crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
172.67.146.119200 OK 2.0 kB URL HTTP/1.1 crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
IP 172.67.146.119:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6254), with no line terminators
Hash 9455c14314319ec422a9179cfc5b91f1
a35181fb7a0bbdc3c4d4d6fd1c8ed0e602f051fa
86ca65de52b0c81ca5692d63e6d3c1cac63a8aa0b892ef7ab9282b41710b8229
Analyzer Verdict Alert quad9 Sinkholed
GET /?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yRpojTWS1MI%2Bxb0UUXAHI8bs7SzqRg8Cwakx%2FjdT0gEkXDLz0JwfAZLF0vTLxFe%2F5diEbF5xlIkL1HxhUGo0XqCu30RwSL7lNIqoU5dm5J61wHUBPLg1HeGF0xWqPZ%2BU2y%2Fj4Atc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75ac26c9d962b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2b424d8c01b211c56d5b44b92e4e4153
b1fdab18f23271eee58ae1482f8af25badc2ffda
1c82a5fd2bc3f16a66becb5e1924e8c9edd39386622dc2e5ed296442f4307b2b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C82A5FD2BC3F16A66BECB5E1924E8C9EDD39386622DC2E5ED296442F4307B2B"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4705
Expires: Sun, 16 Oct 2022 00:15:28 GMT
Date: Sat, 15 Oct 2022 22:57:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 15 Oct 2022 22:50:19 GMT
Expires: Sat, 15 Oct 2022 23:47:06 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vmZZqAm8RdRtRl80N5Q4VLS8xL6tJiND7vqd7WhGqKzWldfar30pxQ==
Age: 404
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6124
Expires: Sun, 16 Oct 2022 00:39:07 GMT
Date: Sat, 15 Oct 2022 22:57:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zH6UDom3bf5FfzJOgSM2wIW/KAjaMZPxDsUxjjnBljjG5h07wjiND81UEp1Xe/kf0dOFobFj4wE=
x-amz-request-id: 3P8KDX0F98SN08P4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 15 Oct 2022 22:02:45 GMT
age: 3258
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
crystal-blocker.com/assets/css/crb-home.d303c3bf7be95e8c0998.css
172.67.146.119200 OK 1.8 kB URL HTTP/1.1 crystal-blocker.com/assets/css/crb-home.d303c3bf7be95e8c0998.css
IP 172.67.146.119:0
File type ASCII text, with very long lines (6210)
Hash 2523fdcdce805e587f3a5e73af9e6364
c144026ce8937bad947c35059c87da5596bb4a6b
46d472012398a0d0678782c4337ccf0a0158bb592f47138d3afe74f1ffd021d8
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/crb-home.d303c3bf7be95e8c0998.css HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: text/css; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26ccac77b509-OSL
Age: 14491
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pWelFGFlhbgYC8hshd6xohRsNcckrl1K9cGHkwSfKr0GSAFB382ZP7K1wr9%2FiYUGF2oaWuUxBmL99Ki3buZckGdXFg9ZJMkOQib5%2B%2FiRfQZS%2FiWhjHPNEkEgetC6lal4I8L6C3Vh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 22:57:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
crystal-blocker.com/assets/js/home.089713254ad51ca1c23a.js
172.67.146.119200 OK 6.4 kB URL HTTP/1.1 crystal-blocker.com/assets/js/home.089713254ad51ca1c23a.js
IP 172.67.146.119:0
File type Unicode text, UTF-8 text, with very long lines (18614), with no line terminators
Hash e51144eab9a83251295541348238c39a
c613a6536185407e0bbce21f34764998d306cab2
f49675ae68123a6927f07f585acbd379eac4b2735d538c495e520cee8d263641
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/home.089713254ad51ca1c23a.js HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26ccbd5d1c02-OSL
Age: 133142
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=an12ttdXiAUWSo5AYxBelHniDMDoZMxfSk6H8fqFeoNZIV8AB%2BWujXgNuNDNj46cpr9sg9RqaxqhGY5rGbyNr2zWha2yr07WWa5hRBj8iLb%2FU6sIif1h33baF859RBn2yyXpYjDY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/js/runtime.8c6c5b164346b79aab2e.js
172.67.146.119200 OK 923 B URL HTTP/1.1 crystal-blocker.com/assets/js/runtime.8c6c5b164346b79aab2e.js
IP 172.67.146.119:0
File type ASCII text, with very long lines (1710), with no line terminators
Hash dd7206ec3cb984a37c4f74734b151e2a
10c83c2d9f51b5b242214cb1f3efa59fe37ec43b
7bf3ef60931f9965b6db9f05d986b2c2b5be13f631f62eeec2348f150cfa48c9
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/runtime.8c6c5b164346b79aab2e.js HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26ccbc091bfa-OSL
Age: 113162
