r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 648bf42163c5d645d8a33cd0a9afebd0
9b9ac85435c4e90647e8379bca54c689058a8929
060757fb4857858d4d01a715824ea6771d0137e73a24bf75e2844d0f346380fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "060757FB4857858D4D01A715824EA6771D0137E73A24BF75E2844D0F346380FA"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9605
Expires: Thu, 19 Jan 2023 06:13:42 GMT
Date: Thu, 19 Jan 2023 03:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9567
Expires: Thu, 19 Jan 2023 06:13:04 GMT
Date: Thu, 19 Jan 2023 03:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8762
Expires: Thu, 19 Jan 2023 05:59:39 GMT
Date: Thu, 19 Jan 2023 03:33:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 19 Jan 2023 02:49:25 GMT
content-type: application/json
age: 2652
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FCuYugr9gh05Mm1BuRNyXFFmAHpbpShO+fqQh/ywwoxp45Zxj73WNCCbHmRJhhrQKoq/FBrovU+LutCLKwee6w==
x-amz-request-id: 9M85RB8MRFY93DP7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 19 Jan 2023 02:45:42 GMT
age: 2875
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
tattoos-girl-fish-chinas-news.blogspot.com/search/label/katharine%20mcphee%20lesbian
216.58.207.193200 OK 16 kB URL HTTP/1.1 tattoos-girl-fish-chinas-news.blogspot.com/search/label/katharine%20mcphee%20lesbian
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11453)
Hash 1ffd94e699d4cee313af7d526ad1dad3
e8d0213a79af2a64f895b78e329da374dd06281a
8eef90a8c539a234408f76776387487ca641e95440a5d991a967f39629b00b81
Analyzer Verdict Alert fortinet Malware
GET /search/label/katharine%20mcphee%20lesbian HTTP/1.1
Host: tattoos-girl-fish-chinas-news.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Jan 2023 03:33:37 GMT
Date: Thu, 19 Jan 2023 03:33:37 GMT
Cache-Control: private, max-age=0
Last-Modified: Tue, 29 Nov 2022 08:05:36 GMT
ETag: W/"33df0ffe10edc7d6e11de44f45aaeb5eb709f04d66c2650641c6556edb3e44c9"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 15499
Server: GSE
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 03:33:37 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
tattoos-girl-fish-chinas-news.blogspot.com/js/cookienotice.js
216.58.207.193200 OK 2.0 kB URL HTTP/1.1 tattoos-girl-fish-chinas-news.blogspot.com/js/cookienotice.js
IP 216.58.207.193:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
Analyzer Verdict Alert fortinet Malware
GET /js/cookienotice.js HTTP/1.1
Host: tattoos-girl-fish-chinas-news.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/search/label/katharine%20mcphee%20lesbian
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 14 Jan 2023 12:21:35 GMT
Expires: Sat, 21 Jan 2023 12:21:35 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sat, 14 Jan 2023 10:52:02 GMT
Content-Type: text/javascript
Age: 400323
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash dcf8f2a34f08950fe46c4058550b5ee8
2799d4cede8a559fb27e030bf247e881d5647a9f
7be541194b3c7c427e2fd65c89f8f651bae95c84642233d9f355abbd43f771db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 65e9544f66bb4c6b7f63719e23a4aa00
d293d80f7136361ead8c2b4d104c0840d87df03a
54f81641bf848440c635f72b29a0727d3053a16b0148beb6f6c1b04bbc4e6b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/js/platform.js
172.217.21.174200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js
IP 172.217.21.174:0
File type ASCII text, with very long lines (1429)
Hash 1cc36f699291ba29dab9ec0f885b281b
d536f8bda7d333c21eae8e3d816d690402adb90c
6b20ce0ec6b6c57b33e8118f8d5d3c501ede61b8589ebab71d411b81d0fae994
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20933
date: Thu, 19 Jan 2023 03:33:38 GMT
expires: Thu, 19 Jan 2023 03:33:38 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "4fcbc207c89b8c6c"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/4196832948-widgets.js
216.58.207.233200 OK 56 kB URL HTTP/2 www.blogger.com/static/v1/widgets/4196832948-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2221)
Hash 24f533b2cc89b4264c224d433a37718a
fc4848c3b411e8fdc97831e20c7ebcbf735e636a
aa805bed551a6ac1fa4886b1ee634633bdec1de952fbf94cd81a805ef702a395
GET /static/v1/widgets/4196832948-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56454
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 02:15:20 GMT
expires: Thu, 18 Jan 2024 02:15:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 17 Jan 2023 17:54:44 GMT
content-type: text/javascript
age: 91098
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 65e9544f66bb4c6b7f63719e23a4aa00
d293d80f7136361ead8c2b4d104c0840d87df03a
54f81641bf848440c635f72b29a0727d3053a16b0148beb6f6c1b04bbc4e6b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
216.58.207.233200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
IP 216.58.207.233:0
File type ASCII text, with very long lines (30596)
Hash 6f46e6f68353c7911fe34f31faa1518f
ea4dbfa2f87c18e9c51c59a32dfa9afb9c2c3472
0be7e26374fcff6f423b88e5f2a05d1cfdcb56abb4a78fa125e391989782ae0f
GET /static/v1/widgets/55013136-widget_css_bundle.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 12 Jan 2023 05:21:52 GMT
expires: Fri, 12 Jan 2024 05:21:52 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 Jan 2023 05:53:22 GMT
content-type: text/css
age: 598306
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lhensmakeup.files.wordpress.com/2009/03/aki-creative-make-up.jpg%3Fw%3D450%26h%3D630
192.0.72.24301 Moved Permanently 162 B URL HTTP/1.1 lhensmakeup.files.wordpress.com/2009/03/aki-creative-make-up.jpg%3Fw%3D450%26h%3D630
IP 192.0.72.24:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /2009/03/aki-creative-make-up.jpg%3Fw%3D450%26h%3D630 HTTP/1.1
Host: lhensmakeup.files.wordpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 19 Jan 2023 03:33:38 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://lhensmakeup.files.wordpress.com/2009/03/aki-creative-make-up.jpg%3Fw%3D450%26h%3D630
media.vivanews.com/images/2009/05/07/70358_aung_san_suu_kyi.jpg
188.114.97.1301 Moved Permanently 0 B URL HTTP/1.1 media.vivanews.com/images/2009/05/07/70358_aung_san_suu_kyi.jpg
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/2009/05/07/70358_aung_san_suu_kyi.jpg HTTP/1.1
Host: media.vivanews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Date: Thu, 19 Jan 2023 03:33:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 19 Jan 2023 04:33:38 GMT
Location: https://media.vivanews.com/images/2009/05/07/70358_aung_san_suu_kyi.jpg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H6TZmgmMfiolEwSrgGZ4wlY1LFz6GyhSNOQe9JruRIdZ8jR625iLBrCnvV%2BOzDjqr2Q7dPC5lSL6UHJgIivkvrwk%2BIQYsCNpq0RyGasrU5%2BapnwZtradSIZL%2BXdvDPGfp2eoP0I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78bc829209120b02-OSL
alt-svc: h2=":443"; ma=60
resources.blogblog.com/img/icon18_edit_allbkg.gif
216.58.207.233200 OK 162 B URL HTTP/2 resources.blogblog.com/img/icon18_edit_allbkg.gif
IP 216.58.207.233:0
File type GIF image data, version 89a, 18 x 18\012- data
Hash c991641178ff05adf0d004298b5eafa9
d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 15 Jan 2023 05:34:14 GMT
expires: Sun, 22 Jan 2023 05:34:14 GMT
cache-control: public, max-age=604800
last-modified: Sat, 14 Jan 2023 15:51:06 GMT
content-type: image/gif
age: 338364
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
screenshots.fansub.tv/1107/44/15.jpg
104.21.60.49301 Moved Permanently 0 B URL HTTP/1.1 screenshots.fansub.tv/1107/44/15.jpg
IP 104.21.60.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1107/44/15.jpg HTTP/1.1
Host: screenshots.fansub.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Date: Thu, 19 Jan 2023 03:33:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 19 Jan 2023 04:33:38 GMT
Location: https://screenshots.fansub.tv/1107/44/15.jpg
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=97NxHlDvlRW7NkKcrKrR5BJ%2FSvhU2D55muMwe%2FvWU6zcpm5j4W9zFF2T0xkidEETV1wN%2FaUVL6OlsYLDkT7UCGnvHacGPBsZdk%2FTbUOX4%2FgeFQxdl8cWoKzMynrvoD0s5ZFNwp9dvrc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78bc829219140b02-OSL
alt-svc: h2=":443"; ma=60
www3.pictures.zimbio.com/gi/Queen%2BLatifah%2BDisney%2BParks%2BUnveils%2BNew%2BDisney%2Bqz9Ttio0uAMl.jpg
151.101.193.91301 Moved Permanently 0 B URL HTTP/1.1 www3.pictures.zimbio.com/gi/Queen%2BLatifah%2BDisney%2BParks%2BUnveils%2BNew%2BDisney%2Bqz9Ttio0uAMl.jpg
IP 151.101.193.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gi/Queen%2BLatifah%2BDisney%2BParks%2BUnveils%2BNew%2BDisney%2Bqz9Ttio0uAMl.jpg HTTP/1.1
