Overview

URLwww.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
IP 66.29.146.22 (United States)
ASN#22612 NAMECHEAP-NET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-28 22:53:02 UTC
StatusLoading report..
IDS alerts0
Blocklist alert17
urlquery alerts No alerts detected
Tags None

Domain Summary (34)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ocsp.digicert.com (5) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
www.officialnd.com (10) 0 No data No data 66.29.146.22 Unknown ranking
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68
www.withinnigeria.com (1) 524884 2014-12-14 13:08:57 UTC 2022-11-25 23:46:08 UTC 104.26.15.210
cdn.creative-bars1.com (6) 0 2022-11-15 16:46:22 UTC 2022-11-28 19:33:53 UTC 172.64.109.13 Unknown ranking
www.the-sun.com (1) 21787 2021-08-29 12:21:55 UTC 2022-11-28 22:06:54 UTC 143.204.55.92
hydnews.in (1) 300360 2017-02-03 18:00:34 UTC 2022-11-13 02:33:56 UTC 104.21.77.222
unseenreport.com (2) 0 2022-03-30 14:33:17 UTC 2022-11-28 19:33:52 UTC 192.243.59.12 Unknown ranking
cdn.barscreative1.com (1) 25648 2021-09-16 11:14:42 UTC 2022-07-13 08:11:12 UTC 45.133.44.3
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-28 05:53:26 UTC 34.117.237.239
phoosi.com (1) 125731 2020-10-30 12:41:16 UTC 2022-11-20 04:02:46 UTC 191.96.56.201
img-getpocket.cdn.mozilla.net (5) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-28 05:55:58 UTC 34.102.187.140
www.newpakweb.com (1) 0 2019-02-22 11:33:42 UTC 2022-11-27 18:56:52 UTC 172.67.74.52 Unknown ranking
lightssyrupdecree.com (1) 0 2022-11-12 08:15:02 UTC 2022-11-28 22:16:52 UTC 173.233.137.44 Unknown ranking
wastedinvaluable.com (8) 0 2022-11-16 05:53:14 UTC 2022-11-28 19:17:38 UTC 192.243.59.13 Unknown ranking
cdn.cloudimagesb.com (1) 23099 2022-10-07 08:01:31 UTC 2022-10-08 10:27:40 UTC 45.133.44.10
e1.o.lencr.org (5) 6159 No data No data 23.36.76.226
region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-11-28 06:50:41 UTC 216.239.32.36 Domain (google-analytics.com) ranked at: 8401
pixel.wp.com (1) 2545 2017-01-30 05:31:40 UTC 2022-11-28 05:51:35 UTC 192.0.76.3
fonts.googleapis.com (2) 8877 2013-06-10 20:14:26 UTC 2022-11-28 16:39:41 UTC 142.250.74.10
stats.wp.com (1) 2711 2017-01-30 05:06:59 UTC 2022-11-28 05:51:34 UTC 192.0.76.3
c0.wp.com (8) 6988 2018-09-24 15:59:05 UTC 2022-11-28 06:21:30 UTC 192.0.77.37
pl16977271.highperformancecpmgate.com (1) 0 No data No data 192.243.61.225 Unknown ranking
ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.156
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-28 20:10:04 UTC 142.250.74.168
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 100.20.30.105
friendshipmale.com (1) 0 2022-10-21 12:15:25 UTC 2022-11-28 19:17:37 UTC 172.64.141.24 Unknown ranking
maxcdn.bootstrapcdn.com (1) 724 2014-06-18 00:37:31 UTC 2022-11-28 16:00:06 UTC 104.18.11.207
tallysaturatesnare.com (3) 0 2022-11-16 06:01:46 UTC 2022-11-28 17:18:45 UTC 192.243.59.13 Unknown ranking
r3.o.lencr.org (14) 344 No data No data 23.36.77.32
ocsp.pki.goog (7) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-11-28 15:46:00 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-28 2 tallysaturatesnare.com/fe/3b/32/fe3b3290f0918b728d00df3a681dc665.js Malware
2022-11-28 2 cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/inde (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-28 2 highperformancecpmgate.com Sinkholed
2022-11-28 2 tallysaturatesnare.com Sinkholed
2022-11-28 2 wastedinvaluable.com Sinkholed
2022-11-28 2 tallysaturatesnare.com Sinkholed
2022-11-28 2 wastedinvaluable.com Sinkholed
2022-11-28 2 tallysaturatesnare.com Sinkholed
2022-11-28 2 wastedinvaluable.com Sinkholed
2022-11-28 2 lightssyrupdecree.com Sinkholed
2022-11-28 2 wastedinvaluable.com Sinkholed
2022-11-28 2 wastedinvaluable.com Sinkholed
2022-11-28 2 wastedinvaluable.com Sinkholed
2022-11-28 2 unseenreport.com Sinkholed
2022-11-28 2 unseenreport.com Sinkholed
2022-11-28 2 wastedinvaluable.com Sinkholed
2022-11-28 2 wastedinvaluable.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 66.29.146.22
Date UQ / IDS / BL URL IP
2022-11-28 22:53:02 +0000 0 - 0 - 17 www.officialnd.com/cole-van-note-announces-jo (...) 66.29.146.22


Last 5 reports on ASN: NAMECHEAP-NET
Date UQ / IDS / BL URL IP
2023-02-04 21:43:21 +0000 0 - 0 - 2 delivery.bdsellprice.com/public/5qiRLcATVeHoS (...) 68.65.120.179
2023-02-04 21:19:23 +0000 0 - 1 - 0 whoinstallstvs.com/ 192.64.119.242
2023-02-04 21:18:34 +0000 0 - 1 - 0 rhabankingn.com/ 192.64.119.213
2023-02-04 19:45:41 +0000 0 - 0 - 11 mosibinaebisolicitors.com/UUOT.php?ionsb=1 162.0.229.67
2023-02-04 19:45:38 +0000 0 - 0 - 11 qsolconsulting.net/EE.php?trcpiour=6 198.54.116.202


Last 1 reports on domain: officialnd.com
Date UQ / IDS / BL URL IP
2022-11-28 22:53:02 +0000 0 - 0 - 17 www.officialnd.com/cole-van-note-announces-jo (...) 66.29.146.22


No other reports with similar screenshot

JavaScript

Executed Scripts (21)

