Overview

URL heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
IP217.21.95.77
ASNHostinger International Limited
Location Germany
Report completed2022-09-11 22:59:23 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-11 2 heygotrip.com/wp-content/themes/astra/assets/css/minified/compatibility/pag (...) Malware
2022-09-11 2 heygotrip.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/bu (...) Malware
2022-09-11 2 heygotrip.com/wp-content/themes/astra/assets/css/minified/compatibility/woo (...) Malware
2022-09-11 2 heygotrip.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 Malware
2022-09-11 2 heygotrip.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Malware
2022-09-11 2 heygotrip.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Malware
2022-09-11 2 heygotrip.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ve (...) Malware
2022-09-11 2 heygotrip.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquer (...) Malware
2022-09-11 2 heygotrip.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart (...) Malware
2022-09-11 2 heygotrip.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie. (...) Malware
2022-09-11 2 heygotrip.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce (...) Malware
2022-09-11 2 heygotrip.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragme (...) Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (14)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-11 04:57:50 UTC 54.187.146.10
mnemonic passive DNS m.stripe.network (2) 1204 2018-06-23 22:39:58 UTC 2022-09-11 08:41:24 UTC 151.101.84.176
mnemonic passive DNS m.stripe.com (1) 1092 2021-04-11 19:21:28 UTC 2022-09-11 08:41:27 UTC 54.149.23.244
mnemonic passive DNS ocsp.pki.goog (6) 175 2017-06-14 07:23:31 UTC 2022-09-11 04:58:08 UTC 142.250.74.3
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-09-11 12:16:56 UTC 93.184.220.29
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-11 04:57:17 UTC 143.204.55.35
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-11 04:57:04 UTC 95.101.11.115
mnemonic passive DNS heygotrip.com (18) 0 2022-05-10 12:29:54 UTC 2022-09-08 08:26:34 UTC 217.21.95.77 Unknown ranking
mnemonic passive DNS fonts.gstatic.com (3) 0 2014-08-29 13:43:22 UTC 2022-09-11 04:58:03 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-11 04:57:20 UTC 34.120.237.76
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-11 17:07:01 UTC 142.250.74.10
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-11 15:58:57 UTC 143.204.55.35
mnemonic passive DNS js.stripe.com (3) 1149 2012-09-30 12:39:23 UTC 2022-09-11 08:39:59 UTC 151.101.84.176
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-11 04:58:07 UTC 34.117.237.239


Recent reports on same IP/ASN/Domain/Screenshot

Last 3 reports on IP: 217.21.95.77

Date UQ / IDS / BL URL IP
2022-10-06 16:11:07 +0000
0 - 0 - 12 heygotrip.com/rsea?nnit8=wbbd7nox2zwldbu&ozox (...) 217.21.95.77
2022-09-11 22:59:23 +0000
0 - 0 - 12 heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/Iwm (...) 217.21.95.77
2022-09-02 19:41:50 +0000
0 - 0 - 10 www.heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/I (...) 217.21.95.77

Last 5 reports on ASN: Hostinger International Limited

Date UQ / IDS / BL URL IP
2022-12-02 10:14:29 +0000
0 - 0 - 1 www.jewelspell.com/uploaded_files/userfiles/f (...) 151.106.116.174
2022-12-02 10:14:21 +0000
0 - 0 - 3 www.sertani.com/upload/files/2022/07/4mHLpbel (...) 151.106.118.98
2022-12-02 08:42:27 +0000
0 - 0 - 3 rebootconsult.com/gohbank 141.136.33.233
2022-12-02 05:38:27 +0000
0 - 0 - 45 bakeknow.com/ 31.220.108.5
2022-12-02 04:40:55 +0000
0 - 0 - 2 digitalhandbook.online/ 145.14.152.182

Last 3 reports on domain: heygotrip.com

Date UQ / IDS / BL URL IP
2022-10-06 16:11:07 +0000
0 - 0 - 12 heygotrip.com/rsea?nnit8=wbbd7nox2zwldbu&ozox (...) 217.21.95.77
2022-09-11 22:59:23 +0000
0 - 0 - 12 heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/Iwm (...) 217.21.95.77
2022-09-02 19:41:50 +0000
0 - 0 - 10 www.heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/I (...) 217.21.95.77

