firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 22 Sep 2022 17:14:02 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nGOMyNz3TyMYrLdrmsaPftoxxUao0YPUueiyvNroNQ9qcnDfPP8oJQ==
Age: 1334
groupesfemmesfemmes.blogspot.ba/
142.250.74.161302 Moved Temporarily 181 B URL HTTP/1.1 groupesfemmesfemmes.blogspot.ba/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash f048fc4049e84e9f3da4ba805662d804
eb948b53365bb00216c4455f2b4ba2189908fc14
0a44d287570a7c136104ed91477709f80884c101f7a0830c2ca71f5cd8e7bc1d
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: groupesfemmesfemmes.blogspot.ba
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://groupesfemmesfemmes.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Thu, 22 Sep 2022 17:36:16 GMT
Expires: Thu, 22 Sep 2022 17:36:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 181
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13918
Expires: Thu, 22 Sep 2022 21:28:15 GMT
Date: Thu, 22 Sep 2022 17:36:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 22 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lwpdw3ofMpflAVsOwO9y_d22Vu6xksVq6scTQzT2yaT1Wt05kl09cw==
age: 46863
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 22 Sep 2022 17:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Thu, 22 Sep 2022 17:10:14 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xcVPS3xTr9w6djzGQR9rWfaCVDN3TYKrkyXSEQzoXiZkZz1b31cC7w==
Age: 1975
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 86624f45fb3b7126dbe002f69c94dd86
30bcf274db5037122f989fb25dbf1e72c9ec417b
2cc9600578cf057dc499835773fb495caa60ac154c4945f0fc1f2b31d43f5502
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5472
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 17:36:17 GMT
Last-Modified: Thu, 22 Sep 2022 16:05:05 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
groupesfemmesfemmes.blogspot.com/
142.250.74.161301 Moved Permanently 180 B URL HTTP/1.1 groupesfemmesfemmes.blogspot.com/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 2a25863eda7beb06835c27d3b64a5e0f
aa452fbc924a0a6b6a4a89fff1d63bee81a946b2
5ba2c40137e63e9e39885cf1a9dd730ff26a16ba21966dfd32ac73d8d79e6428
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: groupesfemmesfemmes.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://groupesfemmesfemmes.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Thu, 22 Sep 2022 17:36:17 GMT
Expires: Thu, 22 Sep 2022 17:36:17 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 180
Server: GSE
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 316dd96c27cb1cae8a533df4714092b6
884cf94b1b24b145c72f60e7e36d7012a501f6f7
845cc35126bbeadcd22c6e8ad40d61981c776617f2a7e514dbc9110cf10b2d77
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 17:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
groupesfemmesfemmes.blogspot.com/
142.250.74.161200 OK 6.0 kB URL HTTP/2 groupesfemmesfemmes.blogspot.com/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8424)
Hash fcaf3ce806992127ee1e11dafa45c599
e40d02d03a85ece046393a01093a75074a07faff
880288b8e753890a1dc51f30f0cfb6cdc188279950d132ff662c0c36c79c560f
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: groupesfemmesfemmes.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Thu, 22 Sep 2022 17:36:17 GMT
date: Thu, 22 Sep 2022 17:36:17 GMT
cache-control: private, max-age=0
last-modified: Sun, 27 Mar 2022 01:06:29 GMT
etag: W/"51421aaf5087c75e4cdec70ae49f8521a1cdb64f9f045b9e6ee07d6d8dd2842f"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 5962
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0e6f7ad30af48f5591742a9a6dd1d992
82fb60705b705a4f98998ac514836669e09fea79
687c9c8105a92f6f31713916b4b626a01a7374180d81d513c7b01dd64fc02c67
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 17:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.41.252.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.252.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cx4F1g3nL4FErhbop297cA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: v8KtZ/ZPZeu/MHNZNqKHdjV2n7w=
groupesfemmesfemmes.blogspot.com/js/cookienotice.js
142.250.74.161200 OK 2.0 kB URL HTTP/2 groupesfemmesfemmes.blogspot.com/js/cookienotice.js
IP 142.250.74.161:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
Analyzer Verdict Alert fortinet Phishing
GET /js/cookienotice.js HTTP/1.1
Host: groupesfemmesfemmes.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 17:22:01 GMT
expires: Thu, 29 Sep 2022 17:22:01 GMT
cache-control: public, max-age=604800
last-modified: Thu, 22 Sep 2022 14:53:26 GMT
content-type: text/javascript
age: 857