Executed Evals (1)
#1 JavaScript::Eval (size: 2072) - SHA256: 98586e88d4cbf1b9bfd3f8c0d3c7fb0388eeb7c900da52af74e65ea6850f0cb9
               (function() {
                   var bn;
                   if (bn = document.getElementById('atLink-bd98676cadeb63e4d1975be98f431a6a')) {
                       var callback = function() {
                           (new Image()).src = '//tallysaturatesnare.com/clk.gif?landing_id=3805440&placement_id=16876768&sid=H4sIAAAAAAAC%2F1RTzYsc1Rd9ld%2Fkt9BVghtFsAUXCk5PVb169ZEsxBgjwZiEJBpcvs%2BZ51RXFfWquiYDgWBUshxduaw5PZPxIwTzBwjSI4IEhLQLmYWD%2F4OQtfRkoPVC1b3nnrc45937vthuD4mPlh9c%2FaDctHnOV9jQH7x%2B0xaq7Nzg8o1B4A%2F9s4Obtoijs4ON%2Ba8enwl8NvTfGLyn5Xq5EvqB7wd%2BMLhga23KjZUjFrZ6kAXDzB9G4TBgETbq%2F2LXenDcgxofktOwanZy7ddHsHKKYvTDee3Wm7J6891Rm%2FOmrDFWex8W60XZFRgtSlN7MMXe8WmUbkbI1ydQFnvHDlCOd%2BYOIOyMeH8EEMXesUyI8e4zpSKHLiDU8%2BjGU%2Bh8H5ZPIcu7sOoJAaTC5SsoRvcvl3XHbz1j%2BZydkaWnf8N2M7L05wsoRg%2FP5XZjcL3M28aWhcOG6WE3prCrU1TtPppND7bbh2w%2BhVW%2FkZWnl1CMdq64vIRVB68pHiexkmKZUUOXIxHz5ZQl4XIoQppSnoRJEh9dkbVTWDNFrrfAnYd2%2FlkPrfHQVh5G6mDAWWZ8PzHCUJpGUkpKpWRprJiiUWp8tHLuYQtNtQWZb0HWd1DVd7Buv3zCTqNuf4JbO%2FhGxkJGQZjEKlYJ52FkVCwTHmZGiVjSUAUm4FoqmlFqslhTpTVXGc2ylLOQsSCMAl%2BkisWBkoZKwUQgjeTamDTkNKZMx2lgBGOJYIqaNOGUGyYDXwWhL4wJjfQFi5SJgyyMmJ%2F4vpKMZkbRRGvOAk4TljA45cE1BGPVo9MEnSPoOEFnCbqGoBv3uyp3oevvq9y1IjjO4XGm%2FaRsVrf5btms6oJsV4fk1HzInvfZX1jXBwOhsjROYsmVFjHVkQqyhAmdpSaiAY85nO1h3YmjkWzaGXlpd4jKzsjJ8asQfB8u34e0L4O3J8G7CfV98LVJyHxsFg8L3Tme87pxQ1mOoMoeVbOE5pa3nR%2BSF4%2FW7cwpAi0fk%2BOArHtUdY9P7M8Eq%2Fm9ybWyIzvXys6RR1eqxo7sJp%2Bv4vWGN%2Fr%2F372vb3VlrS6ed1vfvi3nxLx8cEO75hIvlC1WHfn%2BnFVK1xfKWmry40V3U4urrVs719ZFW126%2Bs6Fi6Oq1s7ZspiC2ycffwVpZ%2BS52x8dPbJXlm7D1lPUbY9Ru1BqyylkdQeuWvRcSVDnCywqgq7tJ3UoFs3cEuR6gbno4f6FxaLedvewWnvgzV0Uox7jusc478HzLbj2f5Omqh%2B%2F9Ts9Cojcm4i8Jjsir%2Be8PRikImMmMzFLZZIYGsY%2BY75SqRGGCz8SaNxMfn72l38AAAD%2F%2FwEAAP%2F%2F9pGT6zcFAAA%3D&psid=';
                       };
                       if (bn.addEventListener) bn.addEventListener('click', callback, false);
                       else if (bn.attachEvent) bn.attachEvent('onclick', callback);
                       else bn.onclick = callback;
                   }
               })();

Executed Writes (1)
#1 JavaScript::Write (size: 129) - SHA256: 3ef95d7c9d7eeefff68c94a1b5e29af49d3f3b70eb8baebd3915b9a016ad23df
< script type = "text/javascript"
src = "https://www.profitabledisplayformat.com/bd98676cadeb63e4d1975be98f431a6a/invoke.js" > < /script>


HTTP Transactions (98)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8728
Expires: Tue, 29 Nov 2022 01:18:18 GMT
Date: Mon, 28 Nov 2022 22:52:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9414
Expires: Tue, 29 Nov 2022 01:29:44 GMT
Date: Mon, 28 Nov 2022 22:52:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2206
Cache-Control: max-age=130517
Date: Mon, 28 Nov 2022 22:52:50 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 11:08:07 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: O6Ewuu70NHCxUTWrJBJwEAqJBfCuuTcBXLV8SAWUl3Q08iTOp9GJJm9cQblJLsYoV/1RgspW/sM=
x-amz-request-id: MAGMRM4MH5MX9N3J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 22:42:15 GMT
age: 635
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 22:19:33 GMT
cache-control: public,max-age=3600
age: 1997
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 22:52:50 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 11:41:48 GMT
Expires: Sun, 04 Dec 2022 11:41:47 GMT
Etag: "858530df75d4e580546f61b01f90590633924d2d"
Cache-Control: max-age=477536,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7716ad225da8b4f9-OSL

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:50 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 22:08:55 GMT
cache-control: public,max-age=3600
age: 2636
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2261
Cache-Control: max-age=125505
Date: Mon, 28 Nov 2022 22:52:51 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 09:44:36 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4946
Cache-Control: max-age=120652
Date: Mon, 28 Nov 2022 22:52:51 GMT
Etag: "63845cbd-116"
Expires: Wed, 30 Nov 2022 08:23:43 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /c/6.1.1/wp-includes/css/classic-themes.min.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-length: 217
last-modified: Tue, 25 Oct 2022 13:45:16 GMT
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   217
Md5:    95e891f28e44a9b314c09545d86be2b7
Sha1:   f9b13a8bd47273b086a0a07df15f314e0af0bc3e
Sha256: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0 HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         66.29.146.22
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
last-modified: Tue, 01 Nov 2022 15:37:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 537
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   537
Md5:    912417e2f1dc528315cd897c614a4728
Sha1:   b1a691de86c05ef439850bf18cc5747b1c777d0a
Sha256: ff745eec876a0fe33c5b164e90a1196970ee2c5ce79a269002d6b928b993f469
                                        
                                            GET /wp-content/themes/mh-magazine-lite/style.css?ver=2.9.2 HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         66.29.146.22
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
last-modified: Tue, 01 Nov 2022 14:08:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8842
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (739)
Size:   8842
Md5:    b4588be584fdfc6f3c8997ce49940a0f
Sha1:   f1b50682d29aa349889fea0469a12ed31deb25cb
Sha256: c609f96251492512f62d975430d7d977a812b78031dad2797d12dbdf34d562db
                                        
                                            GET /wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         66.29.146.22
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
last-modified: Tue, 01 Nov 2022 14:08:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6658
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30837)
Size:   6658
Md5:    97c6ce9b4936f66aa388ad33c39aba2d
Sha1:   3f14a7e78fbb4935cf35c20779dc2035531849a9
Sha256: 1eea453c424793fc56ef14093c10b373e3ca8388a70e847394e8084048c5ce38
                                        