Last 2 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-06 16:11:07 +0000
0 - 0 - 12 heygotrip.com/rsea?nnit8=wbbd7nox2zwldbu&ozox (...) 217.21.95.77
2022-09-02 19:41:50 +0000
0 - 0 - 10 www.heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/I (...) 217.21.95.77


JavaScript

Executed Scripts (20)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (53)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 22:07:53 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: yhimKhH-RYeZc2zhbUQyB9sCp9nUS4S6VuLd0mK96MQhJa06W2nGlA==
Age: 3079


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2254
Expires: Sun, 11 Sep 2022 23:36:47 GMT
Date: Sun, 11 Sep 2022 22:59:13 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Q5CwFDrIXauVsgxrkLZ4Fcg6WULeOshJRi-z6zoUrEoUv5Hy1kazfA==
age: 56521
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         217.21.95.77
HTTP/1.1 301 Moved Permanently
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 707
date: Sun, 11 Sep 2022 22:59:13 GMT
server: LiteSpeed
location: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
platform: hostinger
content-security-policy: upgrade-insecure-requests


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   707
Md5:    1304294c0823ca486542ba408ed761e3
Sha1:   b2a70fb2d810ca13985882e6981f33998823e83e
Sha256: 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 11 Sep 2022 22:59:13 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 22:56:07 GMT
Expires: Sun, 11 Sep 2022 23:22:22 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WTIAx3fsZB5IDai3qK7J5yFxo4zRJXSbihEWle-FraM50V8YU_Co3g==
Age: 186


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2555
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 22:59:13 GMT
Last-Modified: Sun, 11 Sep 2022 22:16:38 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 22:59:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6299
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 22:59:14 GMT
Last-Modified: Sun, 11 Sep 2022 21:14:15 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 22:59:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v3/?ver=1.4.6 HTTP/1.1 
Host: js.stripe.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.84.176
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
last-modified: Fri, 09 Sep 2022 19:04:50 GMT
etag: "17417399acb7a25e5764f37a855eff61"
cache-control: max-age=60
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Sun, 11 Sep 2022 22:59:14 GMT
via: 1.1 varnish
age: 13
x-request-id: c1830a04-e1b1-4bce-9fcd-b82f0562e334
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
timing-allow-origin: *
content-length: 83213
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   83213
Md5:    312e2045ab4dbefbbda4d3e46318d6a9
Sha1:   961ada9055055f434de90977e8ef046cff1839aa
Sha256: 1e749a144e9b5f216ff96354076b578f7eeed49481522216f2205e4b1688b897
                                        
                                            GET /wp-content/themes/astra/assets/css/minified/compatibility/page-builder/bb-plugin.min.css?ver=3.8.5 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 07:44:44 GMT
etag: "12e-62ca836c-76061ed8abdce6ed;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 127
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (302), with no line terminators
Size:   127
Md5:    22eeec4ade56a2e6e2493767f92c4740
Sha1:   e5b4853abfa227a2a1fb52b1864db0c029296b1c
Sha256: 7281b7f48044fee12b5c5578dd6067d876ac6feb9e192dcacbc2b3e7d0d56532

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         217.21.95.77
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
x-powered-by: PHP/7.4.27
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://heygotrip.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 22:59:13 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (41941), with CRLF, LF line terminators
Size:   32479
Md5:    eb9f9eadd47d7c1e69b3dafb9a271f44
Sha1:   814cffd280c0edf9572318583d23d6b9deadd427
Sha256: defddef2b6d95dbfbc446f1643473ea3e30581085fa475fdabd960f33c721d7f
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Wed, 13 Jul 2022 00:23:16 GMT
etag: "15b64-62ce1074-3bc743d0c392089d;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10703
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   10703
Md5:    3314a848319230ac733421112382eec5
Sha1:   98a167f06a0aa192b28891f8abbb13045a59cb93
Sha256: 491c2c2340db0cace5815f2434013e7fecb5bd9b1d9a721811603d7aaa485fbd
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=7.6.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 10:55:03 GMT
etag: "1345-62cab007-5ac2ecc509d4af23;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1106
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4933), with no line terminators
Size:   1106
Md5:    8227d1018451f5f2b5d556517e3a9c1c
Sha1:   c7d4c64a5aba47ac3a2445b5590efd664dbc381c
Sha256: b6b0b48882efd9ff0a0364874578c4c1d507b6189cca80985b698239a924c663

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ONCNu535Ep79ZEVeLurBBg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.187.146.10
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tAVc4xwxMQVuEqAWTRh+xtTpvPY=