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
raviral.com/host_style/style/js-track/track.js
172.67.161.164200 OK 773 B URL HTTP/2 raviral.com/host_style/style/js-track/track.js
IP 172.67.161.164:0
File type ASCII text, with very long lines (398)
Hash 3b5ab0263db958d53d27c9c9a5445c86
ab17403388f871ea4b0389334fc532f3823a5539
ba6dd202cb09f757b66e8b776876daeac9dc5f284ac16bfc04c10c5002a93070
Analyzer Verdict Alert fortinet Phishing
GET /host_style/style/js-track/track.js HTTP/1.1
Host: raviral.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=622
last-modified: Thu, 22 Sep 2022 12:01:23 GMT
vary: Accept-Encoding,User-Agent
cache-control: max-age=1800
cf-cache-status: HIT
age: 5716
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=02JDotp3E41H5O3GUDpv%2Bk2N04yNUFDOLoLoDJcV0Ts%2B7fUv0cKPUehtxwqAl5Hs3gGQOCVAij5WQICV1vbXxArus1%2FVSrEMrUuOE6MTXi%2BetLqp08JkfwbllQJpLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74eccd517cc4b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.imgur.com/no25JNP.png
151.101.84.193200 OK 357 kB IP 151.101.84.193:0
File type PNG image data, 720 x 376, 8-bit/color RGB, non-interlaced\012- data
Size 357 kB (356888 bytes)
Hash 038e81959c4a69badbf67d81d3f6fa46
498eac5c2fb0844142d7c02f3653ab1c5712d27f
11d88f8feca0dd20c6a8b294aad0ea82dd03d8e236c0e423207f569c00808601
GET /no25JNP.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Sat, 12 Mar 2022 11:13:32 GMT
etag: "038e81959c4a69badbf67d81d3f6fa46"
x-amz-storage-class: STANDARD_IA
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Thu, 22 Sep 2022 17:36:18 GMT
age: 7056
x-served-by: cache-iad-kjyo7100142-IAD, cache-bma1650-BMA
x-cache: HIT, HIT
x-cache-hits: 98, 1
x-timer: S1663868178.207123,VS0,VE3
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 356888
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/1416043673-widgets.js
216.58.207.201200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/1416043673-widgets.js
IP 216.58.207.201:0
File type ASCII text, with very long lines (2221)
Hash c6aef9cbd2abf926a23970b70f8a24c2
78972b4f41a7d2580c383da41e3a472c4cfc647a
111111066b8f3fddcd24cedce8c4e8b93a1d9e9b8e3f5f2959172da5adda14b6
GET /static/v1/widgets/1416043673-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56913
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 02:21:33 GMT
expires: Thu, 21 Sep 2023 02:21:33 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 21 Sep 2022 00:51:51 GMT
content-type: text/javascript
age: 141285
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a66068824c8bed97e895f8f292ef0623
704bb22deb8b53f64e199eea05e680cf93f1192a
2e7f65288c12ebae7ed8e7616377045016d8ea89017d7429b68d8ded3a90c633
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 22 Sep 2022 17:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 936c836fe49e0724b87ac82162f5047e
eb0156fd2ad894e68e02b341fc4aa57b21a42e85
3c7ddffb4f45fc048f9f0d1602cb60c3c5fadc4435c88f718fdc13902354abd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C7DDFFB4F45FC048F9F0D1602CB60C3C5FADC4435C88F718FDC13902354ABD6"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10865
Expires: Thu, 22 Sep 2022 20:37:23 GMT
Date: Thu, 22 Sep 2022 17:36:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6d4edf416a0f41468a7429c575bad6e5
3adb4571fc16ca78dbe97d3816dd51ee70d3c140
2ee5044f5cbe123faaec6042411582dc59a51000999035cabcfb3bfff5eb41f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EE5044F5CBE123FAAEC6042411582DC59A51000999035CABCFB3BFFF5EB41F3"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2507
Expires: Thu, 22 Sep 2022 18:18:05 GMT
Date: Thu, 22 Sep 2022 17:36:18 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 17:26:26 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 411205763
content-type: text/javascript
content-encoding: br
x-cdn-pop: rbx1
x-cdn-pop-ip: 51.254.41.128/25
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a87e03d8d48ada244924d02ac42e3187
6dc3158fead99f1b85d2ad4954dbf9ec5a683f46
85f40dbb0fd2eb26bb84a92f2cebe8034ddd0b6aa32dcb091798cccfdf0b19a0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85F40DBB0FD2EB26BB84A92F2CEBE8034DDD0B6AA32DCB091798CCCFDF0B19A0"
Last-Modified: Tue, 20 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1508
Expires: Thu, 22 Sep 2022 18:01:26 GMT
Date: Thu, 22 Sep 2022 17:36:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cddd3542713b2a260e7cb79c3c6904cc
0c74626d5eb4d0558f3da48aa61836029a69790d
64165a90ede05d1247a8617ccc2d8e3127209ea0b7223ad2b634bac6fc662aa9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64165A90EDE05D1247A8617CCC2D8E3127209EA0B7223AD2B634BAC6FC662AA9"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6025