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdZdsXo2tbZRDtt7Mgwd3xiN6aszXGvbajvLan7YYNyi2W29mryCFMJru1VnRwWRuwP2%2B26P4zABk%2BTw3qOW9PgHiBSu2AstAPEVlnhm7gHYViIEFwF%2BC1tuzW16F5IunFdk%2BZTL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/js/vendors.f767109d6b92982db992.js
172.67.146.119200 OK 33 kB URL HTTP/1.1 crystal-blocker.com/assets/js/vendors.f767109d6b92982db992.js
IP 172.67.146.119:0
File type Unicode text, UTF-8 text, with very long lines (65448)
Hash 21ef8c24a2bfe872b37d9c0884eede6c
4a5aa86377091dbf3bf906c4ec107f002046b398
64587de8bed141e939b6d0d8aa2e1b406e3afe5838a301f946c4bcdaa430c130
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendors.f767109d6b92982db992.js HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26ccbbec1c0e-OSL
Age: 112960
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LAptllKH3m0qVWswMg%2BIrTyWsodJNhMq4H7UY7ZPpc7z%2FFSmKXWHxDDNmuZq4%2B%2Fdlmyst9OFfyjxnM5gAPHkwER4bOFZf0C8MhJI4jXqZnFgsfTO4%2BLPmTfdAemwv8gYrKdfjtNV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d3a7a0d85121715a9a3590df07145cd8
7da0f8eba172ed91b10f292054a913b1b33da66d
e77042397dd2555f12bfd9ed17a663845ce9c657c852af3807c90581f91fbb90
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
crystal-blocker.com/assets/media/d7d4e8b56191dbb312411526be9dc4ce.svg
172.67.146.119200 OK 1.8 kB URL HTTP/1.1 crystal-blocker.com/assets/media/d7d4e8b56191dbb312411526be9dc4ce.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2095)
Hash ca5449c96512039d0c3f3c3dbcff6acf
0425910d41508e9d6e145675e5c249ea3405fe80
a24a709b43c40cb5ab8d145a109434488c0148cd2f1ca18b3a9795727c3c5775
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/d7d4e8b56191dbb312411526be9dc4ce.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd7c9f1bfa-OSL
Age: 99977
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBUsNWbOV3PoTX36eCSIHjKp1ANQn6rOMCuENQb7Fsrp7aaVyKCQXnn4FqSndB4c0qk7ESgj40D%2FWrmGGpsVvwVlLiMG7ZrWMomhz889lITniFJxcd030Q82EkG940qxjo24Se%2FI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/27349af978f5991fe7fcf1cec71b57df.svg
172.67.146.119200 OK 1.3 kB URL HTTP/1.1 crystal-blocker.com/assets/media/27349af978f5991fe7fcf1cec71b57df.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (839)
Hash 790595d62881d955e2817bccb3e4756c
d60dfeb39a596d4e8f9642894c8b2e7adfb988ce
1b418fab41e5bb0991c2986dd0e5874261671a2d06d62e3b7688d949a0a8de95
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/27349af978f5991fe7fcf1cec71b57df.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd7de91c02-OSL
Age: 99977
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHbqTb1kLr2bZIAASHX6OK1f9UTbEcVbp9ptW6bJwlE7EuUDpnPzuZ1zvVdEvXk1ZglhGl2J9mEIAHDu4pCQo3kQMf27VTND9QdVMldwFCl%2F1lFYCuVXf4BklqRM%2FdvNqogZerij"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/c2367138ed1f72424223aa2c72c08c35.png
172.67.146.119200 OK 96 kB URL HTTP/1.1 crystal-blocker.com/assets/media/c2367138ed1f72424223aa2c72c08c35.png
IP 172.67.146.119:0
File type PNG image data, 880 x 597, 8-bit/color RGBA, non-interlaced\012- data
Hash 5a3eb853edcfd20adaad5ecd0b48b60a
8efff4bbf7c8b8187cd9328984838ef5c19daa58
df8665cdcd651db681e0f211f201db127064e5d820b030530bc8dae44dfd56d1
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/c2367138ed1f72424223aa2c72c08c35.png HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/png
Content-Length: 96328
Connection: keep-alive
CF-Ray: 75ac26cd7ca51c0e-OSL
Accept-Ranges: bytes
Age: 106569
Cache-Control: max-age=2592000
ETag: assets/media/c2367138ed1f72424223aa2c72c08c35.23e205f3eb.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3kbcTJ4yY9ZsW7U49QtY75ogOo1fpweAtHVGuNAm1C%2BEPVsog8BOvHlQMhy9GCUjlLFYw1HXZ8nbjHtMopKb9S61J7We5Zry0MoPiOQCXpN1nFjvgyY83YgSyLfKVXAsWz7O0nJ3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/303cbcad896fb6361c2574fc511f4fb4.png
172.67.146.119200 OK 606 kB URL HTTP/1.1 crystal-blocker.com/assets/media/303cbcad896fb6361c2574fc511f4fb4.png
IP 172.67.146.119:0
File type PNG image data, 2305 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size 606 kB (605782 bytes)
Hash 83f963888aa3e127af1518faee9cce5d
11b29a56d6fd1472440bd56f7c3d2bf804ca2f08
e43d72064c5694542683360c1e19afd98e9e93ce138f35eee2141433624b9d46
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/303cbcad896fb6361c2574fc511f4fb4.png HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/png