                                        
                                            GET /wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce-layout.min.css?ver=3.8.5 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 07:44:44 GMT
etag: "439b-62ca836c-c5cfec20360210ae;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1859
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (17307), with no line terminators
Size:   1859
Md5:    ce92ba9873f44306c1923b9a842de314
Sha1:   a419ae2994fb067411e8b1bd1d092624a832f61b
Sha256: 0becc3c090a52685cad296878a0c594c198820294125909c7d53452f84eb129a
                                        
                                            GET /wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce.min.css?ver=3.8.5 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 07:44:44 GMT
etag: "199e0-62ca836c-48af6abffc833749;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 13476
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65524), with no line terminators
Size:   13476
Md5:    2711a3405b9c53651953af05101be784
Sha1:   a5dc06e036b426aa3640a179f839068ce9f5b1eb
Sha256: 881d2d854b5684c0deefd0d958ce9c87f770b888df27805d3caba11340a35390

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=7.6.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 10:55:03 GMT
etag: "33aa6-62cab007-47c1873b63f8916f;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 20199
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size:   20199
Md5:    fe6da10b73634ff8e693ddc5874fb059
Sha1:   dd7e93a4b08b5518cdc78d309bed25fd10a35e19
Sha256: e79bd06b8cc74572af296b3d9a30867ac6b7dd8e42f1609211e51d6dab9afba6
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sat, 02 Jul 2022 20:00:54 GMT
etag: "48b9-62c0a3f6-1140ea29c8d85bec;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4572
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   4572
Md5:    4402e98c197d70e9bc78b1da062e658a
Sha1:   b1d2477c6b1dfa9283d79a0a3944098dde573f68
Sha256: 4e646c55a8c057d08458aed4f913f5ae713e1351aadc0bcdf947bc48fb6a73ed

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Tue, 10 May 2022 12:21:53 GMT
etag: "15db1-627a58e1-4a99e7c381a9e622;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30027
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   30027
Md5:    63373db5c13254717674a1af4cd88aa2
Sha1:   21a1962ab8597d9066640a7157a41370341ff0cf
Sha256: d883f77be0299ddb715175908b03076554287b13f87570369fb58adeade16891

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Tue, 10 May 2022 12:21:53 GMT
etag: "2bd8-627a58e1-6e56352c018a7d6d;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3984
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   3984
Md5:    4116c2be947ecf205a0c7fc117ca55f0
Sha1:   0cd8efc9fe349d67a86b49d1e5582a9b21d05add
Sha256: 6b1970b536b88a18b0eb4fe138e677b9736294057660676507fabee57cb0462c

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 22:59:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 22:59:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 22:59:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://heygotrip.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:03:13 GMT
expires: Tue, 05 Sep 2023 21:03:13 GMT
cache-control: public, max-age=31536000
age: 525361
last-modified: Mon, 09 May 2022 18:27:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12860, version 1.0\012- data
Size:   12860
Md5:    ab21c24efd75543e16e34807ebc6cdec
Sha1:   eb2562f9729079333fbcbbe94868695669dd3301
Sha256: 88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265
                                        
                                            GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.8.5 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 07:44:43 GMT
etag: "415c-62ca836b-8b077ce23b66a62c;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3760
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (16732), with no line terminators
Size:   3760
Md5:    81c05f8a8e2da82167b0c694dfd4761e
Sha1:   420bbf1127899dd7e610cf8cd2b5797e07b4b1bd
Sha256: d1de2393fb4ed38efcb8de50f43abf89bbb75ab2958bd368b4609141f82a40e1

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.6.1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 10:55:11 GMT
etag: "253d-62cab00f-8677cf1b8273be11;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3242
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9139)
Size:   3242
Md5:    2334040ad30a3a3cc5055ad8643b2e10
Sha1:   6a6ff9799ad8cac3502e2189a02ed74ca02ff4a3
Sha256: 08acb85d899a61171f9c6721e41ed8022d7aa4f6cc1aab9c7c39fe55cdd18960

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.6.1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 10:55:11 GMT
etag: "bdd-62cab00f-d3b3a581136ede2a;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 969
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (3037), with no line terminators
Size:   969
Md5:    cf9cad2738c8b933c16322bb31b3b2b1
Sha1:   19a3424e1c40c8c379070d7cfd202d813edcab69
Sha256: 637631d7ef57db723d3fb9124c2746dabc9a60d9ae5c821d8cc8539be77a2c24