                                            GET /wp-content/plugins/mango-buttons/public/style/mb-button.css?ver=1.2.9 HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         66.29.146.22
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
last-modified: Sun, 13 Nov 2022 03:12:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1162
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1162
Md5:    41ea2be1c36e1072c97749245b63af65
Sha1:   364780ea2ef694eac94d8956878f37ac3254e018
Sha256: fb57074e16a397f4dbd4f15a5e5350fdd9f209ba432cbe737362cdc5a649a4ac
                                        
                                            GET /c/6.1.1/wp-includes/js/jquery/jquery.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         192.0.77.37
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
vary: Accept-Encoding
last-modified: Mon, 19 Sep 2022 14:16:24 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   30628
Md5:    516b8eeec753644c36caed02fa772f64
Sha1:   f649469b7076d28d98012226b67c6784c83774d4
Sha256: e25632c803fb07736dfe1fcbb1f85f90811e6cee465edaa237b5b2d33d73ca8d
                                        
                                            GET /gtag/js?id=G-Y0TGQ6KH7Q HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 22:52:51 GMT
expires: Mon, 28 Nov 2022 22:52:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79605
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (25492)
Size:   79605
Md5:    036b2320d6f0229d4f7fc3e8eb5f3d3e
Sha1:   24c5ee87324303b6fbee75ace87713cad5de9019
Sha256: 2e4e1d0d0051defd148144d2ca9d0765518a4a086e921d733c361e4127f46b5e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/wp-automatic/js/main-front.js?ver=6.1.1 HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         66.29.146.22
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
last-modified: Tue, 01 Nov 2022 15:37:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 316
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   316
Md5:    98562a00d396f4e497bd060365515379
Sha1:   b6e09dd87b22b6a7293551423b3e318d4a504ada
Sha256: da6c3b5ec1baea8dfefe9a30abfa3ee6ba64464cb5ff44856d0704fb45323d40
                                        
                                            GET /wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.2 HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         66.29.146.22
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
last-modified: Tue, 01 Nov 2022 14:08:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11268
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21960)
Size:   11268
Md5:    2eadad08e686f6256300f68abbc9e781
Sha1:   79d828e10925973c9d60cc8465971233e0abdbba
Sha256: 11bc9f9824f106fcd705a41ffad0ec8ab8d6515ee403b9b0e4de85545acbcea7
                                        
                                            GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.2.1 HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         66.29.146.22
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:07 GMT
last-modified: Thu, 24 Nov 2022 18:48:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 918
date: Mon, 28 Nov 2022 22:52:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   918
Md5:    ff98a2d5f2f2ad26eb5e4ac74aa9702b
Sha1:   83bf52f910c78babbe737914acc7e36a8b0f35df
Sha256: 9158326d8570a2ac4ecf0d34c7befd54bb857a0c139a3e19dd19bf894642ec89
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         66.29.146.22
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:07 GMT
last-modified: Tue, 12 Apr 2022 15:26:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Mon, 28 Nov 2022 22:52:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   4619
Md5:    0232689bd203f330529b36a437f41a68
Sha1:   9046583f7469ad38297969f10a9513eb895d5316
Sha256: feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qRFKtJ2Ob5Hb613QOB7OGA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         100.20.30.105
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XS0F/IFJdki0MCvXGTOb8GDipiU=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8F233B2CFB7372DBC20740ACA75A14A438FBD608989F7AA51AAB13DBAD874938"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3373
Expires: Mon, 28 Nov 2022 23:49:05 GMT
Date: Mon, 28 Nov 2022 22:52:52 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/uploads/2022/06/2-44.jpg HTTP/1.1 
Host: phoosi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         191.96.56.201
HTTP/2 200 OK
content-type: image/jpeg
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 28 Nov 2023 22:52:52 GMT
last-modified: Sat, 25 Jun 2022 09:36:14 GMT
accept-ranges: bytes
content-length: 6551
date: Mon, 28 Nov 2022 22:52:52 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 612x350, components 3\012- data
Size:   6551
Md5:    8e6bcc971d1d779dbcdb68c722ca72a9
Sha1:   a36915d3c5656427ab5f6bc113a180160016e41c
Sha256: 30cbfe30d1fb4ed11d8dce1d9beae05e1c904ab7ea512f4281ef270ad9bb2a6b
                                        
                                            GET /83/ae/aa/83aeaa6b3377a47861dd648f772d716c.js HTTP/1.1 
Host: pl16977271.highperformancecpmgate.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.225
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.22.0
Date: Mon, 28 Nov 2022 22:52:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a050172fa9d803afd8ef86c9ada31fc5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (37131), with no line terminators
Size:   13400
Md5:    a8e398dd6db96339a041e31b2dc8c4fc
Sha1:   8a69c8f0ae66f2d6ac58e00f091cd196c4c31d90
Sha256: 4fffa7d4bb401235614d1d078984def32d72adc50d542564c5c401d44c0d38be

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /c/6.1.1/wp-includes/js/comment-reply.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         192.0.77.37
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
vary: Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2946)
Size:   1701
Md5:    a61d5ee76218981b21353bf83f7624c7
Sha1:   4df8502f1e93e98db466c466b3fa295a643d0d36
Sha256: 7a480796b9c459bacfea4951ef3d2bace7c99d442498f97430f1475e841d6066
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 22:52:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "ACE43109E30792780C3B526994D017ABAC37D7BEDEC0382DE7B0FB3A10D62041"
Last-Modified: Sun, 27 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8323
Expires: Tue, 29 Nov 2022 01:11:35 GMT
Date: Mon, 28 Nov 2022 22:52:52 GMT
Connection: keep-alive

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 407401
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 22:52:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=140137
Date: Mon, 28 Nov 2022 22:52:52 GMT
Etag: "6384b816-1d7"
Expires: Wed, 30 Nov 2022 13:48:29 GMT
Last-Modified: Mon, 28 Nov 2022 13:31:02 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jDb3QUXzbSaF2r1SHtHpAwtWWRD21vV1GglMn7RJnUvuwZkcEXv85Q==
Age: 1047

                                        
                                            GET /font-awesome/4.3.0/css/font-awesome.min.css?ver=4.3.0 HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.18.11.207
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Mon, 28 Nov 2022 22:52:51 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 21:08:57
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: f4e260a1f051a51bf706bf42d8bf3299
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 5297118
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7716ad270836b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (23577)
Size:   5410
Md5:    3d4c8902bff0f20c09d0a1588ce59aca
Sha1:   a7694b2fd88668acdb744d12da74498e6d7bedca
Sha256: cdbe6432f74adc6f8c98d0d827771b46d2b6803a4e176b3e8e5f51af34049b91
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "ACE43109E30792780C3B526994D017ABAC37D7BEDEC0382DE7B0FB3A10D62041"
Last-Modified: Sun, 27 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8323
Expires: Tue, 29 Nov 2022 01:11:35 GMT
Date: Mon, 28 Nov 2022 22:52:52 GMT
Connection: keep-alive

