 26 Nov 2022 03:18:17 GMT
content-type: text/html; charset=UTF-8
location: https://widgets.amung.us/small/00/3.png
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76ff79d85c5a1c02-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13625
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 03:18:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13625
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 03:18:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13625
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 03:18:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QS3ZKYetcm87GNwSr34eRPF2d4r8ppwf3fT19aV-u84f7ObX4bU8wQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 08:20:28 GMT
age: 68269
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5088223f5973e3cd56f03f50a1e84b79
0b6c9b51d10762a4747286ab5b1c2354fa39c622
8159e4f7eec7bea518bb29e3fdb070bab4fb70116205577f7b7d74ad4d0dfbc7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7a5b86-3ad1-40c7-b173-8a9ac078c227.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8913
x-amzn-requestid: d0a9414c-eccf-44e8-adb7-92654544eeb5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWXEpeIAMFnzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-5825510666b3e80a5f83cafa;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LDrq5UcFhG63XFZhmeS5Z_mEkwrvuQ2bLfT8hV9I3E1s1lJLZF5Dww==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
age: 19913
etag: "0b6c9b51d10762a4747286ab5b1c2354fa39c622"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 80029
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 926df9839ec3d924b563b55d8bccace8
c47a3884465fc02b5c57faa5ffbd986ba29c64c2
a97cd625959aa81bc516024628315b2c6e2ce94f76cd579751a686a6611cc4d2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: eede6332-5376-4f9c-83fc-f894430c1f4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWYFFgoAMFhaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-66d7ffc70f7d901420a503da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -6kE-HDfLIQMtzuaOuArCjtxgpQUgxMrpjcT7pDIdY7CDlJNK1GZWA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
etag: "c47a3884465fc02b5c57faa5ffbd986ba29c64c2"
content-type: image/jpeg
age: 19913
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bfe2d23-9843-4fb7-b46a-fd8ffd7bce9a.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bfe2d23-9843-4fb7-b46a-fd8ffd7bce9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d30923b7d20eeb37527255c3ee1da34f
bed54bd4f659fbf29834b262e9179df7e7bc56a6
3110f22342b17a7b1d30bd53350e6a11fd6032d97bccf4206e4a27d6e332c79b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bfe2d23-9843-4fb7-b46a-fd8ffd7bce9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9011
x-amzn-requestid: f0e83373-0f65-4358-a902-45f2e9c24c24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUfPHzAoAMF4ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813461-19e037da49c44e4363bbe8f0;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: BhDa2CHAFtN7I8edeVOkRMzIRzmRPgHHnk1W_W5oZnRjaFN2vqze2g==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:49 GMT
age: 19768
etag: "bed54bd4f659fbf29834b262e9179df7e7bc56a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b1c6878914466cfece680fa7cb73502
47fac81a2dd809df5c42ca1362f71d553572d2b1
6458883dfa2bdfd483e92e5f847a229508ef00ce1dbd11f49eec369d0bd3160a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9914
x-amzn-requestid: 4db4ed29-20b4-4ca7-8835-2463d0989d5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVFHQYIAMFc4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135b9-613da006118724124e345b29;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7cJmhEGkKqLUQUMqGuYtWBeu_1nlEUAxgTMy4ABekPJYrJP95wE6Jg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:59:05 GMT
age: 19152
etag: "47fac81a2dd809df5c42ca1362f71d553572d2b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2