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.6.1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 10:55:11 GMT
etag: "72a-62cab00f-fc97abbe7a04aa7c;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 899
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1668)
Size:   899
Md5:    22d65ba38528349e705d912ce26bf8ac
Sha1:   c89ba006009043d93b88ff155b4fec8797330550
Sha256: 6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.6.1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 10:55:11 GMT
etag: "85b-62cab00f-519d97ceb1b54f1c;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 677
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2139), with no line terminators
Size:   677
Md5:    a43fc0dde8fdd69656ad0957e62849c7
Sha1:   4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
Sha256: 1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.6.1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 10:55:11 GMT
etag: "b7a-62cab00f-e60ab174764c82d3;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 935
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2938), with no line terminators
Size:   935
Md5:    ff0db23445ccd7328c7f10de152fb16b
Sha1:   ff94beb84c601febafb3b51e4f054f920ffb75fc
Sha256: 91034f25ae6d0e9f62eb1407e288f5b37140ad5ce9cd0d1d77d79e63d45882e3

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2022/07/HeyGotrip-logo.png HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&pJE8=kzu4ezT8dv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Sun, 18 Sep 2022 22:59:14 GMT
last-modified: Sun, 10 Jul 2022 08:00:53 GMT
etag: "469e-62ca8735-ece42ae61ffa492e;;;"
accept-ranges: bytes
content-length: 18078
date: Sun, 11 Sep 2022 22:59:14 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 417 x 151, 8-bit/color RGBA, non-interlaced\012- data
Size:   18078
Md5:    c110f1e913fe79b6391a2b5c8254af0f
Sha1:   56352b0dd20ff5f426323eaee4c3cad217179444
Sha256: 55c200df301e1f65ec8a3c3c0032c19fde95ef01ee8451ffbf9120d247e2e3c4
                                        
                                            GET /s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://heygotrip.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12684
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:03:14 GMT
expires: Tue, 05 Sep 2023 21:03:14 GMT
cache-control: public, max-age=31536000
age: 525360
last-modified: Mon, 09 May 2022 18:28:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12684, version 1.0\012- data
Size:   12684
Md5:    0c235386bcf6af06f67e6c89fd19e434
Sha1:   10720574d4609322023984a761f32f9518c07bc4
Sha256: c1c30918a861cb6a985ab55d54ad7e861682354197f164cb3b7194f20eed67ac
                                        
                                            GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM73w5aXo.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://heygotrip.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12848
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 16:43:29 GMT
expires: Fri, 08 Sep 2023 16:43:29 GMT
cache-control: public, max-age=31536000
age: 281745
last-modified: Mon, 11 Jul 2022 18:56:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12848, version 1.0\012- data
Size:   12848
Md5:    f0b3206d02a2f684530117ce1d7e8ce0
Sha1:   f3708b707b65e241b0f1c819d5f7bf7da8412653
Sha256: f31b80562610135edd91a86ec7f243c5eeaec2ec08337e6a20c2d135d8e217da
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 22:59:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v3/m-outer-31e97de540e089dc17052298cc0e1bbd.html HTTP/1.1 
Host: js.stripe.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.84.176
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
last-modified: Fri, 09 Sep 2022 18:43:30 GMT
etag: "31e97de540e089dc17052298cc0e1bbd"
cache-control: max-age=31536000
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Sun, 11 Sep 2022 22:59:14 GMT
via: 1.1 varnish
age: 188021
x-request-id: d9a97b96-e8b4-4e42-97f1-aef76fb2543a
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 30859
vary: Accept-Encoding
timing-allow-origin: *
content-length: 114
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size:   114
Md5:    7983d4637d11b9188df2a876dec0ab8d
Sha1:   1cadc72133b2c95baa8530a093cff227f2a722a1
Sha256: 4e7ecc06a0bbece46bea368cd846a8ab084a77ce8585280406a1429ef711cf0f
                                        