                                        
                                            POST /g/collect?v=2&tid=G-Y0TGQ6KH7Q&gtm=2oeb90&_p=1923557931&cid=1411466859.1669675971&ul=en-us&sr=1280x1024&_s=1&sid=1669675971&sct=1&seg=0&dl=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&dt=Cole%20%26%20Van%20Note%20Announces%20Johnson%20County%20Data%20Breach%20Investigation%20%C2%BB%20officialnd%20%E2%80%93%20OfficialND&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.32.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://www.officialnd.com
date: Mon, 28 Nov 2022 22:52:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BCF459D144029C2F585741DE7D15019A4622856BC34FEEFFA76615ED59DB6C4E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17030
Expires: Tue, 29 Nov 2022 03:36:42 GMT
Date: Mon, 28 Nov 2022 22:52:52 GMT
Connection: keep-alive

                                        
                                            GET /css?family=Open+Sans:400,400italic,700,600 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 22:52:51 GMT
date: Mon, 28 Nov 2022 22:52:51 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26984)
Size:   10611
Md5:    404e22f4c5fb17ba201dece040f140d6
Sha1:   cd51e214f1c8d56507a2c205bba1708e9f41d6bd
Sha256: 28dd026296e80cdbc9bed03c958f71575c3393426d8ea2067d926b58976abef4
                                        
                                            GET /g.gif?v=ext&blog=211968167&post=37705&tz=5&srv=www.officialnd.com&j=1%3A11.5.1&host=www.officialnd.com&ref=&fcp=1931&rand=0.16967945628137548 HTTP/1.1 
Host: pixel.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         192.0.76.3
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:53 GMT
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5\012- data
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=91935
Date: Mon, 28 Nov 2022 22:52:53 GMT
Etag: "6383ffe4-117"
Expires: Wed, 30 Nov 2022 00:25:08 GMT
Last-Modified: Mon, 28 Nov 2022 00:25:08 GMT
Server: nginx
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=159244
Date: Mon, 28 Nov 2022 22:52:53 GMT
Etag: "638506d1-117"
Expires: Wed, 30 Nov 2022 19:06:57 GMT
Last-Modified: Mon, 28 Nov 2022 19:06:57 GMT
Server: nginx
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8755
Expires: Tue, 29 Nov 2022 01:18:48 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8755
Expires: Tue, 29 Nov 2022 01:18:48 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

                                        
                                            GET /css?family=Open+Sans%3A400%2C300%2C700&ver=6.1.1 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 22:52:51 GMT
date: Mon, 28 Nov 2022 22:52:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1187
Md5:    1340360b5af853930919056fef3f6913
Sha1:   eff51fab4b450a47ea1eda66ebfadb69110e5381
Sha256: c5d803f9ed9dda7676a07420e4634a7691b3bb593f38e13077f085a61057dd2a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9BUuT9WFwAQMnl8JiTDKo-zHgDL0AdjAAAIh0Mx405zbGwhvRouebQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 12:30:42 GMT
age: 37331
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4871
Md5:    a4058fd62595d15c58b3d3266de9865a
Sha1:   d0dff35eb78f129b5da407043037bcf9c27e55c0
Sha256: ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
                                        
                                            GET /entertainment/wp-content/uploads/sites/6/2022/11/ifeoluwaunusual/2022/11/28/3E158536-0C81-4132-9A09-1A480A7832D8.jpeg HTTP/1.1 
Host: www.withinnigeria.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.26.15.210
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 28 Nov 2022 22:52:53 GMT
content-length: 113575
cache-control: max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=122262, status=webp_bigger
access-control-allow-origin: *
etag: "63850ccf-1dd96"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 28 Nov 2022 19:32:31 GMT
referrer-policy: strict-origin-when-cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WordOps
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6MKevLFj0X9owlYyeFTHbZ3MQAVXlGOEIiWyiu7mylLoBtQZnS9AWvcgtXia6%2BoiVXiIP4fWTimARULXw98Rx3LKbOPagoL4%2B9SxNj1SecdZUK2HptaB6t5fUmc8WTy6tFQ3i5HLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7716ad313d101c06-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 850x460, components 3\012- data
Size:   113575
Md5:    0996e999f0e5057ecfbb6fb4bc4ee965
Sha1:   43e789c9d51c26e5edff229d4f3d188ce6a6011e
Sha256: 9210f64eb7974cc2022e6131a21110a892f0a714eff1088bb6d9711720337a7a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4862
x-amzn-requestid: 17c6fb35-2dc8-45e4-a226-a74ba94323b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYlHXxIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5d0-5a0f4f667a3747166eb2b338;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XDdox2fz8xWMEWiTlHtpk_EeS6NUmzBRyWO3fTe47FfJOOvIehST1Q==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 09:08:40 GMT
age: 49453
etag: "a6c7a59a6599ece2cf0e76c778c920dea94ff469"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4862
Md5:    748366131b496e41f92e15ce7d1cd0e0
Sha1:   a6c7a59a6599ece2cf0e76c778c920dea94ff469
Sha256: b9ea2d419742c67e2b14536379e7383524f22645b1af988d5bd72154647fc602
                                        
                                            GET /c/6.1.1/wp-includes/css/dist/block-library/style.min.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
vary: Accept-Encoding
last-modified: Fri, 11 Nov 2022 14:56:45 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (47826)
Size:   17628
Md5:    aee9ae1c0757e6ee9e15c6c718d45950
Sha1:   d94902108164a559b28fcbbfb57da968ca03d59d
Sha256: 6f416d70b3d8de0e8d35b2f47dfe9dbbaee0ee7ffbf6634885b470f7d49d1b53
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "97DDAE71F18AC3B849E6904ECA94AD70896EB734BF8A43B1ED49706A26707F84"
Last-Modified: Mon, 28 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4491
Expires: Tue, 29 Nov 2022 00:07:44 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8796
x-amzn-requestid: 2eed036c-fcda-425b-8c5d-0b0ff31214a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEEWMIAMFwKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-5cb071a2098d43d909eb8d5c;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uWzs8gOBoczTeYXB7-FfJemWbh-hYHwNcR3b9BM5VtJ55NRUzCZeTQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 09:53:45 GMT
age: 46748
etag: "b5b245c90705ad80c31d457c0d7c96709ca31e96"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8796
Md5:    7e44c46db2ac9917110dc47aa38fdc85
Sha1:   b5b245c90705ad80c31d457c0d7c96709ca31e96
Sha256: 5024225a583b188860eaf21f7196c06cef8b2e89389ae4b1df6e314399f3b2ae
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D6F98E2943D76B0EA5438C702D5694853B6967F5B6B51A80461CAE9DAE6FEC4B"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4290
Expires: Tue, 29 Nov 2022 00:04:23 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7549
x-amzn-requestid: bb37235a-8c7d-47fe-abb6-6cc633560165
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP-7lHmsoAMF9lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638311e3-1f2a4abc40119f3e026dc393;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:29:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -aUqAfyrtMO0hkr2J2lm5SNNFdtaJj-F2dpBULvXjfOV205Ksm0iHw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:42:03 GMT
age: 4250
etag: "600859401c885cc2cdd1f199cccc198eb41d6a04"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7549
Md5:    415b1b1d5a29fc17b4114bb3df1d1c22
Sha1:   600859401c885cc2cdd1f199cccc198eb41d6a04
Sha256: abfbf4ecf2423736a29686859f6a8f2b77204b48f3f60d208f6d491e80611e7f
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "21C884064648CE280ECBFF448FE69A9E9B25E605D408FF26A0BD1630191E4617"
Last-Modified: Mon, 28 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4039
Expires: Tue, 29 Nov 2022 00:00:12 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8460
x-amzn-requestid: 51416479-3854-4f1a-9d86-35e104c57f6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnkHuZIAMF-_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852963-180b323d4a45fa2f29f9b1fc;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3MKambAjrBl64HI6hBuOtNJi3Tj6gxtwH_lOfk0WNX15UnCrAJbNig==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:48:54 GMT
age: 3839
etag: "be4c4d01fc67218e26a3e9d27a2f708e639c9d4b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8460
Md5:    516776052e5e906ea9f42d25bae5cc85
Sha1:   be4c4d01fc67218e26a3e9d27a2f708e639c9d4b
Sha256: 28e70e38cfad65ad8a7a68ab1dc78747c7013a87b854fc35b163cc5765cd0570
                                        