Expires: Thu, 22 Sep 2022 19:16:43 GMT
Date: Thu, 22 Sep 2022 17:36:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2406ef2fd1ea38f9519162f66bcb99d
3e4bc1188d3cf93823b0b036468c1139dbf1bde6
a83ac36646f06d5dfeed96566a5b183625d9272096c94cc71e0040af9258a48b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A83AC36646F06D5DFEED96566A5B183625D9272096C94CC71E0040AF9258A48B"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1946
Expires: Thu, 22 Sep 2022 18:08:44 GMT
Date: Thu, 22 Sep 2022 17:36:18 GMT
Connection: keep-alive
pseepsie.com/zone?pub=0&zone_id=5396479&is_mobile=false&domain=groupesfemmesfemmes.blogspot.com&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=5396479&is_mobile=false&domain=groupesfemmesfemmes.blogspot.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 35f887b1625180d82567b12c8694fa39
57d1c756f7f5b6229013673a31106d8dc0eb5fd9
10050f3f275ddc349a35c3dc38b8d9438f69fa038b0f38f972c0ac4a9fb010b2
GET /zone?pub=0&zone_id=5396479&is_mobile=false&domain=groupesfemmesfemmes.blogspot.com&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://groupesfemmesfemmes.blogspot.com/
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 226d3dd0ced9f22175a710d2e81a3f29
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 75925b52065e8c40d078aee85c947946
72219bfe4412de462135af38de924431a60cd5f5
e4931e694c717412c066464f1c206f1049ebe3fa70270dd550c84129e49b68bb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 17:36:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 06:25:21 GMT
Expires: Mon, 26 Sep 2022 06:25:20 GMT
Etag: "72219bfe4412de462135af38de924431a60cd5f5"
Cache-Control: max-age=304741,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74eccd547c86b521-OSL
tovanillitechan.com/42/38?z=5396478
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=5396478
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=5396478 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Cookie: scm=1; OAID=477f5c9483214d74ab78e49dc50418de; oaidts=1663868178
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 25ce66580c7b02249d4651ba3611a9ab
access-control-expose-headers: X-Sc
set-cookie: OAID=477f5c9483214d74ab78e49dc50418de; expires=Fri, 22 Sep 2023 17:36:18 GMT; secure; SameSite=None
oaidts=1663868178; expires=Fri, 22 Sep 2023 17:36:18 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=432f1bc8f93a4310b086a4420be9db0b
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=432f1bc8f93a4310b086a4420be9db0b
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 815648ce9cce6a66380ef5cf45391ecb
5d9e9f7a0f384e52bae79085b00eba58458690d9
0e74f15078504406ec18416c5f89d4eaeca102bbee100cce3c80679ea92d8d4e
GET /gid.js?userId=432f1bc8f93a4310b086a4420be9db0b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=432f1bc8f93a4310b086a4420be9db0b; expires=Fri, 22 Sep 2023 17:36:18 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://groupesfemmesfemmes.blogspot.com/
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/universal.min.js?v=3.1.395
139.45.197.250200 OK 47 kB URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.395
IP 139.45.197.250:0
Hash df729660c44ea1018d970843297ce451
c21dc8b691dbc49914d33cade09d026cd0363266
88fb8c834b2acd223be760d180cdaabb929e818237af6ca36e2d875e467cbdcd
GET /pfe/current/universal.min.js?v=3.1.395 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://groupesfemmesfemmes.blogspot.com/
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-1fafa"
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://groupesfemmesfemmes.blogspot.com/
Content-Type: application/json
Origin: https://groupesfemmesfemmes.blogspot.com
Content-Length: 401
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:19 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4cb60cefa40cc889f7d6f9d74c7ef9be
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=5396478&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=432f1bc8f93a4310b086a4420be9db0b
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/9?z=5396478&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=432f1bc8f93a4310b086a4420be9db0b
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5396478&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=432f1bc8f93a4310b086a4420be9db0b HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://groupesfemmesfemmes.blogspot.com/
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 22 Sep 2022 17:36:19 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b1f04d8181d2ace4eb933936d75f1be1
429f1063b9f685a79d430b35e7ff21cd421c1900