Host: www3.pictures.zimbio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://www3.pictures.zimbio.com/gi/Queen%2BLatifah%2BDisney%2BParks%2BUnveils%2BNew%2BDisney%2Bqz9Ttio0uAMl.jpg
Accept-Ranges: bytes
Date: Thu, 19 Jan 2023 03:33:38 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1676-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1674099218.280064,VS0,VE0
X-Response-Time: 92
Strict-Transport-Security: max-age=31557600
natashaandreoni.files.wordpress.com/2011/01/blog-32.jpg
192.0.72.17301 Moved Permanently 162 B URL HTTP/1.1 natashaandreoni.files.wordpress.com/2011/01/blog-32.jpg
IP 192.0.72.17:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /2011/01/blog-32.jpg HTTP/1.1
Host: natashaandreoni.files.wordpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 19 Jan 2023 03:33:38 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://natashaandreoni.files.wordpress.com/2011/01/blog-32.jpg
www.accesshollywood.com/content/images/1/400x400bd/1604_taylor-hicks-katharine-mcphee-idol.jpg
104.18.154.21301 Moved Permanently 0 B URL HTTP/1.1 www.accesshollywood.com/content/images/1/400x400bd/1604_taylor-hicks-katharine-mcphee-idol.jpg
IP 104.18.154.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /content/images/1/400x400bd/1604_taylor-hicks-katharine-mcphee-idol.jpg HTTP/1.1
Host: www.accesshollywood.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Date: Thu, 19 Jan 2023 03:33:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 19 Jan 2023 04:33:38 GMT
Location: https://www.accesshollywood.com/content/images/1/400x400bd/1604_taylor-hicks-katharine-mcphee-idol.jpg
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78bc8292abdab529-OSL
www.blogger.com/img/share_buttons_20_3.png
216.58.207.233200 OK 5.1 kB URL HTTP/2 www.blogger.com/img/share_buttons_20_3.png
IP 216.58.207.233:0
File type PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash ad9999106d5f550920b586e8e1704e5a
93fd02c51166402a41f96509cd0ca3fb917877dd
3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3
GET /img/share_buttons_20_3.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 5080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 12 Jan 2023 16:55:50 GMT
expires: Thu, 19 Jan 2023 16:55:50 GMT
cache-control: public, max-age=604800
last-modified: Thu, 12 Jan 2023 05:53:07 GMT
content-type: image/png
age: 556668
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.ydLROSGdlBE.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA/cb=gapi.loaded_0?le=scs
172.217.21.174200 OK 58 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.ydLROSGdlBE.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA/cb=gapi.loaded_0?le=scs
IP 172.217.21.174:0
File type ASCII text, with very long lines (580)
Hash 3e7852e3ac3d1921ddb7302c569bdb8f
85e8bdb23ef407fb3770ec0a9588d85c725930d3
20cd515349665d62191e0c15ea1b9f3b5c4e35d36313d1e7fdc8af83b9663a78
GET /_/scs/abc-static/_/js/k=gapi.lb.en.ydLROSGdlBE.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57931
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 15 Jan 2023 02:21:31 GMT
expires: Mon, 15 Jan 2024 02:21:31 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Dec 2022 15:21:53 GMT
content-type: text/javascript; charset=UTF-8
age: 349927
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ny-image1.etsy.com/il_fullxfull.167867329.jpg
35.190.25.237301 Moved Permanently 261 B URL HTTP/1.1 ny-image1.etsy.com/il_fullxfull.167867329.jpg
IP 35.190.25.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 90b32f481789fe6c42322fdf0aeb6ce1
2084be3498534a4734a9232c7ca74288af783713
6a9aea98a66abeb7b2269c4a8cbe71cbcb8b122566fe3bb73057d0f0148c82d3
GET /il_fullxfull.167867329.jpg HTTP/1.1
Host: ny-image1.etsy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Date: Thu, 19 Jan 2023 03:33:38 GMT
Server: Apache
Location: http://img0.etsystatic.com/il_fullxfull.167867329.jpg
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
Via: 1.1 google
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
142.250.74.98200 OK 67 B URL HTTP/1.1 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 142.250.74.98:0
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Wed, 18 Jan 2023 12:44:49 GMT
Expires: Wed, 01 Feb 2023 12:44:49 GMT
Cache-Control: public, max-age=1209600
Age: 53329
ETag: 13036835877489095579
Content-Type: text/javascript; charset=UTF-8
ny-image2.etsy.com/il_fullxfull.248688266.jpg
35.190.25.237301 Moved Permanently 261 B URL HTTP/1.1 ny-image2.etsy.com/il_fullxfull.248688266.jpg
IP 35.190.25.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 28dc2d3d2a702770299ea1eb7cc29a58
54988b7f47ddce448487fd38c89332f051ffcddb
4867f5b88ee108ed386aef44045e7a639a56c8dff56b54f138882a056c8a5884
GET /il_fullxfull.248688266.jpg HTTP/1.1
Host: ny-image2.etsy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Date: Thu, 19 Jan 2023 03:33:38 GMT
Server: Apache
Location: http://img0.etsystatic.com/il_fullxfull.248688266.jpg
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
Via: 1.1 google
4.bp.blogspot.com/-qe3i7WsZEcA/TkKji1tURBI/AAAAAAAAA9A/roWRBpiczjc/s1600/Gwen-Stefani-009.jpg
142.250.74.161404 Not Found 832 B URL HTTP/1.1 4.bp.blogspot.com/-qe3i7WsZEcA/TkKji1tURBI/AAAAAAAAA9A/roWRBpiczjc/s1600/Gwen-Stefani-009.jpg
IP 142.250.74.161:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 596246739a83bb45e30e13437e0810d9
203d99f5cb1f2c816d6f9974cc5a73cf412892a6
94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
GET /-qe3i7WsZEcA/TkKji1tURBI/AAAAAAAAA9A/roWRBpiczjc/s1600/Gwen-Stefani-009.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Thu, 19 Jan 2023 03:33:38 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 65e9544f66bb4c6b7f63719e23a4aa00
d293d80f7136361ead8c2b4d104c0840d87df03a
54f81641bf848440c635f72b29a0727d3053a16b0148beb6f6c1b04bbc4e6b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 96932e7ee122dfbe89a87a0265f8bf94
a260e5fb88fa73efaedcd7880f4bfea7acf44fbb
e806134fe3187494ab16df5a777bb4d7b8d0a8c400b542a5414b63c7ef3ac3e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 65e9544f66bb4c6b7f63719e23a4aa00
d293d80f7136361ead8c2b4d104c0840d87df03a
54f81641bf848440c635f72b29a0727d3053a16b0148beb6f6c1b04bbc4e6b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.trouveztout.org/Gwen-Stefani/images/Gwen-Stefani-Cool.jpg
217.160.0.92301 Moved Permanently 277 B URL HTTP/1.1 www.trouveztout.org/Gwen-Stefani/images/Gwen-Stefani-Cool.jpg
IP 217.160.0.92:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash cc65285430da1609756a5ab01eda8277
363d7033d1867d3db4227671ede1465b7068de4f
602f1599b07b557813c83b58fbf0b84ec7b47d6300a8123c2830416e2aaaf4f3
GET /Gwen-Stefani/images/Gwen-Stefani-Cool.jpg HTTP/1.1
Host: www.trouveztout.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
Content-Length: 277
Connection: keep-alive
Keep-Alive: timeout=15
Date: Thu, 19 Jan 2023 03:33:38 GMT
Server: Apache
Location: https://www.trouveztout.org/Gwen-Stefani/images/Gwen-Stefani-Cool.jpg
Cache-Control: max-age=7200
Expires: Thu, 19 Jan 2023 05:33:38 GMT
i255.photobucket.com/albums/hh153/6AlKal6/th_GwenStefani-Luxurious.jpg
143.204.55.54200 OK 6.5 kB URL HTTP/2 i255.photobucket.com/albums/hh153/6AlKal6/th_GwenStefani-Luxurious.jpg
IP 143.204.55.54:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9868c8fccb02a3e5007687818143b715
ea5510a42c3e75ee6b55bfdc39c9ae80658d8a9e
5d5b9170b127b95e5f5419b29238a145e7a6ab308a7cfdc470bfab2c796f1d75
GET /albums/hh153/6AlKal6/th_GwenStefani-Luxurious.jpg HTTP/1.1
Host: i255.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 6450
date: Thu, 19 Jan 2023 03:33:38 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="th_GwenStefani-Luxurious.webp"
content-security-policy: script-src 'none'
expires: Fri, 19 Jan 2024 03:33:38 GMT
server: photobucket
x-amzn-trace-id: Root=1-63c8ba12-79f820f43e93af2667ba92b3
x-request-id: osGIa6C0ZNCPd5AKWlzkQ
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ti52GpnG2uW43I_YCGHif11OqLjuzSYp3gV-Bhwym7oYsG9ZpxM_tw==
vary: Accept, Origin
X-Firefox-Spdy: h2
img0.etsystatic.com/il_fullxfull.167867329.jpg
151.101.129.224301 Moved Permanently 0 B URL HTTP/1.1 img0.etsystatic.com/il_fullxfull.167867329.jpg
IP 151.101.129.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /il_fullxfull.167867329.jpg HTTP/1.1
Host: img0.etsystatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://img0.etsystatic.com/il/5c7f43/167867329/il_fullxfull.167867329.jpg?optimize=low&auto=webp
Accept-Ranges: bytes