                                            GET /wp-content/uploads/sites/6/2022/11/2022-group-h-soccer-match-779014041.jpg?strip=all&quality=100&w=1920&h=1080&crop=1 HTTP/1.1 
Host: www.the-sun.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.92
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 2633290
server: nginx
date: Mon, 28 Nov 2022 22:52:53 GMT
last-modified: Mon, 28 Nov 2022 19:59:57 GMT
expires: Tue, 28 Nov 2023 19:59:57 GMT
etag: "ad535aa754662a70"
strict-transport-security: max-age=31536000
cache-control: max-age=2592000
x-rq: lhr2 109 200 443
accept-ranges: bytes
set-cookie: nuk_customer_country_code=NO; Path=/; Secure; SameSite=None nuk_customer_region_code=03; Path=/; Secure; SameSite=None
x-cache: Miss from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ys1-isPwC-eseFJfTTJZCvFYtSXtnoqnFVzJ0I0klFZGtip4ulARuQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   2633290
Md5:    a7e10bb70474b2fc65085377c61a2997
Sha1:   4e88f227f659fa02878c4265e6aae15ef89a2cc8
Sha256: 776479779ba63bf83760e363308c2aff0a615ffe0c8ffb747e4402efeca3af06
                                        
                                            GET /wp-content/uploads/2022/11/images-31.jpeg HTTP/1.1 
Host: www.newpakweb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.74.52
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 28 Nov 2022 22:52:53 GMT
content-length: 25437
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=26167, status=webp_bigger
etag: "6384e182-6637"
last-modified: Mon, 28 Nov 2022 16:27:46 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RDUo6wBXTm0CLVx5E81HkkDiDoQfoNSloET6rO%2Fa84%2FcHcXqno9aJpbqF5Gy8Y8FHWXx4DFWd%2FPaB51M77Y9Qt34tGwUNoHaI8J2eNm7RUhNBUQ6FCJRSl%2BdheXTgq2EJZCF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad316a18b4ed-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 512x288, components 3\012- data
Size:   25437
Md5:    3d1473105c25356e422a1b2e7f7026fb
Sha1:   789488450341eaf3090352a4794ae01e1dd1b0b4
Sha256: 6ac0a5066069bd2314aa1d1e95d3605a2b63ba60d883fd75d1e0ad444f8c6b1f
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D3E70B7F28DFD3BF61205AB67A77B8AB61CEB27D0654C4F9C81E80AB5F12045A"
Last-Modified: Sun, 27 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12485
Expires: Tue, 29 Nov 2022 02:20:58 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/uploads/2022/11/Lions-Expected-to-Get-Key-Offensive-Defensive-Starters-Back-Week.jpg HTTP/1.1 
Host: hydnews.in
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.77.222
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 28 Nov 2022 22:52:53 GMT
content-length: 53212
cache-control: public, max-age=10368000
expires: Tue, 28 Mar 2023 22:52:53 GMT
last-modified: Mon, 28 Nov 2022 19:53:29 GMT
vary: User-Agent,Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BfHtEZTLU76bb4ripXGSiFbBaBMjaa88T6zH0yMd3VtQJp5SFE%2FwMSt%2BJAYYTFhZiTOJl%2BRqXpdugtxmpEeGLUNvVTLmBgjFatt6etoltYkn%2BnxxLBiQCKk0SkJ2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7716ad31c9d8b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 780x438, components 3\012- data
Size:   53212
Md5:    290319b1ee896bc4f4cc5c9db991cc1f
Sha1:   21486b80225a899ec57971be3e9406a719fdab65
Sha256: 66e513573dc3ec3f702d4acb5fd3ede36ea3020c4e9234cca0eb54e14bedd411
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "97DDAE71F18AC3B849E6904ECA94AD70896EB734BF8A43B1ED49706A26707F84"
Last-Modified: Mon, 28 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4491
Expires: Tue, 29 Nov 2022 00:07:44 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

                                        
                                            GET /watch.1502918346394.js?key=bd98676cadeb63e4d1975be98f431a6a&kw=%5B%22cole%22%2C%22van%22%2C%22note%22%2C%22announces%22%2C%22johnson%22%2C%22county%22%2C%22data%22%2C%22breach%22%2C%22investigation%22%2C%22%C2%BB%22%2C%22officialnd%22%2C%22%E2%80%93%22%2C%22officialnd%22%5D&refer=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&tz=0&dev=e&res=12.1055&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1 HTTP/1.1 
Host: tallysaturatesnare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 307 Temporary Redirect
Content-Type: text/html
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:53 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.officialnd.com
Access-Control-Allow-Origin: https://www.officialnd.com
Access-Control-Allow-Credentials: true
Location: https://tallysaturatesnare.com/watch.1502918346394.js?key=bd98676cadeb63e4d1975be98f431a6a&kw=%5B%22cole%22%2C%22van%22%2C%22note%22%2C%22announces%22%2C%22johnson%22%2C%22county%22%2C%22data%22%2C%22breach%22%2C%22investigation%22%2C%22%C2%BB%22%2C%22officialnd%22%2C%22%E2%80%93%22%2C%22officialnd%22%5D&refer=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&tz=0&dev=e&res=12.1055&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1&shu=c6bc41276d6d7aa24fd6c7a29fdb6c32d1f1aecd3933f96e3deead93998a525512410b8d561dcf3cb5b1cfcaeff82a3635e681fb557b5d3f87a3af5c10d120bff2fc0b54df6192450700dc539fd37eea51a37575&pst=1669676033&rmtc=t
Set-Cookie: u_pl=16876768; expires=Tue, 29 Nov 2022 22:52:53 GMT; secure; SameSite=None ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjg3Njc2OCwiayI6ImJkOTg2NzZjYWRlYjYzZTRkMTk3NWJlOThmNDMxYTZhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzQ2MjIyLCJwaWQiOjM1NzkyMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJoZWRpNWMyNzMiLCJjcGtzIjp7ICIyOCI6ImZlM2IzMjkwZjA5MThiNzI4ZDAwZGYzYTY4MWRjNjY1In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5vZmZpY2lhbG5kLmNvbS9jb2xlLXZhbi1ub3RlLWFubm91bmNlcy1qb2huc29uLWNvdW50eS1kYXRhLWJyZWFjaC1pbnZlc3RpZ2F0aW9uLW9mZmljaWFsbmQvP2ZlZWRfaWQ9NDI3NDBcdTAwMjZfdW5pcXVlX2lkPTYzODUxMzY0NjBjMWYifX0.OdgTco6DrZUOmB3hMWeTjAWwOJW9ZDEfTpVcjJgOjj8; expires=Mon, 28 Nov 2022 22:53:53 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9f29cda41ecdf80dee259e06c772e157
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sbar.json?key=83aeaa6b3377a47861dd648f772d716c&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1 HTTP/1.1 
Host: wastedinvaluable.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.officialnd.com
Access-Control-Allow-Origin: https://www.officialnd.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16876772; expires=Tue, 29 Nov 2022 22:52:53 GMT; secure; SameSite=None uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; expires=Mon, 05 Dec 2022 22:52:53 GMT; secure; SameSite=None pdhtkv=true; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None uncs=1; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None pdhtkv29=true; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None uncs29=1; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None slec83aeaa6b3377a47861dd648f772d716c=[3760946]; expires=Mon, 28 Nov 2022 22:52:59 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6bda2ed5febc4c7f93d87cbaa9aafa4e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5880), with no line terminators
Size:   4082
Md5:    85f9b2bf1d49cd6d2ac06c20ff6a8e7c
Sha1:   93a6fc0315c31897bfe091b08f4cc359a956ee50
Sha256: 5624c4f2f54b8e28a3e6f26f746e64af2a500e2238c08f09e7a86d738e10c128