612f71155cb86b1fff60aef8b6fcaf8741f295c2fda77b0139bd57d5bfdb67c5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 17:36:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 01:33:16 GMT
Expires: Tue, 27 Sep 2022 01:33:15 GMT
Etag: "429f1063b9f685a79d430b35e7ff21cd421c1900"
Cache-Control: max-age=373615,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74eccd561fd3b521-OSL
dozubatan.com/500/5396477?excludes=&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5396477?excludes=&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5396477?excludes=&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://groupesfemmesfemmes.blogspot.com/
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:19 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.253200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.253:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://groupesfemmesfemmes.blogspot.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://groupesfemmesfemmes.blogspot.com
Content-Length: 1520
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 22 Sep 2022 17:36:19 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://groupesfemmesfemmes.blogspot.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
d3x2.myfastcdn.com/www/images/b2f9c988a13ff6b7e277aaa8a5264f97.png?width=984
172.66.40.155200 OK 41 kB URL HTTP/2 d3x2.myfastcdn.com/www/images/b2f9c988a13ff6b7e277aaa8a5264f97.png?width=984
IP 172.66.40.155:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20b181e8c589d5a929471fa7194b4516
3b86de0ae5bba80ff6e6800ad0ae974264eaf890
2d06063ae4675afe17841e4caff347e354e41fdb4f9f42c262c0482d8d419dcd
GET /www/images/b2f9c988a13ff6b7e277aaa8a5264f97.png?width=984 HTTP/1.1
Host: d3x2.myfastcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 17:36:19 GMT
content-type: image/webp
content-length: 41094
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
edge-cache-tag: 595545905773789361204521015257420698500,299117348020261205842514309066101480215,29ecf9b93bbf306179626feeda1fab70
etag: "a72baa5fa148985d6f0619e638b3f93f"
last-modified: Wed, 14 Sep 2022 06:57:12 GMT
status: 200 OK
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 2744
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
cache-control: max-age=86400
age: 38075
vary: ImageFormat, Accept-Encoding
x-vcl-time-ms: 1316
expires: Fri, 23 Sep 2022 07:01:44 GMT
timing-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 74eccd583c81b4fa-OSL
X-Firefox-Spdy: h2
tovanillitechan.com/11?rnd=2128510070&z=5396478&b=14820465&var=&rqtdbc=1&rcvdbc=1&btp=1&rb=IE-ceTG6uFAP4Qq_f9avd1cgrooVjdV34-aC5qh1u3ogVv3muY3omJjNuohnkY-5IANZzg8ueZUXF0mxmqP8LqV8u-n1SOr2mDjNb0xgOmQUXQHGYWth9RUYUvXymtLQYl_WdV2FvPtcp86h5RvDHcCpxxNKIG92f03TNj4yWWSFAQPYpVvK7BsOxqFxJknXsEy2-8QIeglwQHQOxpOAmeuh2_OCPw4F7YkBzfu7dcEcr05C4oNAt_mNFRuvPi5wcLfDb3YHOrwJQjGAPWcQ6XO00rZqHvzDFjjKs0h0ExcieZAphijeBk2bbsOVOcH9LdqBiBow-vmyea74rhPC8FGU5vJvXNfFjWq3pbZfM3v62ktWuEtIPA98haCRGY51O3Ftz4lHOuSLoZN435PFNPYrVfiW6rOpLtsAk3UQXOLDenvbomYWU3vROAO9lzBsya9KoPV2ZR1DOG0aobaFPbefPVQ4fiBH5iHgn_2L81MgEte_PLJwhAWNiG_QR0pXA2V8oW325GzFNIlwqMUHj9ofsFfh1vg2jnk7T_py_gcs09o7Cl7n4IZgIeM0PIzK3Dgov1iwjmiSauV4ToGeZ92_KStrxuCPtfBKX8olm4j0TDPM-B_15F4qOXMweSEi3AM8x5qd8ZDmBA5Kixbvdw==&ruid=f6f20842-01ae-49fc-9770-527b7b13a26d&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=137
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/11?rnd=2128510070&z=5396478&b=14820465&var=&rqtdbc=1&rcvdbc=1&btp=1&rb=IE-ceTG6uFAP4Qq_f9avd1cgrooVjdV34-aC5qh1u3ogVv3muY3omJjNuohnkY-5IANZzg8ueZUXF0mxmqP8LqV8u-n1SOr2mDjNb0xgOmQUXQHGYWth9RUYUvXymtLQYl_WdV2FvPtcp86h5RvDHcCpxxNKIG92f03TNj4yWWSFAQPYpVvK7BsOxqFxJknXsEy2-8QIeglwQHQOxpOAmeuh2_OCPw4F7YkBzfu7dcEcr05C4oNAt_mNFRuvPi5wcLfDb3YHOrwJQjGAPWcQ6XO00rZqHvzDFjjKs0h0ExcieZAphijeBk2bbsOVOcH9LdqBiBow-vmyea74rhPC8FGU5vJvXNfFjWq3pbZfM3v62ktWuEtIPA98haCRGY51O3Ftz4lHOuSLoZN435PFNPYrVfiW6rOpLtsAk3UQXOLDenvbomYWU3vROAO9lzBsya9KoPV2ZR1DOG0aobaFPbefPVQ4fiBH5iHgn_2L81MgEte_PLJwhAWNiG_QR0pXA2V8oW325GzFNIlwqMUHj9ofsFfh1vg2jnk7T_py_gcs09o7Cl7n4IZgIeM0PIzK3Dgov1iwjmiSauV4ToGeZ92_KStrxuCPtfBKX8olm4j0TDPM-B_15F4qOXMweSEi3AM8x5qd8ZDmBA5Kixbvdw==&ruid=f6f20842-01ae-49fc-9770-527b7b13a26d&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=137