Date: Thu, 19 Jan 2023 03:33:38 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1650-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1674099219.592923,VS0,VE0
Timing-Allow-Origin: *
Strict-Transport-Security: max-age=300
www.blogger.com/img/logo-16.png
216.58.207.233200 OK 279 B URL HTTP/1.1 www.blogger.com/img/logo-16.png
IP 216.58.207.233:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 5ffecab6c722bb0adc3fce8d83b27993
0e59b05d3da526e82bb4f5d47c5d94e2a318dafb
cca664ca16fde285160e80eae6ba4501c27b1dd1ce09aec1e84caa74b5baff53
GET /img/logo-16.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 279
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 12 Jan 2023 22:24:44 GMT
Expires: Thu, 19 Jan 2023 22:24:44 GMT
Cache-Control: public, max-age=604800
Last-Modified: Thu, 12 Jan 2023 18:56:26 GMT
Content-Type: image/png
Age: 536934
img0.etsystatic.com/il_fullxfull.248688266.jpg
151.101.129.224301 Moved Permanently 0 B URL HTTP/1.1 img0.etsystatic.com/il_fullxfull.248688266.jpg
IP 151.101.129.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /il_fullxfull.248688266.jpg HTTP/1.1
Host: img0.etsystatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://img0.etsystatic.com/il/2f8a6c/248688266/il_fullxfull.248688266.jpg?optimize=low&auto=webp
Accept-Ranges: bytes
Date: Thu, 19 Jan 2023 03:33:38 GMT
Via: 1.1 varnish
X-Served-By: cache-bma1666-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1674099219.594004,VS0,VE0
Timing-Allow-Origin: *
Strict-Transport-Security: max-age=300
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 19 Jan 2023 02:48:57 GMT
age: 2681
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
movieart.net/wp-content/uploads/2011/05/full.contempt-1sh-2362.JPG
216.40.34.41404 Not Found 169 B URL HTTP/1.1 movieart.net/wp-content/uploads/2011/05/full.contempt-1sh-2362.JPG
IP 216.40.34.41:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 7693e858b2ca7115ac7fd50df329ab4f
f6c47617b9a3e4dc957144fcb29f64a7a8c41da4
5b3fc771f43d8e67bd8957f7b3d9a49eae80b88e43c13cbf16623623e9028375
GET /wp-content/uploads/2011/05/full.contempt-1sh-2362.JPG HTTP/1.1
Host: movieart.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Thu, 19 Jan 2023 03:33:38 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ebea0a517b5f19058570091adeb5638
067b81090a3885dd467eec4a0824f7ccf77ddb85
adbebdb729ad955a5434965df648aad5e71fecd9bba25c0038543c9591dd87d6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ADBEBDB729AD955A5434965DF648AAD5E71FECD9BBA25C0038543C9591DD87D6"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 19 Jan 2023 09:33:38 GMT
Date: Thu, 19 Jan 2023 03:33:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 36c29a6fdc8404346dbdfb6870f41dbc
633a94fc1af70de73d42ffd0de5645956b75febb
79edc2e5a84c0d0bf1a32b6819a48c50fed266fe375337157dcc55898acb3929
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79EDC2E5A84C0D0BF1A32B6819A48C50FED266FE375337157DCC55898ACB3929"
Last-Modified: Tue, 17 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2331
Expires: Thu, 19 Jan 2023 04:12:29 GMT
Date: Thu, 19 Jan 2023 03:33:38 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3ebea0a517b5f19058570091adeb5638
067b81090a3885dd467eec4a0824f7ccf77ddb85
adbebdb729ad955a5434965df648aad5e71fecd9bba25c0038543c9591dd87d6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ADBEBDB729AD955A5434965DF648AAD5E71FECD9BBA25C0038543C9591DD87D6"
Last-Modified: Tue, 17 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 19 Jan 2023 09:33:38 GMT
Date: Thu, 19 Jan 2023 03:33:38 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 79af32d8e279b4cfec147ab51cb6fcb3
d726903292bd1e08a6d9fe0719d2cd5b33dc5fe6
bfcb2d8f14d89736ac6b771f1618a8fc5e707691d60807a574fb719c8e9393ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 538
Cache-Control: max-age=106928
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:38 GMT
Etag: "63c7b6a8-1d7"
Expires: Fri, 20 Jan 2023 09:15:46 GMT
Last-Modified: Wed, 18 Jan 2023 09:06:48 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
www3.pictures.zimbio.com/gi/Queen%2BLatifah%2BDisney%2BParks%2BUnveils%2BNew%2BDisney%2Bqz9Ttio0uAMl.jpg
151.101.193.91200 OK 63 kB URL HTTP/2 www3.pictures.zimbio.com/gi/Queen%2BLatifah%2BDisney%2BParks%2BUnveils%2BNew%2BDisney%2Bqz9Ttio0uAMl.jpg
IP 151.101.193.91:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 594x393, components 3\012- data
Hash 6ed7f5868e2e009a201ec33458e0ad13
442627f377b44c9c2c3c64066c726348c7f8ce16
ba46111763238ff6c2befc9ea57e2206acda88132e88c90bdd5c91ece259bc24
GET /gi/Queen%2BLatifah%2BDisney%2BParks%2BUnveils%2BNew%2BDisney%2Bqz9Ttio0uAMl.jpg HTTP/1.1
Host: www3.pictures.zimbio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
server: nginx/1.4.6 (Ubuntu)
last-modified: Thu, 03 Mar 2011 06:41:59 GMT
etag: "4d6f3837-f651"
expires: Sat, 08 Apr 2023 20:33:38 GMT
cache-control: max-age=8035200, stale-while-revalidate=604800, stale-if-error=604800
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 19 Jan 2023 03:33:38 GMT
age: 1148400
x-served-by: cache-bfi-krnt7300061-BFI, cache-bma1656-BMA
x-cache: HIT, MISS
x-cache-hits: 7, 0
x-timer: S1674099219.573973,VS0,VE157
x-response-time: 157116
strict-transport-security: max-age=31557600
content-length: 63057
X-Firefox-Spdy: h2
www.trouveztout.org/Gwen-Stefani/images/Gwen-Stefani-Cool.jpg
217.160.0.92200 OK 11 kB URL HTTP/2 www.trouveztout.org/Gwen-Stefani/images/Gwen-Stefani-Cool.jpg
IP 217.160.0.92:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Intel(R) JPEG Library, version 1,5,4,36", baseline, precision 8, 451x281, components 3\012- data
Hash c86bd78d904eb6c87932a2a60658a54b
ff3ec55abf714c3f496cc00e05e4e5ce66129832
1124adedcd3b3c0152ffccb5d6ef80bd17bc338d100cc4b0fc7c66ac6396dde3
GET /Gwen-Stefani/images/Gwen-Stefani-Cool.jpg HTTP/1.1
Host: www.trouveztout.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 11340
date: Thu, 19 Jan 2023 03:33:38 GMT
server: Apache
last-modified: Thu, 10 Jan 2019 17:01:56 GMT
accept-ranges: bytes
cache-control: max-age=2592000, public
expires: Sat, 18 Feb 2023 03:33:38 GMT
vary: User-Agent
X-Firefox-Spdy: h2
keywebtracker.com/?if=1&scr_w=1280&scr_h=1024&blog=http%3A//tattoos-girl-fish-chinas-news.blogspot.com/search/label/katharine%2520mcphee%2520lesbian&ref=&l=celebrity
69.162.80.53200 OK 635 B URL HTTP/1.1 keywebtracker.com/?if=1&scr_w=1280&scr_h=1024&blog=http%3A//tattoos-girl-fish-chinas-news.blogspot.com/search/label/katharine%2520mcphee%2520lesbian&ref=&l=celebrity
IP 69.162.80.53:0
ASN #46475 LIMESTONENETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (635), with no line terminators
Hash 6f63d5f2757cc51773ad5d7d1ef6d6a1
1b5376b0b93c7e602e1b9c94907912bd25cbc606
d3fbbf37b30466bc90adb41a892f7066ecd33926c8c4c799021d99131fbe83d7
GET /?if=1&scr_w=1280&scr_h=1024&blog=http%3A//tattoos-girl-fish-chinas-news.blogspot.com/search/label/katharine%2520mcphee%2520lesbian&ref=&l=celebrity HTTP/1.1
Host: keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 635
content-type: text/html; charset=utf-8
date: Thu, 19 Jan 2023 03:33:37 GMT
server: nginx
set-cookie: sid=0ffea94e-97aa-11ed-a7c2-5f1ec7448102; path=/; domain=.keywebtracker.com; expires=Tue, 06 Feb 2091 06:47:45 GMT; max-age=2147483647; HttpOnly
3.bp.blogspot.com/-7cXZATkEA6o/TlKHT9r-TSI/AAAAAAAAA1Y/DU1tpJ61ZwE/s1600/IMG00160-20110822-1527.jpg
142.250.74.161200 OK 129 kB URL HTTP/1.1 3.bp.blogspot.com/-7cXZATkEA6o/TlKHT9r-TSI/AAAAAAAAA1Y/DU1tpJ61ZwE/s1600/IMG00160-20110822-1527.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 1600x1200, components 3\012- data
Size 129 kB (128691 bytes)
Hash edc5e136d8a3b64b0113f04eca819a1e
c621d645a660dae99bc5524e766074f62512333a
2a17cc8fb4db3fbfd641f71924de432d67ae31182a90622518942ae93a236c50
GET /-7cXZATkEA6o/TlKHT9r-TSI/AAAAAAAAA1Y/DU1tpJ61ZwE/s1600/IMG00160-20110822-1527.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v356"
Expires: Fri, 20 Jan 2023 03:33:38 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="IMG00160-20110822-1527.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Thu, 19 Jan 2023 03:33:38 GMT
Server: fife
Content-Length: 128691
X-XSS-Protection: 0
alistbaby.net/wp-content/uploads/2010/05/29954_395242555167_84031090167_4606934_2775697_n.jpg
74.114.88.175200 OK 97 kB URL HTTP/1.1 alistbaby.net/wp-content/uploads/2010/05/29954_395242555167_84031090167_4606934_2775697_n.jpg
IP 74.114.88.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 180x180, segment length 16, baseline, precision 8, 720x540, components 3\012- data