                                            GET /v3/fingerprinted/js/m-outer-84f2c9eff43d076b0aff57f80a26902c.js HTTP/1.1 
Host: js.stripe.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.stripe.com/v3/m-outer-31e97de540e089dc17052298cc0e1bbd.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         151.101.84.176
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
last-modified: Fri, 09 Sep 2022 18:43:29 GMT
etag: "d96c709017743c0759cf3853d1806ba5"
cache-control: max-age=60
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Sun, 11 Sep 2022 22:59:14 GMT
via: 1.1 varnish
age: 51
x-request-id: dcf7f63e-ab3b-4464-87b0-3d75364463f7
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 7
vary: Accept-Encoding
timing-allow-origin: *
content-length: 256
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (526), with no line terminators
Size:   256
Md5:    81235fac06e9d326aeef8b39a495c8ce
Sha1:   ef91fdb8aefe71c4152a8d5d04a932db00039f49
Sha256: a1dff1e13da8d931f175c206d6d2bedd4989c3b8f338162b35a18eec08840944
                                        
                                            GET /inner.html HTTP/1.1 
Host: m.stripe.network
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.84.176
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
cache-control: max-age=300, public
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: Fastly
content-encoding: gzip
accept-ranges: bytes
date: Sun, 11 Sep 2022 22:59:14 GMT
via: 1.1 varnish
age: 92
x-request-id: 94bbb6a3-d279-4e4c-a28d-d84b0004b9d6
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 16
x-timer: S1662937155.583753,VS0,VE0
vary: Accept-Encoding, Origin
content-length: 527
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (930), with no line terminators
Size:   527
Md5:    e02352ef72e8a9563463c07174b0e50f
Sha1:   7a41613f7eae0819d1a4785eae3617fdbb33b9b3
Sha256: 2275fff71f8cbf1f25a1af7f7bbe5ecbc868ed0b16d345a8ce31770f66fc8ea5
                                        