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=2128510070&z=5396478&b=14820465&var=&rqtdbc=1&rcvdbc=1&btp=1&rb=IE-ceTG6uFAP4Qq_f9avd1cgrooVjdV34-aC5qh1u3ogVv3muY3omJjNuohnkY-5IANZzg8ueZUXF0mxmqP8LqV8u-n1SOr2mDjNb0xgOmQUXQHGYWth9RUYUvXymtLQYl_WdV2FvPtcp86h5RvDHcCpxxNKIG92f03TNj4yWWSFAQPYpVvK7BsOxqFxJknXsEy2-8QIeglwQHQOxpOAmeuh2_OCPw4F7YkBzfu7dcEcr05C4oNAt_mNFRuvPi5wcLfDb3YHOrwJQjGAPWcQ6XO00rZqHvzDFjjKs0h0ExcieZAphijeBk2bbsOVOcH9LdqBiBow-vmyea74rhPC8FGU5vJvXNfFjWq3pbZfM3v62ktWuEtIPA98haCRGY51O3Ftz4lHOuSLoZN435PFNPYrVfiW6rOpLtsAk3UQXOLDenvbomYWU3vROAO9lzBsya9KoPV2ZR1DOG0aobaFPbefPVQ4fiBH5iHgn_2L81MgEte_PLJwhAWNiG_QR0pXA2V8oW325GzFNIlwqMUHj9ofsFfh1vg2jnk7T_py_gcs09o7Cl7n4IZgIeM0PIzK3Dgov1iwjmiSauV4ToGeZ92_KStrxuCPtfBKX8olm4j0TDPM-B_15F4qOXMweSEi3AM8x5qd8ZDmBA5Kixbvdw==&ruid=f6f20842-01ae-49fc-9770-527b7b13a26d&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=137 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Cookie: scm=1; OAID=432f1bc8f93a4310b086a4420be9db0b; oaidts=1663868178
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:19 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 20ff1922eb201d0d073d6ceb6c3dd573
access-control-expose-headers: X-Sc
set-cookie: OAID=432f1bc8f93a4310b086a4420be9db0b; expires=Fri, 22 Sep 2023 17:36:19 GMT; secure; SameSite=None
oaidts=1663868178; expires=Fri, 22 Sep 2023 17:36:19 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16643
Expires: Thu, 22 Sep 2022 22:13:42 GMT
Date: Thu, 22 Sep 2022 17:36:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16643
Expires: Thu, 22 Sep 2022 22:13:42 GMT
Date: Thu, 22 Sep 2022 17:36:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91c56f0b9810bfdd84e10a626b89e389
15d83e44d568938b6c9c87201e898cedb3edec0a
942de9764e1c408f7512759774aab0479db201e6fae15ccc39e653adae4cb86f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf89a4b3-f586-4870-ab26-efb054f637fd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8678
x-amzn-requestid: c671a9ab-c5d0-4743-b13e-cc9a47e3d2fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vEThIAMFSwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-17ed13811d3833ea00a34423;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hp-WIGb9M8tEmNGOVjx6UQKx9E4-1oJmka0a6seG7inahqYByPmRAg==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:22 GMT
age: 72117
etag: "15d83e44d568938b6c9c87201e898cedb3edec0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash af5773255351157d72c28a670a355c60
c803e5866edbe6c9baec14e93677f610bdf09bff
3229b4aa1c698647ad96d114174782549ad240f1b2c4ba8c268165a16afc84f0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0788498f-41db-4d62-b749-e01caddb7f8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10754
x-amzn-requestid: 2d03531d-6055-477f-9cb6-9ea9fa27eeb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1F0vHJ4IAMF42Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b8351-692620e80d5b2efe1d0e3a82;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -3bQG5Av1EDxj7_3i8MktwjlPSEU8WDdxt5M6TsrWaodLWgSf3vdEA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 21:34:22 GMT
age: 72117
etag: "c803e5866edbe6c9baec14e93677f610bdf09bff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9becda6e892a190dbbc63216ae697506
ba3369e1827d8f01ca10acb8648195847dd02ffd
d71dd28e0ff260326ba0c30748fa11160f4544c2a264d3a3dc361af0de9fd283
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb0692-30b9-4b69-a748-f7a4474a72e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11286
x-amzn-requestid: 7263b60d-fffe-4c0b-8de5-59dc9ac92a47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwZHOaIAMFSQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84cf-62e160b156b587cc21c7fda5;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QxgrVMX7xwI6qE3T3-LRS3JWoJauPyvCSb9TacW9-ktw-BIq5PSF-g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 22:16:03 GMT
etag: "ba3369e1827d8f01ca10acb8648195847dd02ffd"
content-type: image/jpeg
age: 69616
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bedrapiona.com/5/5396480/?oo=1&js_build=iclick-v1.429.0
139.45.197.234200 OK 14 kB URL HTTP/2 bedrapiona.com/5/5396480/?oo=1&js_build=iclick-v1.429.0
IP 139.45.197.234:0
Hash 96f2b5d02125745ed408e1c86ad43c31
61d6d5b679d695faab54913ab5a2e673bfbc1edc
44eedfb6c4cbf67eedd8fc2d61d2199f98f1110afd972e70f2d054d6e26bf63c
GET /5/5396480/?oo=1&js_build=iclick-v1.429.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: application/json
x-trace-id: e17742bad0756f08424aabb536efa5c4
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=432f1bc8f93a4310b086a4420be9db0b; expires=Fri, 22 Sep 2023 17:36:18 GMT; path=/; secure; SameSite=None
oaidts=1663868178; expires=Fri, 22 Sep 2023 17:36:18 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62818de3c50f957b2e5680851a1768c9
80e48c9ae48c89598780736b089c98e22d58df9a
16f2c2d23e8641a3f297a175730343d11120a228c0fe846c0fdf1e39212c522c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dee9427-1c1b-4ddc-9f89-8c6e254bd0f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8549