Hash e27126a8f5f3709079f9d12781202e9f
50a486087540dac6e5c0274d014840056b9a5f47
3faac099f8fe5e0d1671c1e24bdc8c6c056088463f171c19248e95a8a6ee1d70
GET /wp-content/uploads/2010/05/29954_395242555167_84031090167_4606934_2775697_n.jpg HTTP/1.1
Host: alistbaby.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2023 03:33:38 GMT
Server: Apache
TT-Server: t=1674099218479195 D=2156
Last-Modified: Sun, 16 May 2010 17:09:37 GMT
ETag: "17a72-486b92c4a9640"
Accept-Ranges: bytes
Content-Length: 96882
Keep-Alive: timeout=10, max=20
Connection: Keep-Alive
Content-Type: image/jpeg
1.bp.blogspot.com/_B4eumhUY34E/S_M1Ogh5NcI/AAAAAAAAAaU/qy9tomzcTR8/s1600/Adams_0284.jpg
142.250.74.161200 OK 180 kB URL HTTP/1.1 1.bp.blogspot.com/_B4eumhUY34E/S_M1Ogh5NcI/AAAAAAAAAaU/qy9tomzcTR8/s1600/Adams_0284.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 800x1200, components 3\012- data
Size 180 kB (179458 bytes)
Hash b23540b4ebf6d9a7f6943dd3e34abd22
8cc38a8b4c92b1e3b20eb2a07accedb68c085c37
2f9c28beb414e62e642bbc535015eff82a5d1bedf162999721e0eee2e3eb71c1
GET /_B4eumhUY34E/S_M1Ogh5NcI/AAAAAAAAAaU/qy9tomzcTR8/s1600/Adams_0284.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v1a5"
Expires: Fri, 20 Jan 2023 03:33:38 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Adams_0284.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Thu, 19 Jan 2023 03:33:38 GMT
Server: fife
Content-Length: 179458
X-XSS-Protection: 0
images2.fanpop.com/images/photos/6400000/photoshoot-mary-kate-and-ashley-olsen-6414994-434-650.jpg
104.26.11.178200 OK 96 kB URL HTTP/1.1 images2.fanpop.com/images/photos/6400000/photoshoot-mary-kate-and-ashley-olsen-6414994-434-650.jpg
IP 104.26.11.178:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 434x650, components 3\012- data
Hash 4667310b6f1eafc6a42067bfcd064fd0
78685e63ec0629c4cdaafbcd7eaf26c25598525f
b3bf8eab62b7eccb897f06dc215da39810c337b3ee5f4903f5b23a8d76466b47
GET /images/photos/6400000/photoshoot-mary-kate-and-ashley-olsen-6414994-434-650.jpg HTTP/1.1
Host: images2.fanpop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2023 03:33:38 GMT
Content-Type: image/jpeg
Content-Length: 96258
Connection: keep-alive
Last-Modified: Wed, 27 May 2009 06:12:12 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nTkIMCzF6s0IGxSrRCi6ZKkcLNpE%2FE0h1Z%2BqoDY5bTNwUQCMv2cVzoYiP6umU2RSIIk2jmWiEKre5VOWGRUEi%2Fhn1MX1KpJUnK3QKo66CoMZSbnL%2BKQMxD98UYMLTILYlC%2Bjcg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78bc82921b6eb529-OSL
alt-svc: h2=":443"; ma=60
lhensmakeup.files.wordpress.com/2009/03/aki-creative-make-up.jpg%3Fw%3D450%26h%3D630
192.0.72.24200 OK 541 kB URL HTTP/2 lhensmakeup.files.wordpress.com/2009/03/aki-creative-make-up.jpg%3Fw%3D450%26h%3D630
IP 192.0.72.24:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2009:03:20 18:44:36], baseline, precision 8, 500x700, components 3\012- data
Size 541 kB (540647 bytes)
Hash 6e7903528075cabd5028ff8256182245
3d2ae39734cd03576ab8f793291846656ff225f7
3e2b156a0fd776237cc1681a8e27dff782a835d45ac29a0600fa7a1f74836651
GET /2009/03/aki-creative-make-up.jpg%3Fw%3D450%26h%3D630 HTTP/1.1
Host: lhensmakeup.files.wordpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 03:33:38 GMT
content-type: image/jpeg
content-length: 540647
last-modified: Fri, 20 Mar 2009 18:17:53 GMT
expires: Wed, 22 Feb 2023 14:34:34 GMT
x-orig-src: 01_mogdir
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: https://lhensmakeup.wordpress.com
vary: Origin
x-nc: MISS arn 24 np
x-content-type-options: nosniff
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.164.186.39101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.186.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uCechZ1t7Xl98YSS+b9FAQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eT4JYYwkqJrPsVteQfcCK9vdwWU=
www.blogger.com/dyn-css/authorization.css?targetBlogID=7435199865705255018&zx=98225da7-7778-478b-a217-31a353ca7da0
216.58.207.233200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=7435199865705255018&zx=98225da7-7778-478b-a217-31a353ca7da0
IP 216.58.207.233:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=7435199865705255018&zx=98225da7-7778-478b-a217-31a353ca7da0 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Jan 2023 03:33:39 GMT
last-modified: Thu, 19 Jan 2023 03:33:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ca2a83483e846691c0a8b14e3f33d814
33ddc14c826039693ff83e67f7098192b4507a0a
3335ff112c41c0de7193b5cb687b0a6942683d18130d92c2f445e60f66bcd55d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2023 03:33:39 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 16 Jan 2023 22:12:45 GMT
Expires: Mon, 23 Jan 2023 22:12:44 GMT
Etag: "33ddc14c826039693ff83e67f7098192b4507a0a"
Cache-Control: max-age=412144,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78bc829608c40b31-OSL
img0.etsystatic.com/il/5c7f43/167867329/il_fullxfull.167867329.jpg?optimize=low&auto=webp
151.101.129.224200 OK 256 kB URL HTTP/2 img0.etsystatic.com/il/5c7f43/167867329/il_fullxfull.167867329.jpg?optimize=low&auto=webp
IP 151.101.129.224:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1037x960, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 256 kB (256020 bytes)
Hash 7447825114d689c2abff23dd8de12e2e
5c4c85e5f6244d06d4f05308248ea219a35823e2
ff24f0f1d600581a3f8a4287bace9721d364ae4324106efcbef18e5296da3bd4
GET /il/5c7f43/167867329/il_fullxfull.167867329.jpg?optimize=low&auto=webp HTTP/1.1
Host: img0.etsystatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=365000000, immutable
content-type: image/webp
etag: "sG2/dRJhDy8YSzVDD+4Ryarsq9+qV3UkVpM86jTTIAk"
expires: Fri, 19 Jan 2024 03:33:38 GMT
fastly-io-info: ifsz=311028 idim=1037x960 ifmt=jpeg ofsz=256020 odim=1037x960 ofmt=webp
fastly-stats: io=1
server: UploadServer
x-goog-generation: 1519945574755307
x-goog-hash: crc32c=vIX6TA==, md5=IFVlq4D73l1PVRGg58vWnA==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 311028
x-guploader-uploadid: ADPycdslXv8sOe6kNceSGt6MPm_aTf9rVCrgtR0i_5b0Co-ZOmKIf9kDGgXD3Z60F15H7FZTLp6vi-4F9hpQNvJVfUSGp6i5xNbS
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 19 Jan 2023 03:33:39 GMT
age: 0
x-served-by: cache-chi-kigq8000096-CHI, cache-bma1627-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1674099219.664168,VS0,VE451
vary: Accept
timing-allow-origin: *
strict-transport-security: max-age=300
content-length: 256020
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ce66d18790c5f7a780615f0ea62362c9
908fd32145fc3e05c0f138ebae256dc825d67798
559e4adfee211a9792a88aa0d9e6c6682465132ef51eccb0126700ecbe726ce2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "559E4ADFEE211A9792A88AA0D9E6C6682465132EF51ECCB0126700ECBE726CE2"
Last-Modified: Wed, 18 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21546
Expires: Thu, 19 Jan 2023 09:32:45 GMT
Date: Thu, 19 Jan 2023 03:33:39 GMT
Connection: keep-alive
img0.etsystatic.com/il/2f8a6c/248688266/il_fullxfull.248688266.jpg?optimize=low&auto=webp
151.101.129.224200 OK 351 kB URL HTTP/2 img0.etsystatic.com/il/2f8a6c/248688266/il_fullxfull.248688266.jpg?optimize=low&auto=webp
IP 151.101.129.224:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1500x1451, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 351 kB (350982 bytes)
Hash bbe202024f5ebc436e9d4a935c6f57ba
08e41064683b14200d1533d680f477c64a70ba42
d534bb0061743b175b85b5f297adec7c7ab99cb3b436cd2c983a683b873d102e
GET /il/2f8a6c/248688266/il_fullxfull.248688266.jpg?optimize=low&auto=webp HTTP/1.1
Host: img0.etsystatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=365000000, immutable
content-type: image/webp
etag: "1fVFuxwUSCmXireLHRP7uwC0i9RM2RoNav/peA2iNwY"
expires: Fri, 19 Jan 2024 03:33:38 GMT
fastly-io-info: ifsz=504807 idim=1500x1451 ifmt=jpeg ofsz=350982 odim=1500x1451 ofmt=webp
fastly-stats: io=1
server: UploadServer
x-goog-generation: 1518117406546535
x-goog-hash: crc32c=G9fo/A==, md5=iLCYBRyo6GyDYdA9N2bKYQ==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 504807
x-guploader-uploadid: ADPycdu9oqun8jdwhaGILac5lz1xyhLNqFkAEXFRQ0wLxpyxckahy7VtQI2_SRQHzbnUCPKsudC7mQRGI2PeRILLkIYWvKOCPj7G
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 19 Jan 2023 03:33:39 GMT
age: 0
x-served-by: cache-chi-kigq8000036-CHI, cache-bma1627-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1674099219.664142,VS0,VE525
vary: Accept
timing-allow-origin: *
strict-transport-security: max-age=300
content-length: 350982
X-Firefox-Spdy: h2
natashaandreoni.files.wordpress.com/2011/01/blog-32.jpg