                                            GET /out-4.5.42.js HTTP/1.1 
Host: m.stripe.network
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.stripe.network/inner.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         151.101.84.176
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
cache-control: max-age=300, public
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: Fastly
content-encoding: gzip
accept-ranges: bytes
date: Sun, 11 Sep 2022 22:59:14 GMT
via: 1.1 varnish
age: 241
x-request-id: ed2dd8e6-efac-453e-b71c-3c3a0e2ed3fb
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 37
x-timer: S1662937155.606963,VS0,VE0
vary: Accept-Encoding, Origin
content-length: 16031
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Size:   16031
Md5:    0b880c6e7a381ef1f81263cf34c54e79
Sha1:   af46e0111cb22576b07084f4b49be7b41b5fc3ca
Sha256: 115ea79f002c0c2e3405178f66ce92ecb5173e7678f692ab65d6bbf526880b7b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2816
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 22:59:15 GMT
Last-Modified: Sun, 11 Sep 2022 22:12:19 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21414
Expires: Mon, 12 Sep 2022 04:56:09 GMT
Date: Sun, 11 Sep 2022 22:59:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21414
Expires: Mon, 12 Sep 2022 04:56:09 GMT
Date: Sun, 11 Sep 2022 22:59:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21414
Expires: Mon, 12 Sep 2022 04:56:09 GMT
Date: Sun, 11 Sep 2022 22:59:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21414
Expires: Mon, 12 Sep 2022 04:56:09 GMT
Date: Sun, 11 Sep 2022 22:59:15 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36ab1cf7-da3f-4bea-abd5-3f9da5a18c29.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9126
x-amzn-requestid: 86fd10d3-f2bb-4191-93b0-3a416000fd68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUJHeGMqoAMFnwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e5562-1f8b12e10d7212353f050f3f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WcMMN48JT7YRvUBGR6oAes5EwusRcdgrWT60xJffsOfsbkJ4_XyALg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 4644
etag: "cf5ec3650282d05c082eb0534f1b70a59f9f4bbe"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9126
Md5:    beca122055c554548ca6ef68a66a4e2e
Sha1:   cf5ec3650282d05c082eb0534f1b70a59f9f4bbe
Sha256: a9cf7ef5dfb6a58c66bc29b2a280c2253e56a28ce317d8271273ddae2008d9d5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7203a6d4-6a03-44c9-9578-48347e449af7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8843
x-amzn-requestid: 756d47bd-2bcd-43eb-b338-b0e42b7014e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxfFeuIAMFlWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-1048244b1718b8d21cf0a2e3;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zjRJXhMV-c7STru92ODP2iIjeugCVD1joQovkAHmzJHHne3cPZkpPQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 4644
etag: "66c5e224483b5265d219050553ec98624558c9e9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8843
Md5:    bd72daa080a70fd2dd1cac6825ac2794
Sha1:   66c5e224483b5265d219050553ec98624558c9e9
Sha256: 051aaa5b3872f2d989d007f3ffdd5e96df582d0c950ac976d3befeefe60f6663
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4162
x-amzn-requestid: 9dc27e34-69e1-439d-8974-1297584ef4d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YSIhuHlWIAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d87a4-410e9ede524aa657609a057a;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 07:00:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UxATqmWDCTwVqA3ORIXXObWZZj158TSRUoaAr48b08sxdAxBicw5zA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 07:19:23 GMT
age: 56392
etag: "47aaf5a3af2c25820d01d613c82b7f1279a298fc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4162
Md5:    b674daf3dc6e85ed054ab34d69979b86
Sha1:   47aaf5a3af2c25820d01d613c82b7f1279a298fc
Sha256: 7b9993ef69d4b77c1533ada040c85563b9cf7b1f5d007177c005f6cd7fdba1d3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad228ec-3b17-4614-a289-8bfbb3c69b46.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6894
x-amzn-requestid: c9abf0bf-45a9-4f56-8f34-ff3da8544a28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIyGEfzoAMFzDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54da-40b81c960d413d682389a407;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cR-awRjUAEUgC5Jj7ScLRrqWunNoMikOKKcxVN8Ak9yxNrM54Fo_Yw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:48:12 GMT
age: 4263
etag: "f1949f2e307eadc6069d2b0b8c624f674a228f34"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6894
Md5:    a9409173701eda139bbd4973992e9d3a
Sha1:   f1949f2e307eadc6069d2b0b8c624f674a228f34
Sha256: 958dff56b8ba2a6aae1ca37b62610b3d1cca8eae708ee37ca7a51186e3dc9737
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8c9e77-e1e7-4dac-8b40-0f1dc36c1c90.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11309
x-amzn-requestid: 9c63b64e-0464-419a-9c9a-006107a7d79a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIx8HNaoAMFxkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d9-127311335960fcd84c8e8a01;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dyEuDaPFeAnDSk_f-rjIhrtm6n6jauPE11kriaIhOkFipi39-tpdIA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:51:38 GMT
age: 4057
etag: "f3179f2d233c0422b31d723aea47d26ca851d946"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11309
Md5:    a8ac7af52a032c012cd38652bb90be99
Sha1:   f3179f2d233c0422b31d723aea47d26ca851d946
Sha256: 4020cd554d8c1bdf5432d359a2079451a6bc328bd2f51fbb738f6a1d52ca7f21
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23d4b64c-6112-465a-8c57-47176235f38c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7399
x-amzn-requestid: 3f1c5097-3db7-40a7-821f-75341226b56b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxzHh-IAMFcFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d8-3346061d670aa4d46eec144f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wHFCN1TcnJPXYOcL-cBD93Q-GD8AXPAY_bYgMbbfy_NmKTafGSJfKg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:45:14 GMT
age: 4441
etag: "0b431fbd0f7382cb7648335f7e8390a37394771e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7399
Md5:    00203b01614ba1204d46986be83342ab
Sha1:   0b431fbd0f7382cb7648335f7e8390a37394771e
Sha256: cc9bf1aa5f9858440300b8bac4f4069c5b4af1f91ee2c066324db81a57399765
                                        
                                            POST /6 HTTP/1.1 
Host: m.stripe.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2712
Origin: https://m.stripe.network
Connection: keep-alive
Referer: https://m.stripe.network/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.149.23.244
HTTP/2 200 OK
content-type: application/json;charset=utf-8
                                        
server: nginx
date: Sun, 11 Sep 2022 22:59:15 GMT
content-length: 156
set-cookie: m=101d26ea-2cf8-4c32-b8a0-4de6a42adcedc1a553;Expires=Tue, 10-Sep-2024 22:59:15 GMT;Secure;HttpOnly; SameSite=None
x-content-type-options: nosniff
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
strict-transport-security: max-age=31556926; includeSubDomains; preload
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   156
Md5:    6d1e5db67583b74e6a0ab62014f4b148
Sha1:   f5ee2e7fa93647c57c620200b967a6ddd2d877fc
Sha256: 65dcf64d0e1c684774538f5cfcb49a9806ef1e83052703b40fe5259b0773fada
                                        
                                            GET /css?family=Noto+Sans%3A400%2C700%7CMontserrat%3A700&display=fallback&ver=3.8.5 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 11 Sep 2022 22:59:14 GMT
date: Sun, 11 Sep 2022 22:59:14 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---