Content-Length: 605782
Connection: keep-alive
CF-Ray: 75ac26cd7d3ab509-OSL
Accept-Ranges: bytes
Age: 99977
Cache-Control: max-age=2592000
ETag: assets/media/303cbcad896fb6361c2574fc511f4fb4.12f6e97b94.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QvA9N2dS5%2BOM4qiLDQCN2KTGZFA3%2F109SOfJCpLP0lf2VYZW4d3fq8F9Kx%2BA6Afa%2FCJ7nS8SDfO7%2BFv3m17Fq8Nb6yh2wM5uXc7AUdxWuzGFN3TaVfasubm4KgFTj5Z%2BIIdh4eDu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/7ab05ca025ab63a5e68131bc5f81f9ce.svg
172.67.146.119200 OK 1.2 kB URL HTTP/1.1 crystal-blocker.com/assets/media/7ab05ca025ab63a5e68131bc5f81f9ce.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1082)
Hash df23de56683ad49e459371743a457af2
5fbd1529edaad22e0f4592fcdfd7c839a814dcf2
d180e58227cc77860dbcda6218fafbbb44043564cb742347243303638b9c4c13
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/7ab05ca025ab63a5e68131bc5f81f9ce.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd8caa1bfa-OSL
Age: 99977
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FPuHRPP6SrdXCkCDbRoCkxVGFATxGhSBBUm8NzzHSNwfV4REBTjYlGpKWhMZ%2F%2FrCk65%2FJCU6L7JlKSSOkRrKGlIOcOB3sv06HXPStpA4KQQfoEjlLhRQRJpW%2FbHvLGUsBNz%2FTp52"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/56b706933fc084a3c96ead1131e9d369.svg
172.67.146.119200 OK 2.3 kB URL HTTP/1.1 crystal-blocker.com/assets/media/56b706933fc084a3c96ead1131e9d369.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (831)
Hash f6f8ce09e1ac7c4fe5dd58c8eb5a42bb
e886a71d25a7bab9d48eaa2269781a848f93f568
3c06aca52b7d309c30d200f7f9a40193da9df47f797dbe1f8f380422081bf69c
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/56b706933fc084a3c96ead1131e9d369.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd8dfe1c02-OSL
Age: 112263
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Im2nTvx9ZVeTZ2EYETT7jGoCWsn8gJR%2FXBRkaaz%2FcohlXQbeRWrxzU1oK%2B%2FUmeiDx4D%2B3pNS4%2BmsCy6E%2Bdi2bHP4BDPbRHDYBBrjLVrEVKpq5Fl81LDbi1yoLXCv5TNAyiKxGl5L"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d3a7a0d85121715a9a3590df07145cd8
7da0f8eba172ed91b10f292054a913b1b33da66d
e77042397dd2555f12bfd9ed17a663845ce9c657c852af3807c90581f91fbb90
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto&display=swap
142.250.74.10200 OK 6.0 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto&display=swap
IP 142.250.74.10:0
Hash f9898c503494b6d8a05d5da32adf2528
1abe34266c9ca0c9d92c875fb97078b11cd39651
2b35b496161ca167b941a579ac71d9a6adc82a5a520a3c7edf66d62dc8f0327f
GET /css2?family=Roboto&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://crystal-blocker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 15 Oct 2022 22:57:03 GMT
date: Sat, 15 Oct 2022 22:57:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2
216.58.207.195200 OK 5.4 kB URL HTTP/2 fonts.gstatic.com/s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 5384, version 1.0\012- data
Hash 9b626017702a3f43af4052d4c2154dcf
9a21c3f3a89e056a3957fb271ba0dee66e44ddef
93e051a858871edb3ae5f429957710e1fd61737f138600b5f7bef481b06f8cf6
GET /s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://crystal-blocker.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 12 Oct 2022 22:49:13 GMT
expires: Thu, 12 Oct 2023 22:49:13 GMT
cache-control: public, max-age=31536000
age: 259670
last-modified: Wed, 27 Apr 2022 15:37:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
crystal-blocker.com/assets/media/bc18d8f4758d51184bfdd85f7357b9a3.svg
172.67.146.119200 OK 1.3 kB URL HTTP/1.1 crystal-blocker.com/assets/media/bc18d8f4758d51184bfdd85f7357b9a3.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (837)
Hash 00332cc7d17d0e81f7cc4c745872adf9
5de580fddbaaabf6023efd58fb51e25433a7679b
2bc83263841bd6730ee4ba43236b062101d149c037f1e09bbc31a670e25e2dab
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/bc18d8f4758d51184bfdd85f7357b9a3.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd7f070b4d-OSL
Age: 106569
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FIEL547oSBHGgAw2W1cgaxX7UvWaXn8w0rH5Mm%2F9UX5FCpnz30CHxS%2BVsrzyr20LPRj9eLbh51qa9HBeelKuPW2V8Dsl%2BdAUm51t0Hjzs1Hu8iA3T6OQrTIyLKUQBWwhTV%2B7WRzf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/images/crb.ico