192.0.72.17200 OK 820 kB URL HTTP/2 natashaandreoni.files.wordpress.com/2011/01/blog-32.jpg
IP 192.0.72.17:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, xresolution=50, yresolution=58, resolutionunit=2], baseline, precision 8, 3478x5240, components 3\012- data
Size 820 kB (820215 bytes)
Hash a68726b7ece0eae453c1e946b3c7ace6
c8e49f02d8e35fd30d3889b766004e0970b6df44
d1567e2a451c6716c2e53cee8535a85ec83d4e442aeb96f2b00a7a8018a864c1
GET /2011/01/blog-32.jpg HTTP/1.1
Host: natashaandreoni.files.wordpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 03:33:38 GMT
content-type: image/jpeg
content-length: 820215
last-modified: Tue, 18 Jan 2011 11:23:57 GMT
expires: Thu, 09 Feb 2023 22:25:14 GMT
x-orig-src: 01_mogdir
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: https://natashaandreoni.wordpress.com
vary: Origin
x-nc: MISS arn 17 np
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash af82cadf80ac1918d512e6e9bd47d160
7874aed66f0e309f62f3a700af946d0ca375c587
08dac7bf0c9235042d0cc9b52d7a8b12ac4be8b9c321295a6212791221bb8f63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.fansub.tv/1107/44/15.jpg
66.228.32.97404 Not Found 8.0 kB URL HTTP/1.1 www.fansub.tv/1107/44/15.jpg
IP 66.228.32.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (340)
Hash 81ee5bd683ca1ea7bc7158bc11300525
778a277f0a81ef6f1292fc1a675db5de5fa195e9
e03ac7fb608a7ef42c9447bf6fe20b0f3f3666fe46253dcbc2cc08d5476f41b5
GET /1107/44/15.jpg HTTP/1.1
Host: www.fansub.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Date: Thu, 19 Jan 2023 03:33:39 GMT
Server: Apache/2.4.38 (Debian)
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 19 Jan 2023 03:33:39 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, max-age=0
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: xf_csrf=xG5LcciWQ0eBX_LO; path=/; secure
Content-Length: 7961
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
keywebtracker.com/?blog=http%3A%2F%2Ftattoos-girl-fish-chinas-news.blogspot.com%2Fsearch%2Flabel%2Fkatharine%2520mcphee%2520lesbian&ch=1&if=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDEwNjQxOCwiaWF0IjoxNjc0MDk5MjE4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3RwZ25sMXIzdW5oMGhvaDgwN29qa2IiLCJuYmYiOjE2NzQwOTkyMTgsInRzIjoxNjc0MDk5MjE4NzA3OTE1fQ.luHQdRDvEmyOVUY9ECY8YJdI7uOgHAcDhhvYhFeiE-s&l=celebrity&ref=&scr_h=1024&scr_w=1280&sid=0ffea94e-97aa-11ed-a7c2-5f1ec7448102
69.162.80.53302 Found 11 B URL HTTP/1.1 keywebtracker.com/?blog=http%3A%2F%2Ftattoos-girl-fish-chinas-news.blogspot.com%2Fsearch%2Flabel%2Fkatharine%2520mcphee%2520lesbian&ch=1&if=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDEwNjQxOCwiaWF0IjoxNjc0MDk5MjE4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3RwZ25sMXIzdW5oMGhvaDgwN29qa2IiLCJuYmYiOjE2NzQwOTkyMTgsInRzIjoxNjc0MDk5MjE4NzA3OTE1fQ.luHQdRDvEmyOVUY9ECY8YJdI7uOgHAcDhhvYhFeiE-s&l=celebrity&ref=&scr_h=1024&scr_w=1280&sid=0ffea94e-97aa-11ed-a7c2-5f1ec7448102
IP 69.162.80.53:0
ASN #46475 LIMESTONENETWORKS
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /?blog=http%3A%2F%2Ftattoos-girl-fish-chinas-news.blogspot.com%2Fsearch%2Flabel%2Fkatharine%2520mcphee%2520lesbian&ch=1&if=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDEwNjQxOCwiaWF0IjoxNjc0MDk5MjE4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3RwZ25sMXIzdW5oMGhvaDgwN29qa2IiLCJuYmYiOjE2NzQwOTkyMTgsInRzIjoxNjc0MDk5MjE4NzA3OTE1fQ.luHQdRDvEmyOVUY9ECY8YJdI7uOgHAcDhhvYhFeiE-s&l=celebrity&ref=&scr_h=1024&scr_w=1280&sid=0ffea94e-97aa-11ed-a7c2-5f1ec7448102 HTTP/1.1
Host: keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://keywebtracker.com/?if=1&scr_w=1280&scr_h=1024&blog=http%3A//tattoos-girl-fish-chinas-news.blogspot.com/search/label/katharine%2520mcphee%2520lesbian&ref=&l=celebrity
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Thu, 19 Jan 2023 03:33:38 GMT
location: http://ww1.keywebtracker.com
server: nginx
set-cookie: sid=0ffea94e-97aa-11ed-a7c2-5f1ec7448102; path=/; domain=.keywebtracker.com; expires=Tue, 06 Feb 2091 06:47:46 GMT; max-age=2147483647; HttpOnly
accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7435199865705255018%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByMwMDAwMDAqByNmZmZmZmYyByMwMDAwMDA6ByMzMzMzMzNCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://tattoos-girl-fish-chinas-news.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.ydLROSGdlBE.O/d%253D1/rs%253DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7435199865705255018%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByMwMDAwMDAqByNmZmZmZmYyByMwMDAwMDA6ByMzMzMzMzNCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://tattoos-girl-fish-chinas-news.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.ydLROSGdlBE.O/d%253D1/rs%253DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA/m%253D__features__%26bpli%3D1&go=true
216.58.207.237302 Found 475 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7435199865705255018%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByMwMDAwMDAqByNmZmZmZmYyByMwMDAwMDA6ByMzMzMzMzNCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://tattoos-girl-fish-chinas-news.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.ydLROSGdlBE.O/d%253D1/rs%253DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7435199865705255018%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByMwMDAwMDAqByNmZmZmZmYyByMwMDAwMDA6ByMzMzMzMzNCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://tattoos-girl-fish-chinas-news.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.ydLROSGdlBE.O/d%253D1/rs%253DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA/m%253D__features__%26bpli%3D1&go=true
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (521)
Hash f2fb68a75d556846d3ca2a6c26143b0b
e9b1e2828e040a88343c46fb793e6ed5a7e9b366
fad989012e873ca865e0881c72667c293a99b681a179fb8647074a083a91aafe
GET /ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D7435199865705255018%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByMwMDAwMDAqByNmZmZmZmYyByMwMDAwMDA6ByMzMzMzMzNCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://tattoos-girl-fish-chinas-news.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.ydLROSGdlBE.O/d%253D1/rs%253DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D7435199865705255018%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByMwMDAwMDAqByNmZmZmZmYyByMwMDAwMDA6ByMzMzMzMzNCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50%26pageSize%3D21%26origin%3Dhttp://tattoos-girl-fish-chinas-news.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.ydLROSGdlBE.O/d%253D1/rs%253DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA/m%253D__features__%26bpli%3D1&go=true HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Jan 2023 03:33:39 GMT
location: https://www.blogger.com/followers.g?blogID=7435199865705255018&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByMwMDAwMDAqByNmZmZmZmYyByMwMDAwMDA6ByMzMzMzMzNCByMwMDAwMDBKByMwMDAwMDBSByNGRkZGRkZaC3RyYW5zcGFyZW50&pageSize=21&origin=http%3A%2F%2Ftattoos-girl-fish-chinas-news.blogspot.com%2F&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.ydLROSGdlBE.O%2Fd%3D1%2Frs%3DAHpOoo_OUY4V-VcsLuRVnUuYVO758FydkA%2Fm%3D__features__&bpli=1
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-Zw1Ndo6bsQeyVNaUDRuD9Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 475
server: GSE
set-cookie: __Host-GAPS=1:ZRDpvyLUev8wRulexs0j99i6GyRe1A:HWngBvyZBzWhUkOD;Path=/;Expires=Sat, 18-Jan-2025 03:33:39 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
images4.fanpop.com/image/photos/18400000/Amy-Pond-amy-pond-18456702-500-282.jpg
104.26.11.178200 OK 136 kB URL HTTP/1.1 images4.fanpop.com/image/photos/18400000/Amy-Pond-amy-pond-18456702-500-282.jpg
IP 104.26.11.178:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 500x282, components 3\012- data
Size 136 kB (136187 bytes)
Hash a36ff604b8f577065e641c43da9d9ad7
900308d950655b7808f75c48aced71a6410de080
c3abe8085c160c9fa9f7d0e2db2fd733f66a5f3d8ab429510563daa184f51eb6
GET /image/photos/18400000/Amy-Pond-amy-pond-18456702-500-282.jpg HTTP/1.1
Host: images4.fanpop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2023 03:33:39 GMT
Content-Type: image/jpeg
Content-Length: 136187
Connection: keep-alive
Last-Modified: Sat, 15 Jan 2011 13:26:49 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=huxCH3bSkZ7sNjLS7i0Lk%2FUBUYj4fFDw5rSSvz%2Bxg%2FfrOF9j0uq4vp5K1Xa7imBFiYYGEWeiq3sQhVTWn07CYdZVEN86vu78nvPTUrdW5Rq6o04ZyT5fboMK4%2BdDu8xS5Ulz1g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78bc82920bf7b521-OSL