x-amzn-requestid: 6d44626b-16c6-4f19-ae52-d5350065b390
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y1GwPHJJoAMFdfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632b84ce-46ebc35612eb7a4473b36189;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 21:40:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e5m6NaDUH_3GPDkxbk6iKhffSJzyYMA97Illy7mtg9um3jcYBR6TXQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 22:11:23 GMT
etag: "80e48c9ae48c89598780736b089c98e22d58df9a"
content-type: image/jpeg
age: 69896
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c0201d377c57a684452c0d26372e674d
3829f81048cc63b5f0d1e82dfbe3b8e31646e733
efa055dc93267be2dddd94b334c0655c2e1f1682467fd738e013a778aea175b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd654e30-611f-4c64-b1ad-43ca9fdedc0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14397
x-amzn-requestid: c5a03ce8-f695-4ad3-8c42-c3bfd47d6279
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1wLGqKIAMF-Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329699a-2b130d8b1a4b1b9131db8984;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:19:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: itH-GLLUay6dtfjGStUDeT3wOwVf-S3tWSY31HjriEFaRUiD8aFKNw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 18:49:35 GMT
age: 82004
etag: "3829f81048cc63b5f0d1e82dfbe3b8e31646e733"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
104.22.32.172200 OK 76 kB URL HTTP/2 offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
IP 104.22.32.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a563edd673308b2cd8cc1ec9c0543417
bff09cb9d8c3dadb244db8d24b6f58b8dfab6469
bbd22caad95af25c9ccf019fe7499c74743b7ef4eaceeffe0781c3f64f054b0c
GET /www/images/a563edd673308b2cd8cc1ec9c0543417.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 17:36:19 GMT
content-type: image/png
content-length: 76281
last-modified: Tue, 07 Jun 2022 21:58:32 GMT
etag: "629fca08-129f9"
expires: Thu, 22 Sep 2022 22:10:10 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 69969
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74eccd593bf398fc-ARN
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?4583272&@f16&@g1&@h1&@i1&@j1663868178067&@k0&@l1&@mWooo&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-148406794&@b3:1663868178&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&@w
198.27.80.143200 OK 52 B URL HTTP/1.1 s4.histats.com/stats/0.php?4583272&@f16&@g1&@h1&@i1&@j1663868178067&@k0&@l1&@mWooo&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-148406794&@b3:1663868178&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&@w
IP 198.27.80.143:0
File type ASCII text, with no line terminators
Hash 090f7f345d18a47b565d9ccc50b5a44e
67338b34bf991140b8932e4973dc51b54f839fa6
fd09d79db8259313f06f75044973eccd6a1db8911327f5cfad8bdb2028c776ed
GET /stats/0.php?4583272&@f16&@g1&@h1&@i1&@j1663868178067&@k0&@l1&@mWooo&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-148406794&@b3:1663868178&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2022 17:36:19 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 52
Connection: close
pseepsie.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://groupesfemmesfemmes.blogspot.com/
Content-Type: application/json
Origin: https://groupesfemmesfemmes.blogspot.com
Content-Length: 755
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:19 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e634349da6347608476723c2ad21307a
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dozubatan.com/impression/DP6DuhoKABNzX1cNBwXyvCzx7pbUOVtqrn-ujo7WZrkyGRNfuEFkNi97kGTvTVX3BbfYrIvZiuq-H1BMCVbc8ZaMi6MTFAhA-RcNG2V7cqrFQ6d5Yw-Lesj9pbHz_ftQZGXXqlQQuelho2ytGBlfKqiUq7nqz8EPgJs4siOFWB9a2HIeMXWq_5Em5qfXpoN1po9RCoQMWX3hfR0G3KrCe4pnzfDE0WLho3s9AHIO8gX8d-NHBE-KYzsPMw5lvvw1etdGA59A5Mv7Ax-yom8cUfEIxViUy1prRjH85kHZVe0OWLTWJ4kUoEIoGNLWVvB9xTZZwQiRBILzyqoFLVaWSCoPdVsfqA8rIYwkYydWFM6UTbvlIk7iQVUMTyLmuRCHcSScmqjAAj0xnJvn_tW1Ko5SQfQjwHQNFtX_x0hzBuC_QIKmfWzWDv5TP1phxuDKLzB5YJC4BGtpxws8FBiI3bJFn0CErSeREavQPfe45G4sfmA_0aSayQ5l5EugSqhpLGGHvA5lr2BtU3W_Iect9pL7zEcY9iQcNScM9fpRdLEG8r4OxrdHn0wby86xPKXv8vbXGMANH6313hD9c5yrnxQachkuE2Rm35mlmeB8-WIV8uh4U9NPAZelp51-h42DX_S1H8DTxC3HZuM3AM9q_zRj4vfAf8VOde6gSjnwMOY_vVP3-ffUQ0ZqVnZzetHXSQSFp9Z48lueVgrwLqyhGCtLXQYjN6mnik95XQ==?