172.67.146.119200 OK 14 kB URL HTTP/1.1 crystal-blocker.com/assets/images/crb.ico
IP 172.67.146.119:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 6dad091aa2a02d75f3471dfbeb19ae6c
81182541c0d711505c9f981237f093792c9bc102
23323e58592a3b65b62bd83382c297965216f754f92edbb2041dcc0bf7541d8e
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/images/crb.ico HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cefcacb515-OSL
Age: 110591
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6w8FtERfdAbOUFfbI0JcPcFn%2Bk6BAY26oXdPgbmkanellTE8j8VjXAeJWKB8p2SJPHnKVe3dNMtO9dMQVy5oMbNDvVLfDRPb1Sw97Isj7y9WF1w6tjwb%2BD3KmixV%2FI7%2BfqRzf8NK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 15 Oct 2022 22:07:43 GMT
Cache-Control: max-age=3600
Expires: Sat, 15 Oct 2022 23:03:41 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rp8Jn9Ve0beIpGhHMDQeTyr9Z-7w2Y-BMAuwQIpmCODDmFTHec9Q1A==
Age: 2960
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 301aafc13bc66315321d9476df002258
e6bfd29899543fcd4d1b332623757bbad355306f
c64315afdfcf146b16942d981588ed912650472c5e2bba7b6f8dee396d820860
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2808
Cache-Control: max-age=122199
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:04 GMT
Etag: "634a6a1f-1d7"
Expires: Mon, 17 Oct 2022 08:53:43 GMT
Last-Modified: Sat, 15 Oct 2022 08:06:55 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.149.101.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.101.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: g/ih1Dut7d+eRhbCiUeWKA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ddaGknuCijXw9UWxv3hwT1e2rWY=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 440811a19987ddee099df289d9b61e79
ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1
1309e9dcb36858de70ef82900ec1ad429fbb795ddb9823fd1c290b18f4e2c1a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9623
x-amzn-requestid: b3d5bd8d-111b-4d50-9720-71f72c62f860
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7Q8oFLRIAMFrEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347951d-613e5e810f420e4c0ba3e6f6;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 04:33:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OA9iHADyiam26eo88jYDECifkqeBaTjsuoeHD2YOy0aZJZEGhG-xow==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:36:56 GMT
age: 4809
etag: "ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd598770c-51f9-4f63-b867-7d947fc34662.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd598770c-51f9-4f63-b867-7d947fc34662.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f694b16fe6b05fb6a7a65509c4e9632a
85958d2ad645333d91d40b14bebe10615d3e7e53
52cffe400c9af78844421b5205f8913fdb76b1a30ee171a499db970f139eedd4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd598770c-51f9-4f63-b867-7d947fc34662.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9712
x-amzn-requestid: f96ff191-54d0-4789-8ee9-51f385ed3450
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEM6YFxWoAMFXCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2842-68527bce630fd97470b129d3;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Tzmah-6Mm1YfZULJZ4MsBSl_zo2RMAw89iYzA4BItNNQ7tweQVlNsQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 22:06:40 GMT
age: 3025
etag: "85958d2ad645333d91d40b14bebe10615d3e7e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84cb3cfe-794c-4730-88c6-35e4b3cd9c1d.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84cb3cfe-794c-4730-88c6-35e4b3cd9c1d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1741327ab198a2decd032da4f0be91f9
3d9d9f0b0d64600e8b05301120393aaae04e0e6a
863e23e1f5ddb2cfbf19b76817ddb28f646fe53af97e9ca714bbd5d6078fc712
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84cb3cfe-794c-4730-88c6-35e4b3cd9c1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6722
x-amzn-requestid: e29643cd-9d6f-4d27-897d-cb5460fe4735
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEM6ZGdBIAMFalA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2842-4555e10b7c637c3f792b9cf0;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GL1Ay0ooLsCV3C180mUcMK64TLmAjDcgvll_geN0aN8hNPVVwwfQ0w==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 22:37:10 GMT
etag: "3d9d9f0b0d64600e8b05301120393aaae04e0e6a"