alt-svc: h2=":443"; ma=60
ww1.keywebtracker.com/
199.59.243.222200 OK 705 B IP 199.59.243.222:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (923), with no line terminators
Hash 29d7856337c3a06898b263f1651a6233
fd9af4cde87e6b669e8a142897ba54b2fa854ec7
363653325ed15f51438d8dfae69c850d817a94dc6a0e3eb70686d2055115a2af
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://keywebtracker.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 19 Jan 2023 03:33:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=3cb2f8c5-dd5c-a9eb-2105-b0bb3dcbd221; expires=Thu, 19-Jan-2023 03:48:39 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_uC1BRljOohAx9/f7OjS1/oP/BkqLEWyowaaWLOT5SQruXMFTuOr71iHRpyuNAmIFPx4svvdN50VyrZRAtdOOvg==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww1.keywebtracker.com/js/parking.2.101.3.js
199.59.243.222200 OK 22 kB URL HTTP/1.1 ww1.keywebtracker.com/js/parking.2.101.3.js
IP 199.59.243.222:0
File type HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 2398ba854d9b7df0994484fe3affb483
0d7507b8e43c24c40cc80544a044c16f6ef0a303
f6b51733c568c680004ef0db25d45238b9fb6fb8df034bfb4107dfae7a666bb2
Analyzer Verdict Alert fortinet Phishing
GET /js/parking.2.101.3.js HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 19 Jan 2023 03:33:39 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 17 Jan 2023 15:32:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
www.viva.co.id/images/2009/05/07/70358_aung_san_suu_kyi.jpg
54.230.111.66404 Not Found 17 kB URL HTTP/2 www.viva.co.id/images/2009/05/07/70358_aung_san_suu_kyi.jpg
IP 54.230.111.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4437)
Hash 3698ac75dede952d686335b447981c2d
39aad04161ce6ab2f2bab059282d9cd206f0f8d3
ec31e20bf06f1c247974a39f7d69cac381f2d76fe1cda893a5104338bd760426
GET /images/2009/05/07/70358_aung_san_suu_kyi.jpg HTTP/1.1
Host: www.viva.co.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
date: Thu, 19 Jan 2023 03:33:39 GMT
server: nginx
cache-control: no-cache, private
content-encoding: gzip
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dMZ5fYX1rEbyudeE039Mcyk_cqALk2UQhWkWCcvuIjoku7MlkYWIEQ==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 532289832b1f21cd9014c904ca0a1ad6
16b0dbd03283cf8a80316e49ab0a0299fd237d99
e0b0758c8bea976e4963c7ca91cc223d9b68f1e45048dd9d5cce73c9f20a08a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hempworks.typepad.com/.a/6a00d8341dcae753ef014e8a5ff8b1970d-500wi
104.18.136.190301 Moved Permanently 0 B URL HTTP/1.1 hempworks.typepad.com/.a/6a00d8341dcae753ef014e8a5ff8b1970d-500wi
IP 104.18.136.190:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /.a/6a00d8341dcae753ef014e8a5ff8b1970d-500wi HTTP/1.1
Host: hempworks.typepad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 301 Moved Permanently
Date: Thu, 19 Jan 2023 03:33:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 19 Jan 2023 04:33:39 GMT
Location: https://hempworks.typepad.com/.a/6a00d8341dcae753ef014e8a5ff8b1970d-500wi
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78bc829bee1bb4f1-OSL
ww1.keywebtracker.com/_fd
199.59.243.222200 OK 2.1 kB URL HTTP/1.1 ww1.keywebtracker.com/_fd
IP 199.59.243.222:0
File type ASCII text, with very long lines (4009), with no line terminators
Hash cdfc3f45bba971325d27b4d45f544103
f1cc89e429f3a7ca22c311c46e6d048893429e89
caff871875d1d1366511fbae204b882844fc51d725052693a2f6df1fb7afaac1
Analyzer Verdict Alert fortinet Phishing
POST /_fd HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.keywebtracker.com/
Content-Type: application/json
Origin: http://ww1.keywebtracker.com
Connection: keep-alive
Content-Length: 0
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 19 Jan 2023 03:33:39 GMT
X-Version: 2.101.3
Set-Cookie: parking_session=ebe6c1c3-7fa9-4661-93aa-38a8939067e5; expires=Thu, 19-Jan-2023 03:48:39 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww1.keywebtracker.com/px.gif?ch=1&rn=4.388102647475749
199.59.243.222200 OK 42 B URL HTTP/1.1 ww1.keywebtracker.com/px.gif?ch=1&rn=4.388102647475749
IP 199.59.243.222:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=1&rn=4.388102647475749 HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 19 Jan 2023 03:33:39 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
ww1.keywebtracker.com/px.gif?ch=2&rn=4.388102647475749
199.59.243.222200 OK 42 B URL HTTP/1.1 ww1.keywebtracker.com/px.gif?ch=2&rn=4.388102647475749
IP 199.59.243.222:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=2&rn=4.388102647475749 HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 19 Jan 2023 03:33:39 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
tattoos-girl-fish-chinas-news.blogspot.com/favicon.ico
216.58.207.193200 OK 412 B URL HTTP/1.1 tattoos-girl-fish-chinas-news.blogspot.com/favicon.ico
IP 216.58.207.193:0
File type MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Hash 501c61a70f5c41181aa050d9110909ca
5b985d5671a7caf686fdfb1df13488c4407f6c9f
c4aaf001607ee331f6871b4dbbf45942b1e197726714fd106e46d70cc10ee97e
GET /favicon.ico HTTP/1.1
Host: tattoos-girl-fish-chinas-news.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/search/label/katharine%20mcphee%20lesbian
HTTP/1.1 200 OK
Content-Type: image/x-icon; charset=UTF-8
Expires: Thu, 19 Jan 2023 03:33:39 GMT
Date: Thu, 19 Jan 2023 03:33:39 GMT
Cache-Control: private, max-age=86400
Last-Modified: Tue, 29 Nov 2022 08:05:36 GMT
ETag: W/"33df0ffe10edc7d6e11de44f45aaeb5eb709f04d66c2650641c6556edb3e44c9"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE
www.accesshollywood.com/content/images/1/400x400bd/1604_taylor-hicks-katharine-mcphee-idol.jpg
104.18.154.21404 Not Found 14 kB URL HTTP/2 www.accesshollywood.com/content/images/1/400x400bd/1604_taylor-hicks-katharine-mcphee-idol.jpg
IP 104.18.154.21:0
Hash 36806fa5e8ba6a44596494c33133693a
d053855d34b1fed0f0651f9d4ec80c45a72b844b
27e34332ba10f74c0bc02bd2e6d92e97d901fbafc3af96681cf0f108aebf021d
GET /content/images/1/400x400bd/1604_taylor-hicks-katharine-mcphee-idol.jpg HTTP/1.1
Host: www.accesshollywood.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
date: Thu, 19 Jan 2023 03:33:39 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public, max-age=14400
vary: Accept-Encoding
cf-cache-status: MISS
expires: Thu, 19 Jan 2023 07:33:39 GMT
server: cloudflare
cf-ray: 78bc82953ac6b4fa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 607bf9684e4803d817fdd1120427dcdd
886fa77396c792751868f05806793937a4f11be6
d17df5470015b9c3be3fc1e9c8fa5f2b732231eed453b689e94897f6f1da3911
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a54efac3cfe683663b768851ffa5519e
d1ba4839a18cebc3b47e9d9bf7cecd229d63ce8e
0a7225049806502f74014df147a616cb3fc7a37523c00a7334ef0af38e1d6e78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a54efac3cfe683663b768851ffa5519e
d1ba4839a18cebc3b47e9d9bf7cecd229d63ce8e
0a7225049806502f74014df147a616cb3fc7a37523c00a7334ef0af38e1d6e78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b
216.58.211.1200 OK 272 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b
IP 216.58.211.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash ab1acb76dd408583614a7a6cedf41866
e2d2d7074479023d37474ab62755b658d22d4ab1
8622edbe2503910e3cbeecef073a09e662fd2507436c3aabf885d155afd96565
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 272
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 08:04:53 GMT
expires: Thu, 19 Jan 2023 07:04:53 GMT
cache-control: public, max-age=82800
age: 70127
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
216.58.211.1200 OK 278 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP 216.58.211.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Hash bb7fc36f627255dd4783f849dca0932e
80e89ef8f3c2c8ee982523757fce214ea7323a69
735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647
GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 21:58:46 GMT
expires: Thu, 19 Jan 2023 20:58:46 GMT
cache-control: public, max-age=82800
age: 20094
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 607bf9684e4803d817fdd1120427dcdd
886fa77396c792751868f05806793937a4f11be6
d17df5470015b9c3be3fc1e9c8fa5f2b732231eed453b689e94897f6f1da3911
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a54efac3cfe683663b768851ffa5519e
d1ba4839a18cebc3b47e9d9bf7cecd229d63ce8e
0a7225049806502f74014df147a616cb3fc7a37523c00a7334ef0af38e1d6e78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db72b0cf36b635e3c0825b954e3f0571