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /watch.1502918346394.js?key=bd98676cadeb63e4d1975be98f431a6a&kw=%5B%22cole%22%2C%22van%22%2C%22note%22%2C%22announces%22%2C%22johnson%22%2C%22county%22%2C%22data%22%2C%22breach%22%2C%22investigation%22%2C%22%C2%BB%22%2C%22officialnd%22%2C%22%E2%80%93%22%2C%22officialnd%22%5D&refer=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&tz=0&dev=e&res=12.1055&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1&shu=c6bc41276d6d7aa24fd6c7a29fdb6c32d1f1aecd3933f96e3deead93998a525512410b8d561dcf3cb5b1cfcaeff82a3635e681fb557b5d3f87a3af5c10d120bff2fc0b54df6192450700dc539fd37eea51a37575&pst=1669676033&rmtc=t HTTP/1.1 
Host: tallysaturatesnare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Referer: https://www.officialnd.com/
Connection: keep-alive
Cookie: u_pl=16876768; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjg3Njc2OCwiayI6ImJkOTg2NzZjYWRlYjYzZTRkMTk3NWJlOThmNDMxYTZhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzQ2MjIyLCJwaWQiOjM1NzkyMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJoZWRpNWMyNzMiLCJjcGtzIjp7ICIyOCI6ImZlM2IzMjkwZjA5MThiNzI4ZDAwZGYzYTY4MWRjNjY1In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5vZmZpY2lhbG5kLmNvbS9jb2xlLXZhbi1ub3RlLWFubm91bmNlcy1qb2huc29uLWNvdW50eS1kYXRhLWJyZWFjaC1pbnZlc3RpZ2F0aW9uLW9mZmljaWFsbmQvP2ZlZWRfaWQ9NDI3NDBcdTAwMjZfdW5pcXVlX2lkPTYzODUxMzY0NjBjMWYifX0.OdgTco6DrZUOmB3hMWeTjAWwOJW9ZDEfTpVcjJgOjj8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.officialnd.com
Access-Control-Allow-Origin: https://www.officialnd.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; expires=Mon, 05 Dec 2022 22:52:54 GMT; secure; SameSite=None pdhtkv=true; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None uncs=1; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None pdhtkv5=true; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None uncs5=1; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cf08590726e4eeae115d5817927a7e22
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (2518)
Size:   2037
Md5:    2aaf1ce45f3f3c95e34370ac35f4323f
Sha1:   b9801332c3c580108c53b97a4d0970ba450080a2
Sha256: 5cbc28dfd7ce12d4f32ed6e7891f803f7e4f2c68f0e6c2e6460cfdf833801038

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujhsQPRkEUVRGEIngzvbPzPSMOSzGGAnmjySSi5f6691yq7uaqu7p3cXDYlRyENzgxWPvN7tZ1BCSu6LMBkEGhIwH2YN78uJBFII5y8wOLD6oeq%2Fq%2Bw7v%2B977bKs8ID5Kun%2F5gllXWtOFdtNvnLyuMmEq17h4rRH4Tf9U47rKOq1TjdXJZftvBn676b%2FeeFfyFbMQ%2BoHvB37QOKusTMzqwhSFyu%2F0gmbPb7bCZtBuYdX%2B%2F%2B1KD456EP0DcgJKjI8v%2F3wfig%2BRpffOSLdSmPyNd9JS08JY9MXu%2B9lKZqoM6VGZWA9Jtjtjw7gxIV8dg8l2Zwpg%2BtsTBWBqTLzfArBsd9YmWH%2FnsFOmITMw8TSq%2FhBSD6HoENzcgBIPCcAFLl5Clt6%2BaGxF1w5ROkHHZO7xI6hqTOZ%2BfxZZeve0VquNq0aXhTKZw2pSQ60OoZaGyMs9FOseVLUHXnwMJX4hC4%2FPI0u3LzltoMT%2Bq4J24o7gbL4dJdF8i3XofLcdh%2FMhC6NuROMwjjtTi5QaQiVDaLkJ6jyUk6M8lImHMveQiv0GbfcS348TlkRRt8U5jyLO292OaIuo1U18lHyiYRNFvgmuN8HtBnK7gRV162H7BGz5I9xyDSc8uIKgL2pUkqByBBUlqBRBVRBU%2FXpHaBe6%2BrbQrmTBLIezHNUDUyxt0R1TLMmMbOUH5JmJd573yR9YkfuNbkQlpR0WRXFMW3G3EwjRaXWTOA5FHHQ4nKqh3LGp0nU1Ji%2FsNJGrMTnefwWM7sHpPXD1Imj5Emg1iEMfdHnQ6vpYz%2B5msnJUU1u4JjcphKmRF3Mo1rwtfUCen06xx0NIPlp8NPzig5P%2F7oHbGrmt8aF6QLCkbw6umIpsXzGVI%2Fcv5YVK1TqdTPhqQQs59817cq0yVpw74za%2FfotPgEl555p0xXmaCZUtOfLtaSWEtGeN5ZJ8f85dl%2Bxy6ZZPlzYr8%2FOX3z57Ls2tdE6ZbAiqHsZfgqsxeerCxnR3X%2F78AZQdwpY10nJEZgFl9sDzDbh8tPj3R3%2FdWrb34AyB1UcclnuoynpgQ3b0qdWYhI%2Beg5ajxe%2FuPBm89ucaKKvh5JENTI5%2B%2BOeQv%2BVuYsl6oMUNZGmNvq3R1zWo3oQrnxgUuR0t%2FhpNA0x7A6att8201bcO7XVqvyHbiZ9IP5Qs6bEkpr7oJa0eo71AxqxNAxRuzD899dN%2FAAAA%2F%2F8BAAD%2F%2F86u29iXBAAA HTTP/1.1 
Host: wastedinvaluable.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ddc49fbaea6f4f56969242191a60ac0
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /fe/3b/32/fe3b3290f0918b728d00df3a681dc665.js HTTP/1.1 
Host: tallysaturatesnare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 84c9658079f5ded2c8f8da3176cbad53
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size:   28770
Md5:    541720d2daa10cf9b51ee4e5de71bb69
Sha1:   b6b9a1695e59bce9e0abaaac9d2f6cac7d9b832d
Sha256: e615dfc488e2219d5565ace862baf4b76cc81495b03168a3f81ad2bbeac7ba5d