content-type: image/jpeg
age: 1195
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c5bf7f3-2af5-4e40-a5dc-a596e1c0f04a.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c5bf7f3-2af5-4e40-a5dc-a596e1c0f04a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30232da4d2dc9438982ea90cc10dc912
cace2a97bcc0d2678a3291b82bac8abb61eda167
36a0176591f89a7c754964fb130b49da13cd78c006b4121fb77f7514f521eed5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c5bf7f3-2af5-4e40-a5dc-a596e1c0f04a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7267
x-amzn-requestid: 4b433a90-541f-4733-9435-0ef316859640
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEMu0F7roAMFrEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b27f8-2a43cdc93330ecc44acc6d69;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:36:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: D90f8cqKzjV5zxBkcPhx39iwI6-_SEZiYsIJwCDEV_makqa_s4hXKQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:36:56 GMT
etag: "cace2a97bcc0d2678a3291b82bac8abb61eda167"
content-type: image/jpeg
age: 4809
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb91747-1466-4fb0-9c5c-e679a1294f9a.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb91747-1466-4fb0-9c5c-e679a1294f9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9460ab18b402041fc437809f09b5ca07
83129b8fcd100f7de5e79f685c8dd49a226fb6bd
bbd9f2db14ede4b5711042f892621aaf6602ccec6be2bee07534b11f2b73e671
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb91747-1466-4fb0-9c5c-e679a1294f9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6248
x-amzn-requestid: 0170ca13-eaee-4645-b3ca-0e3db5067dbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEMw5HMVIAMF2Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2805-272b5ffb16c194ba746d74b6;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:37:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: a8j08kCiCITu5kWwdriG13kuFbvBss29qGNLThJAa_EF-ux3OLP5gA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:37:49 GMT
age: 4756
etag: "83129b8fcd100f7de5e79f685c8dd49a226fb6bd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b614d2-adbf-45ee-99ac-e4af9744b875.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b614d2-adbf-45ee-99ac-e4af9744b875.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 547b1dc796288f5c4f2afee1cb5fa073
65221ad29339e14482d0f4520a116287936af308
3efc0ffc960d12ea1de4c1dde9b4356e1621ad17caef69690776638d697ce0a8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b614d2-adbf-45ee-99ac-e4af9744b875.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11351
x-amzn-requestid: 8dea889d-00dd-4ac8-9992-a622ffe6cb4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aENseG_XoAMFYfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2982-75a03a0d57ca7d6010516b54;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:43:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: cbwjQWtMLkxVetKotUNS3nnjjHBJOuuFEch68uz17zlMOPx2q3kVeA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:58:49 GMT
age: 3496
etag: "65221ad29339e14482d0f4520a116287936af308"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap
IP 142.250.74.10:0
GET /css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://crystal-blocker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 15 Oct 2022 22:57:03 GMT
date: Sat, 15 Oct 2022 22:57:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
crystal-blocker.com/assets/media/deddcf701154302a2852f7d01e10dac5.png
172.67.146.119200 OK 0 B URL HTTP/1.1 crystal-blocker.com/assets/media/deddcf701154302a2852f7d01e10dac5.png
IP 172.67.146.119:0
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/deddcf701154302a2852f7d01e10dac5.png HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/png
Content-Length: 217986
Connection: keep-alive
CF-Ray: 75ac26cd7b07b515-OSL
Accept-Ranges: bytes
Age: 99977
Cache-Control: max-age=2592000
ETag: assets/media/deddcf701154302a2852f7d01e10dac5.f76402aa01.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P0w46hyoD8ydvneFntRwPRtLJOsPlEeh3wYGCp39dkOhI7jiKt9J66yqgdM6r6%2B7nY4th1j%2BFyC99sKDSTVKd%2FMXKrKju2FFnFiKzuuGPAF8ACoaKORPn%2ByQYVXNhMMMUFOCDENN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h2=":443"; ma=60