f0f3d97119b058f86553062c835f89b1b283945d
bf6ecaa45a5dbd66d0c657e5f33345ac46bdc94d8cae1274fcaf01c0ff302b97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10161
Expires: Thu, 19 Jan 2023 06:23:01 GMT
Date: Thu, 19 Jan 2023 03:33:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10161
Expires: Thu, 19 Jan 2023 06:23:01 GMT
Date: Thu, 19 Jan 2023 03:33:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10161
Expires: Thu, 19 Jan 2023 06:23:01 GMT
Date: Thu, 19 Jan 2023 03:33:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dc15588-7ab3-449b-841e-1b44848c69ff.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dc15588-7ab3-449b-841e-1b44848c69ff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ac1e9ae8dfefbc1932d060052188c0b
73e01cd7b75bb0768df616c1a0ebf02df8de5443
bdfbd218becc507160f4e4a162e345300b49aaf0a05effa900b15f757f0ccb3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dc15588-7ab3-449b-841e-1b44848c69ff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11511
x-amzn-requestid: 8f92a31a-a233-4f35-9aac-b7b60a105021
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3vgjF9MIAMFlpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c62c69-7844213f4c220b0b140cabe0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 05:04:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AvKbDGfVG3LVkWi1R2W02OfdD5-rC0LsjwMMDxUp0JPhpA6_Dfk1QQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 21:54:10 GMT
age: 20370
etag: "73e01cd7b75bb0768df616c1a0ebf02df8de5443"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f36bdc-5e1d-4c19-960b-eda2a1687afa.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f36bdc-5e1d-4c19-960b-eda2a1687afa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 159d5f1e013b1a3b713aeadad55e3e1c
98eb5bdc0c81a275f6f113f07f93bd280fb933b8
7e9222460265eb1ae26bcc75a29d3034a6533738fd1ed0586ea37614e11b9085
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f36bdc-5e1d-4c19-960b-eda2a1687afa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10394
x-amzn-requestid: 31cafa1a-501c-4347-a64e-984a2c3df11a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eq1qRGscIAMFnRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1030e-4bdd7dbc09e29be46b33ac4e;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 07:06:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R9m9g6G6801QNfbVSwwoDAOk9nV3UHWAV4bw6JwxaSv79LtXdqV8zQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 17:34:11 GMT
age: 35969
etag: "98eb5bdc0c81a275f6f113f07f93bd280fb933b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0293b1-658b-40be-8f58-7c880a4f5b00.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0293b1-658b-40be-8f58-7c880a4f5b00.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b6cb560c00346a6c1d1862cfd25e5d92
0df06ee873767cda7b2f109caa5f3e0aab1ddc0a
1ee5d9792f084907b8837f818b7971c97eacff3b3e0cc83586220508c8755adf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0293b1-658b-40be-8f58-7c880a4f5b00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9221
x-amzn-requestid: ef7eb7e8-8e7f-4578-ae9a-2d0be07df045
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e0vOtFQ2IAMFedQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4f8c4-5ef1960d4ac7cd5560037d99;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 07:12:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hV9O65DcUGtRtapBhOQjJoID_d_zQ1eBLgp7Ux21xiIeixZTnDn_5A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 08:37:58 GMT
age: 68142
etag: "0df06ee873767cda7b2f109caa5f3e0aab1ddc0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa13fdc43-f169-4fe6-a14b-6ed62c4d08cc.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa13fdc43-f169-4fe6-a14b-6ed62c4d08cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7817aa566a3271f82153811b756bb90f
6be8688f3b8d2f053afed5c09d00e71ad9210258
1ec4a11d1598683001714eb1a130c5ba96c37aef0e43623a17780f848543b1c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa13fdc43-f169-4fe6-a14b-6ed62c4d08cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7864
x-amzn-requestid: 932e4550-d62d-448d-b60d-d3c62944c86c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fnEEVOIAMFZcA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c612f9-0977cfca7fe22f83168e5d9e;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rcBwm967yrKleLXr5OzF8SynTLuZIXY85zeUwRyCP56tAt5ChjIapg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 03:43:10 GMT
age: 85830
etag: "6be8688f3b8d2f053afed5c09d00e71ad9210258"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13457311f170ebcd637e77aa48873488
a51ef5eb01736824f382541c5a4ad025ae35c09e
f57f95cc9f18b2e41951f1fcd9c278ca0f522e98dbf57aeb4c59b4b59deeb605
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6235
x-amzn-requestid: 919a5e9d-11c0-4b12-a718-f5a256f4fda2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3RXBG8xoAMFW1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5fc2c-2398fc8910eb707e4c15b416;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 01:38:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MKOZeVCOBgny84FGH7fem1LQnV756ylBS2sGbZSdTpJQ2TNM2qJKFQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 21:54:10 GMT
age: 20370
etag: "a51ef5eb01736824f382541c5a4ad025ae35c09e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
media.vivanews.com/images/2009/05/07/70358_aung_san_suu_kyi.jpg
188.114.97.1302 Found 3.3 kB URL HTTP/2 media.vivanews.com/images/2009/05/07/70358_aung_san_suu_kyi.jpg
IP 188.114.97.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a0322b0c1c8ccba218bb838b9a08236b
2019b85538667589467bd7330d5c14e81d0a0219
206ed7eb5ba89c76c42b01a7fbf354b9417dd87d8149847b28dab0cb1c887198
GET /images/2009/05/07/70358_aung_san_suu_kyi.jpg HTTP/1.1
Host: media.vivanews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 19 Jan 2023 03:33:38 GMT
location: https://www.viva.co.id/images/2009/05/07/70358_aung_san_suu_kyi.jpg
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jF8%2FZeyeC9CjLQMaru%2FJf0viVndL8UokoF6h%2FsnFHsDe%2FVaijhEX48HV1IfgN54QtUrBM35tRPdWl5Q2kyWqb6m%2FzGtitIlK1tBXmnZOI%2FGwJu16E3G1iFTLYLt3lFoFG4Bc5%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78bc8294bd3c0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ww1.keywebtracker.com/
199.59.243.222200 OK 706 B IP 199.59.243.222:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (927), with no line terminators
Hash a1383ef57b4fd71b0edc683376f6cbb7
70c14d7a629865bce4c018c369f1805f90d535b0
aea408c7314f925d00400245a6801b25caa3d82d3b5e1faf2c6e9df86a6a1b3d
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 19 Jan 2023 03:33:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=625f286a-7017-55f0-2945-2ef4e1ecf39c; expires=Thu, 19-Jan-2023 03:48:40 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_uC1BRljOohAx9/f7OjS1/oP/BkqLEWyowaaWLOT5SQruXMFTuOr71iHRpyuNAmIFPx4svvdN50VyrZRAtdOOvg==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww1.keywebtracker.com/js/parking.2.101.3.js
199.59.243.222200 OK 22 kB URL HTTP/1.1 ww1.keywebtracker.com/js/parking.2.101.3.js
IP 199.59.243.222:0
File type HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 2398ba854d9b7df0994484fe3affb483
0d7507b8e43c24c40cc80544a044c16f6ef0a303
f6b51733c568c680004ef0db25d45238b9fb6fb8df034bfb4107dfae7a666bb2
Analyzer Verdict Alert fortinet Phishing
GET /js/parking.2.101.3.js HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
Cookie: parking_session=625f286a-7017-55f0-2945-2ef4e1ecf39c
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 19 Jan 2023 03:33:40 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 17 Jan 2023 15:32:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww1.keywebtracker.com/_fd
199.59.243.222200 OK 2.6 kB URL HTTP/1.1 ww1.keywebtracker.com/_fd
IP 199.59.243.222:0
File type ASCII text, with very long lines (5269), with no line terminators
Hash 0bfef03532db58c0b7f78e962b00a1d2
5dc507566e11d11fa135be248bb78c97778b8823
5ad38827a1451da6550087ea851ba6abd496f12d001e3081fd18ff7bbbae611c
Analyzer Verdict Alert fortinet Phishing
POST /_fd HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.keywebtracker.com/
Content-Type: application/json
Origin: http://ww1.keywebtracker.com
Connection: keep-alive
Cookie: parking_session=625f286a-7017-55f0-2945-2ef4e1ecf39c
Content-Length: 0
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 19 Jan 2023 03:33:40 GMT
X-Version: 2.101.3
Set-Cookie: parking_session=625f286a-7017-55f0-2945-2ef4e1ecf39c; expires=Thu, 19-Jan-2023 03:48:40 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww1.keywebtracker.com/px.gif?ch=1&rn=1.563995839489451