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AD8CCB9B049120B7E44A79DCBC9CAAB326567933CFCE70608BC812237319A0EC"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13102
Expires: Tue, 29 Nov 2022 02:31:16 GMT
Date: Mon, 28 Nov 2022 22:52:54 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "CE33EBBD5115FFAAC9721EACC50F458D369B30DBC875379C5602FE846D078207"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4693
Expires: Tue, 29 Nov 2022 00:11:07 GMT
Date: Mon, 28 Nov 2022 22:52:54 GMT
Connection: keep-alive

                                        
                                            GET /bi/21/36/8c/21368cfd3bd87429f35209612ffb15ef/1668177353.gif HTTP/1.1 
Host: cdn.cloudimagesb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.10
HTTP/2 200 OK
content-type: image/gif
                                        
date: Mon, 28 Nov 2022 22:52:54 GMT
content-length: 156304
server: nginx/1.17.6
last-modified: Fri, 11 Nov 2022 14:36:01 GMT
etag: "636e5dd1-26290"
expires: Wed, 30 Nov 2022 22:52:54 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 300 x 250\012- data
Size:   156304
Md5:    d699eae0d8e7df3c924ffc8f52b04e9e
Sha1:   10607ae43cb8975304e65d5eb45dcebdfc505836
Sha256: b6ec5d7c75f1abe4005e7c1e66a1345a97e44c5a14d2662e9594acc53e3f9e4c
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "DD4366F4E239F7D5D0F9CC61A611DD994AC8B25EC0FAA273F2C85C19B41DFA87"
Last-Modified: Mon, 28 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7948
Expires: Tue, 29 Nov 2022 01:05:22 GMT
Date: Mon, 28 Nov 2022 22:52:54 GMT
Connection: keep-alive

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Cookie: _ga_Y0TGQ6KH7Q=GS1.1.1669675971.1.0.1669675971.0.0.0; _ga=GA1.1.1411466859.1669675971; dom3ic8zudi28v8lr6fgphwffqoz0j6c=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1; sb_main_83aeaa6b3377a47861dd648f772d716c=1; sb_count_83aeaa6b3377a47861dd648f772d716c=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=wastedinvaluable.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         66.29.146.22
HTTP/2 404 Not Found
content-type: text/html
                                        
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 1238
date: Mon, 28 Nov 2022 22:52:54 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   1238
Md5:    0bde7d4b3da67537eaf9188e6f8049cf
Sha1:   64300fc482d01d38b40ab20e15960b6509665e5a
Sha256: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=413 HTTP/1.1 
Host: wastedinvaluable.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "937E883CAE16F19760094E80022AE925E2723678DFDE030638EBD64E72523820"
Last-Modified: Sun, 27 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11135
Expires: Tue, 29 Nov 2022 01:58:29 GMT
Date: Mon, 28 Nov 2022 22:52:54 GMT
Connection: keep-alive

                                        
                                            GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 28 Nov 2022 22:52:54 GMT
content-length: 9360
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: "612f708f-2490"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1155524
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHj1LZ5Wzb4s%2BqeT2ZKxXhdpeUd7b%2Bf5E1TIVD8dRKOiEpLk%2BUU%2FkAMaX%2FR1q2mcUhgTI6ysPq9WrECG1O5dsNcLfET7DqMFGJPvunYkoDM6OtviTAP6iuxw52jwGaLkKf2NBUEbO%2F7%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad39bd247737-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 240 x 240, 8-bit colormap, non-interlaced\012- data
Size:   9360
Md5:    910542c04f8bf2f90ee33d17d538a006
Sha1:   18d5943e5d51539038f7988c34bccef2937c5545
Sha256: 5969cb3c5c4f573f5c05035ddf9748ee17d5c71df6fca4e484f65d30e2694e57
                                        
                                            GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 28 Nov 2022 22:52:54 GMT
last-modified: Wed, 01 Sep 2021 12:22:37 GMT
etag: W/"612f708d-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1155524
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XlaB9XairJ5JXwME%2FECWjnxDlV9aUTWynGAJ0ekLIaNdGjjMD8DMdhBOwNhXNZweQvSgh3JhYjUqxS9YoLu%2FmOXy75vnPJq02Pm0Qo1uY36V%2F3lSBmf4%2BQNtssKUCcY0YmDK%2BkZdbCbd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad39bd267737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32025), with CRLF line terminators
Size:   31006
Md5:    43699024b9d409a0e5b1bf8f521f0642
Sha1:   92fbb1a5522d50c9d58fb051e6d0c0a5c2f82348
Sha256: 33ca494d91c9a984cf2d8dd0d9daec822933233ecb9a244a65836c9f82a9b91f
                                        
                                            GET /pixel/purst?dl=0&th=0&sc=0&rs=3727&rd=3727&fd=1058&bv=22.10.v.10&tmpl=136 HTTP/1.1 
Host: lightssyrupdecree.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.44
HTTP/1.1 200 OK
                                        
Server: nginx/1.19.5
Date: Mon, 28 Nov 2022 22:52:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=322 HTTP/1.1 
Host: wastedinvaluable.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=325 HTTP/1.1 
Host: wastedinvaluable.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=379 HTTP/1.1 
Host: wastedinvaluable.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "952EA85225C5754B61C1B640CA341FADEC09162769FF53870D86AC578839FEEA"
Last-Modified: Sun, 27 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1042
Expires: Mon, 28 Nov 2022 23:10:17 GMT
Date: Mon, 28 Nov 2022 22:52:55 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "952EA85225C5754B61C1B640CA341FADEC09162769FF53870D86AC578839FEEA"
Last-Modified: Sun, 27 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1042
Expires: Mon, 28 Nov 2022 23:10:17 GMT
Date: Mon, 28 Nov 2022 22:52:55 GMT
Connection: keep-alive