_z=5396477&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/DP6DuhoKABNzX1cNBwXyvCzx7pbUOVtqrn-ujo7WZrkyGRNfuEFkNi97kGTvTVX3BbfYrIvZiuq-H1BMCVbc8ZaMi6MTFAhA-RcNG2V7cqrFQ6d5Yw-Lesj9pbHz_ftQZGXXqlQQuelho2ytGBlfKqiUq7nqz8EPgJs4siOFWB9a2HIeMXWq_5Em5qfXpoN1po9RCoQMWX3hfR0G3KrCe4pnzfDE0WLho3s9AHIO8gX8d-NHBE-KYzsPMw5lvvw1etdGA59A5Mv7Ax-yom8cUfEIxViUy1prRjH85kHZVe0OWLTWJ4kUoEIoGNLWVvB9xTZZwQiRBILzyqoFLVaWSCoPdVsfqA8rIYwkYydWFM6UTbvlIk7iQVUMTyLmuRCHcSScmqjAAj0xnJvn_tW1Ko5SQfQjwHQNFtX_x0hzBuC_QIKmfWzWDv5TP1phxuDKLzB5YJC4BGtpxws8FBiI3bJFn0CErSeREavQPfe45G4sfmA_0aSayQ5l5EugSqhpLGGHvA5lr2BtU3W_Iect9pL7zEcY9iQcNScM9fpRdLEG8r4OxrdHn0wby86xPKXv8vbXGMANH6313hD9c5yrnxQachkuE2Rm35mlmeB8-WIV8uh4U9NPAZelp51-h42DX_S1H8DTxC3HZuM3AM9q_zRj4vfAf8VOde6gSjnwMOY_vVP3-ffUQ0ZqVnZzetHXSQSFp9Z48lueVgrwLqyhGCtLXQYjN6mnik95XQ==?_z=5396477&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/DP6DuhoKABNzX1cNBwXyvCzx7pbUOVtqrn-ujo7WZrkyGRNfuEFkNi97kGTvTVX3BbfYrIvZiuq-H1BMCVbc8ZaMi6MTFAhA-RcNG2V7cqrFQ6d5Yw-Lesj9pbHz_ftQZGXXqlQQuelho2ytGBlfKqiUq7nqz8EPgJs4siOFWB9a2HIeMXWq_5Em5qfXpoN1po9RCoQMWX3hfR0G3KrCe4pnzfDE0WLho3s9AHIO8gX8d-NHBE-KYzsPMw5lvvw1etdGA59A5Mv7Ax-yom8cUfEIxViUy1prRjH85kHZVe0OWLTWJ4kUoEIoGNLWVvB9xTZZwQiRBILzyqoFLVaWSCoPdVsfqA8rIYwkYydWFM6UTbvlIk7iQVUMTyLmuRCHcSScmqjAAj0xnJvn_tW1Ko5SQfQjwHQNFtX_x0hzBuC_QIKmfWzWDv5TP1phxuDKLzB5YJC4BGtpxws8FBiI3bJFn0CErSeREavQPfe45G4sfmA_0aSayQ5l5EugSqhpLGGHvA5lr2BtU3W_Iect9pL7zEcY9iQcNScM9fpRdLEG8r4OxrdHn0wby86xPKXv8vbXGMANH6313hD9c5yrnxQachkuE2Rm35mlmeB8-WIV8uh4U9NPAZelp51-h42DX_S1H8DTxC3HZuM3AM9q_zRj4vfAf8VOde6gSjnwMOY_vVP3-ffUQ0ZqVnZzetHXSQSFp9Z48lueVgrwLqyhGCtLXQYjN6mnik95XQ==?_z=5396477&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Cookie: OAID=432f1bc8f93a4310b086a4420be9db0b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:23 GMT
content-type: image/gif
content-length: 43
x-trace-id: 477b67d052eafaaa95c5ce6537b43406
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dozubatan.com/500/5396477?excludes=14745758&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5396477?excludes=14745758&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5396477?excludes=14745758&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://groupesfemmesfemmes.blogspot.com/
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:24 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=5396478&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=432f1bc8f93a4310b086a4420be9db0b
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/9?z=5396478&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=432f1bc8f93a4310b086a4420be9db0b
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5396478&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=432f1bc8f93a4310b086a4420be9db0b HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 47
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Cookie: scm=1; OAID=477f5c9483214d74ab78e49dc50418de; oaidts=1663868178
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:19 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: ab09b3b6333c27ec5a4a53a109087e2b
access-control-expose-headers: X-Sc
set-cookie: OAID=432f1bc8f93a4310b086a4420be9db0b; expires=Fri, 22 Sep 2023 17:36:19 GMT; secure; SameSite=None
oaidts=1663868178; expires=Fri, 22 Sep 2023 17:36:19 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /27/b7bd02994a2771796f8a835cfb750d4b HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Cookie: scm=1; OAID=477f5c9483214d74ab78e49dc50418de; oaidts=1663868178
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 22 Sep 2022 08:42:06 GMT
expires: Thu, 22 Oct 2082 08:42:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/5396477?excludes=14745758&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5396477?excludes=14745758&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/5396477?excludes=14745758&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Cookie: OAID=432f1bc8f93a4310b086a4420be9db0b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:24 GMT
content-type: application/javascript
x-trace-id: f30e714b70e0a4afe951731c2f61fc15
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=432f1bc8f93a4310b086a4420be9db0b; expires=Fri, 22 Sep 2023 17:36:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
172.67.211.29200 OK 0 B IP 172.67.211.29:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: ed99d912af03fdfa383ea65eaebec708
cache-control: max-age=86400
last-modified: Tue, 20 Sep 2022 08:55:35 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 23 Sep 2022 15:43:53 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 6745
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NEc7AFGBOeXV06h0WKWshmfU2JpQpCmbT0ZO8ZHkS3mJKi1zpIzKpNM%2FGCfawc58WcuABQN90ikXsziEGEPqNRTbmPELa4YLaqong85eo4Y%2BfAmEGQxFFpVRvSSJX01J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74eccd51eda00b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/tag.min.js?z=5396479