                                        
                                            GET /pxf.gif?uuid=da676dcb-53f3-4b6a-8572-2b2383a72776&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=fe3b3290f0918b728d00df3a681dc665&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 68dee5253fd5aa68fb69472c3822ba28
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pxf.gif?uuid=da676dcb-53f3-4b6a-8572-2b2383a72776&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=83aeaa6b3377a47861dd648f772d716c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0e4b1f12dee53ef40c36d177d92127c8
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbs?c=1 HTTP/1.1 
Host: wastedinvaluable.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujhsQPRkEUVRGEIngzvbPzPSMOSzGGAnmjySSi5fqqurZcqu7mqru6dnFw2JUchCc4MVj7ze7WdQQkruizARBBoSMB9mDe%2FLiQRSCOcvMDiw%2BqHqv6vsO7%2Fve%2B2y7OCAuCrp%2F%2BYLelErRlWbdrZ28LlOuS1u7eK3muXX3VO26TFuNU7X%2B7DK9Nz23WXdfr70r2Lpe8V3PdT3Xq52VRsS6vzJHIbM7Ha%2FecesNv%2B41G%2Bib%2F79t4cBSB7x3QE5A8unxtZ%2FvQ7IR0uTeGWHXc5298U5SKJprgx7fez9dT3WZIjkqY%2BMgTvcWbGg7JeSrY9Dp3kIBdG9npgCRnBLnNw9RurdoE1Fv97DTSEGkiPjTKHsjCDWCpCMwfQOSPyQA47h4CWly%2B6I2Jd04ROkMnZKlx48gyylZ%2Bv1ZpMnd00r2a1e1KnKpU4t%2BXEH2R5DdEbJijHzTgSzHYPnHkPwXsvL4PNJk55JVGpLvv8ppK2xxFi03gzhYbkQtutxuhv6yH%2FlBO6ChH4atuUVSjiDjEZQYgFoHxexIB0XsoMgcJHy%2FRpud2HXDOIqDoN1gjAUBY812izd50GjHLgo20zBAng3A1ADMbCEzW1iXtx42T8AUP8KuVbDcgc0JerxCKQhKS1BSglISlDlB2at2ubK%2BrW5zZYvIW2R%2FkYNqqPPuNt3VeVekZDs7IM%2FMvHOcT%2F7AutivtQMqKG1FQRCGtBG2Wx7nrUY7DkOfh16LwcoK0h6bK92UU%2FLCbh2ZnJLjvVcQ0TGsGoPJF0GLl0DLYei7oGvDRtvFZno3FaWliprc1plOwHWFLF9CvuFsqwPy%2FHyKHeZDsMnqo9EXH5z8dwxmKmSmwofyAUFX3Rxe0SXZuaJLS%2B5fynKZyE06m%2FDVnOZi6Zv3xEapDT93xg6%2BfovNgFl555qw%2BXmacpl2Lfn2tORcmLPaMEG%2BP2evi%2BhyYddOFyYtsvOX3z57LsmMsFbqdAQqH4ZfgskpeerC1nx3X%2F78AaQZwRQVkmJCFgGpx2DZFmw2Wf37o79urZl7sJrAqCNOlDkoi2po%2FOjoU8kp8R89ByUmq9%2FdedJ77c8N0KiCFUc2RGLywz%2BH%2FG17E13jgOY3kCYVeqZCT1WgagBbPDHMMzNZ%2FTWYByLlDCNlnJ1IGXXr0F4r92tNryHaUTtknEeCcS%2BcbbXr%2Bpw3wo7wOsjtlH166qf%2FAAAA%2F%2F8BAAD%2F%2F9qmVT6XBAAA HTTP/1.1 
Host: wastedinvaluable.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c988ee1be530fa1c847650d9fdd4195c
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Mon, 28 Nov 2022 22:52:54 GMT
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: W/"612f708f-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1155524
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hiYGbs8fbtCVZRCihmJ3%2FQ1uUPIS182X0hRWPzJo4g5RPO43K6MHVTKMFGDYVsOoWmSo218hh554ym%2BIIhgaees3IGHZIJ606TijBgJGYGJcwhGBIZ4iobnhGKQOwwEQ7PqOu1YK3dUw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad39bd1c7737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 28 Nov 2022 22:52:54 GMT
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-11aa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TOQwPGCChn0NpOhvCsXhH93TZjvXxK%2FwEHDqSya4gz6snmNR0BcY9Gez3DTkyNUeGavNPdEmSPEbmVm%2BcOkvx3gBrzB4AbWle%2FofRRAIiChH61JG5o%2BaG2CHPRmFNv2OCCKZOkd7HChR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad397cc37737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /c/6.1.1/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         192.0.77.37
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /p/jetpack/11.5.1/css/jetpack.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
vary: Accept-Encoding
last-modified: Tue, 25 Oct 2022 13:51:34 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /e-202248.js HTTP/1.1 
Host: stats.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.76.3
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
vary: Accept-Encoding
etag: W/"62f6b688-3508"
content-encoding: br
expires: Mon, 20 Nov 2023 01:50:03 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f HTTP/1.1 
Host: www.officialnd.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         66.29.146.22
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
x-pingback: https://www.officialnd.com/xmlrpc.php
link: <https://www.officialnd.com/wp-json/>; rel="https://api.w.org/", <https://www.officialnd.com/wp-json/wp/v2/posts/37705>; rel="alternate"; type="application/json", <https://www.officialnd.com/?p=37705>; rel=shortlink
etag: "68301-1669665642;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 22:52:51 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /c/6.1.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /c/6.1.1/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sfp.js HTTP/1.1 
Host: friendshipmale.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.64.141.24
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 28 Nov 2022 22:52:52 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 19d851f71d72e082635eb2ca89cbb6fb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 28 Nov 2022 22:52:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8gOE6tIroYDG89sYy0nzLmw7r6ENvCaFlG09Hmk0InNXAYkHid4oswlXQKaaRzV9h6Ifd38ENNCfMQWy7Ir%2FOYWjmTjqB4hhrx6MRP9iO3sKJgcLGlnO4oLlspcOBrb39HII7xg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad2c1a0a7714-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sb/interstitial/software/flashPlayer/mac/multi/1/index.html HTTP/1.1 
Host: cdn.barscreative1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.3
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Mon, 28 Nov 2022 22:52:54 GMT
server: nginx/1.17.6
last-modified: Wed, 01 Sep 2021 12:22:33 GMT
etag: W/"612f7089-cfb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 28 Nov 2022 23:52:54 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 28 Nov 2022 22:52:54 GMT
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rAGnYJN2%2Bbxs%2FKk2h9FO2O9RN9DGZ6Bt7i9obLt8S%2FKutzkvlny7WgbEdqULjkbSZl378nuMqWh%2By0jFVjrjtiIqAWe6Lj5CUYN19h7dCUsKbsfvpEqbIMmKV7v5i1Vu4ebHaujNPPKl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad397cba7737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 28 Nov 2022 22:52:55 GMT
last-modified: Wed, 01 Sep 2021 12:22:36 GMT
etag: W/"612f708c-7082"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNCPftpAPndJghFd6we4iE5z%2F5OKrVJrCB7xm2VdVb%2BQ%2BNbQGxFFLNStM2xHQNFquOnrfgvRbZ%2FaVt2d%2B3YaL8djiiEEIy%2FS9EvwbGI3%2FoWc0vdXFKHjxW57HFTiVDdtl8VkcQRGMVoz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad3a4e557737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---