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/tag.min.js?z=5396479
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=5396479 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/1?z=5396478
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/1?z=5396478
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5396478 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: b2bce866aecb9ed5c7835e7e91f2222b
access-control-expose-headers: X-Sc
x-sc: RVJshFHTksEDgGS7uuWzsWKu45f6rVBW46nTtj0shVovCHbWidaHQMGj_Wo-zC7qHhhM-62cqf0OjvEPM1ql1Ydg6yM=
set-cookie: scm=1; expires=Fri, 22 Sep 2023 17:36:18 GMT; secure; SameSite=None
OAID=477f5c9483214d74ab78e49dc50418de; expires=Fri, 22 Sep 2023 17:36:18 GMT; secure; SameSite=None
oaidts=1663868178; expires=Fri, 22 Sep 2023 17:36:18 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/400/5396477
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/5396477
IP 139.45.197.237:0
GET /400/5396477 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: application/javascript
x-trace-id: 40b380923389bdf8db9ab750c7a6a143
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7b1d448cd4c64fe4a07ef297e05e57d8; expires=Fri, 22 Sep 2023 17:36:18 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.64.104.21200 OK 0 B IP 172.64.104.21:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 22 Sep 2022 17:36:18 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1417
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Gc6pP4Qmt6cjhRnGiWRfLlmvBukBDjKlS0qnClmcJ4FR%2FLZLCEHhLkXlK6I7w62tON4cfR0dXThTImrQqAW059Fq9bOI56bkOMDNgIxgVM8ApLEXS7AGEti99gO8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74eccd54386674f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=-cyKgDtYGLgeCfwoK_UbB0m_cav6G1DXVJuOOpjB96QmaGzyheoA6zfjUH2vpLV_KM_FyH9o8upkv-JxxX4F_7xEWin0zoU9ojRy_wrotMVAG-vzBdxFP_lcF1D90IGBS_mqR7PdV6N3bbF5_3hmCA9IjqnFDvjUJAgEdS9KuFTtKouCeTf_6W0BWMxm75UobENLxgZReVPzDTe7n_lLXXJinv6Vrfe0hES7ef33Zd8E_xrE&request_ab2=0&zoneid=5396480&js_build=iclick-v1.429.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.429.0&bs=38826760-b087-443f-b654-31898f71cd89&userId=432f1bc8f93a4310b086a4420be9db0b&m=link
139.45.197.243200 OK 0 B URL HTTP/2 onmarshtompor.com/?rb=-cyKgDtYGLgeCfwoK_UbB0m_cav6G1DXVJuOOpjB96QmaGzyheoA6zfjUH2vpLV_KM_FyH9o8upkv-JxxX4F_7xEWin0zoU9ojRy_wrotMVAG-vzBdxFP_lcF1D90IGBS_mqR7PdV6N3bbF5_3hmCA9IjqnFDvjUJAgEdS9KuFTtKouCeTf_6W0BWMxm75UobENLxgZReVPzDTe7n_lLXXJinv6Vrfe0hES7ef33Zd8E_xrE&request_ab2=0&zoneid=5396480&js_build=iclick-v1.429.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.429.0&bs=38826760-b087-443f-b654-31898f71cd89&userId=432f1bc8f93a4310b086a4420be9db0b&m=link
IP 139.45.197.243:0
GET /?rb=-cyKgDtYGLgeCfwoK_UbB0m_cav6G1DXVJuOOpjB96QmaGzyheoA6zfjUH2vpLV_KM_FyH9o8upkv-JxxX4F_7xEWin0zoU9ojRy_wrotMVAG-vzBdxFP_lcF1D90IGBS_mqR7PdV6N3bbF5_3hmCA9IjqnFDvjUJAgEdS9KuFTtKouCeTf_6W0BWMxm75UobENLxgZReVPzDTe7n_lLXXJinv6Vrfe0hES7ef33Zd8E_xrE&request_ab2=0&zoneid=5396480&js_build=iclick-v1.429.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.429.0&bs=38826760-b087-443f-b654-31898f71cd89&userId=432f1bc8f93a4310b086a4420be9db0b&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://groupesfemmesfemmes.blogspot.com/
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:19 GMT
content-type: application/json
x-trace-id: 51d5bb8e19e55baac801e90b9ef70be9
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=432f1bc8f93a4310b086a4420be9db0b; expires=Fri, 22 Sep 2023 17:36:19 GMT; path=/; secure; SameSite=None
oaidts=1663868179; expires=Fri, 22 Sep 2023 17:36:19 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 29 Sep 2022 17:36:19 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/5396477?excludes=&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5396477?excludes=&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/5396477?excludes=&oaid=432f1bc8f93a4310b086a4420be9db0b&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fgroupesfemmesfemmes.blogspot.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://groupesfemmesfemmes.blogspot.com
Connection: keep-alive
Referer: https://groupesfemmesfemmes.blogspot.com/
Cookie: OAID=7b1d448cd4c64fe4a07ef297e05e57d8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 22 Sep 2022 17:36:19 GMT
content-type: application/javascript
x-trace-id: 08f9fcf1d8c596bd936b65e7116edd06
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://groupesfemmesfemmes.blogspot.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=432f1bc8f93a4310b086a4420be9db0b; expires=Fri, 22 Sep 2023 17:36:19 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2