199.59.243.222200 OK 42 B URL HTTP/1.1 ww1.keywebtracker.com/px.gif?ch=1&rn=1.563995839489451
IP 199.59.243.222:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=1&rn=1.563995839489451 HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
Cookie: parking_session=625f286a-7017-55f0-2945-2ef4e1ecf39c
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 19 Jan 2023 03:33:40 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
ww1.keywebtracker.com/px.gif?ch=2&rn=1.563995839489451
199.59.243.222200 OK 42 B URL HTTP/1.1 ww1.keywebtracker.com/px.gif?ch=2&rn=1.563995839489451
IP 199.59.243.222:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=2&rn=1.563995839489451 HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
Cookie: parking_session=625f286a-7017-55f0-2945-2ef4e1ecf39c
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 19 Jan 2023 03:33:40 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 532289832b1f21cd9014c904ca0a1ad6
16b0dbd03283cf8a80316e49ab0a0299fd237d99
e0b0758c8bea976e4963c7ca91cc223d9b68f1e45048dd9d5cce73c9f20a08a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww1.keywebtracker.com/favicon.ico
199.59.243.222200 OK 0 B URL HTTP/1.1 ww1.keywebtracker.com/favicon.ico
IP 199.59.243.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
Cookie: parking_session=625f286a-7017-55f0-2945-2ef4e1ecf39c
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 19 Jan 2023 03:33:40 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-117.ec2.internal
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 870b56b31988dbba7484d107a3455332
bcea1ac4e6afb8d92bf1f074910db7492098e854
d6a42a2b06ca9f6aca467356435ee125626474f28803b4ed8e4b4271b03e0068
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1885)
Hash 3fd63960a09a1921f09e823ecb42902d
b0a4ccf8977a7018a555925812f2cdb46543cb9a
a39a8f2c705b08b94a82aa5e15373632f49a7dc1dbb31283ff2f81447fc2f1df
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 19 Jan 2023 03:33:40 GMT
expires: Thu, 19 Jan 2023 03:33:40 GMT
cache-control: private, max-age=3600
etag: "6451364468104600681"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ffc62725eb8d702d9aebcb456457fb2
0b5f6c5f99abfc8cc37016f8b76e19097c3ba294
f0d158f00224cad7d42c75dfdbbbe4f7ab6a4cdb221d3faa5aeb9917d98d4f0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 870b56b31988dbba7484d107a3455332
bcea1ac4e6afb8d92bf1f074910db7492098e854
d6a42a2b06ca9f6aca467356435ee125626474f28803b4ed8e4b4271b03e0068
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googlesyndication.com/afs/ads?adtest=off&psid=7049491253&pcsa=false&channel=pid-bodis-gcontrol57%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol414&client=dp-bodis30_3ph&r=m&hl=en&terms=malware%20detection%2Cmalware%20removal%2Csecurity%20monitoring&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301081%2C17301084&format=r3&nocache=4631674099220712&num=0&output=afd_ads&domain_name=ww1.keywebtracker.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1674099220714&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1264&psh=79&frm=0&cl=500700135&uio=-&cont=rs&jsid=caf&jsv=500700135&rurl=http%3A%2F%2Fww1.keywebtracker.com%2F&referer=http%3A%2F%2Fww1.keywebtracker.com%2F&adbw=master-1%3A1264
172.217.21.162200 OK 2.0 kB URL HTTP/2 afs.googlesyndication.com/afs/ads?adtest=off&psid=7049491253&pcsa=false&channel=pid-bodis-gcontrol57%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol414&client=dp-bodis30_3ph&r=m&hl=en&terms=malware%20detection%2Cmalware%20removal%2Csecurity%20monitoring&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301081%2C17301084&format=r3&nocache=4631674099220712&num=0&output=afd_ads&domain_name=ww1.keywebtracker.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1674099220714&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1264&psh=79&frm=0&cl=500700135&uio=-&cont=rs&jsid=caf&jsv=500700135&rurl=http%3A%2F%2Fww1.keywebtracker.com%2F&referer=http%3A%2F%2Fww1.keywebtracker.com%2F&adbw=master-1%3A1264
IP 172.217.21.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5452)
Hash 79bcba1f45c13ef6c4a95f2da75aa17f
6bd47a61e44383bed10c0e8c2b77c0fcee0da0f7
13a93701ee044068a76388a100933930d515472891031a31ecaa0dc1fb4a9380
GET /afs/ads?adtest=off&psid=7049491253&pcsa=false&channel=pid-bodis-gcontrol57%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol303%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol414&client=dp-bodis30_3ph&r=m&hl=en&terms=malware%20detection%2Cmalware%20removal%2Csecurity%20monitoring&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2898040491288658&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301081%2C17301084&format=r3&nocache=4631674099220712&num=0&output=afd_ads&domain_name=ww1.keywebtracker.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1674099220714&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1264&psh=79&frm=0&cl=500700135&uio=-&cont=rs&jsid=caf&jsv=500700135&rurl=http%3A%2F%2Fww1.keywebtracker.com%2F&referer=http%3A%2F%2Fww1.keywebtracker.com%2F&adbw=master-1%3A1264 HTTP/1.1
Host: afs.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Thu, 19 Jan 2023 03:33:41 GMT
expires: Thu, 19 Jan 2023 03:33:41 GMT
cache-control: private, max-age=3600
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 1985
x-xss-protection: 0
set-cookie: CONSENT=PENDING+956; expires=Sat, 18-Jan-2025 03:33:41 GMT; path=/; domain=.googlesyndication.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
thephotographer4you.com/wp-content/uploads/2011/03/ursula-7.jpg
38.95.34.81404 Not Found 4.3 kB URL HTTP/1.1 thephotographer4you.com/wp-content/uploads/2011/03/ursula-7.jpg
IP 38.95.34.81:0
Hash e516a2f6ebd597744ac27df24b25147a
1992b9f5cfa196fda6cce8f8616e774ad809f694
6f0d95e64fa064d8d3a638453327a1380c97d33c62cf196569411ce5afc58d07
GET /wp-content/uploads/2011/03/ursula-7.jpg HTTP/1.1
Host: thephotographer4you.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
HTTP/1.1 404 Not Found
Date: Thu, 19 Jan 2023 03:33:37 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://thephotographer4you.com/wp-json/>; rel="https://api.w.org/"
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 607bf9684e4803d817fdd1120427dcdd
886fa77396c792751868f05806793937a4f11be6
d17df5470015b9c3be3fc1e9c8fa5f2b732231eed453b689e94897f6f1da3911
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a54efac3cfe683663b768851ffa5519e
d1ba4839a18cebc3b47e9d9bf7cecd229d63ce8e
0a7225049806502f74014df147a616cb3fc7a37523c00a7334ef0af38e1d6e78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a54efac3cfe683663b768851ffa5519e
d1ba4839a18cebc3b47e9d9bf7cecd229d63ce8e
0a7225049806502f74014df147a616cb3fc7a37523c00a7334ef0af38e1d6e78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db72b0cf36b635e3c0825b954e3f0571
f0f3d97119b058f86553062c835f89b1b283945d
bf6ecaa45a5dbd66d0c657e5f33345ac46bdc94d8cae1274fcaf01c0ff302b97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
216.58.211.1200 OK 278 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP 216.58.211.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Hash bb7fc36f627255dd4783f849dca0932e
80e89ef8f3c2c8ee982523757fce214ea7323a69
735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647
GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://afs.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 21:58:46 GMT
expires: Thu, 19 Jan 2023 20:58:46 GMT
cache-control: public, max-age=82800
age: 20095
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googlesyndication.com/adsense/domains/caf.js
172.217.21.162200 OK 54 kB URL HTTP/2 afs.googlesyndication.com/adsense/domains/caf.js
IP 172.217.21.162:0
File type ASCII text, with very long lines (1885)
Hash 69826147f29ea2910e32398a48b9a312
2c1f0654ce0ea9db61e1bfa95313dff2c63ab4b5
7d245e4518fcf0c718e89a5a58c4f38fcd106862d6e06532f0befb487ce15e4e
GET /adsense/domains/caf.js HTTP/1.1
Host: afs.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://afs.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 19 Jan 2023 03:33:41 GMT
expires: Thu, 19 Jan 2023 03:33:41 GMT
cache-control: private, max-age=3600
etag: "13496469526618254424"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2
216.58.207.227200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Hash 402cbe860d64ae2e13145e34cbc7889c
7af4691dc306b7583365b9ff2ead0c1f6db017c5
da748253b458c5fc9c9a5e3c108b1cda280f52df4008702b9cea695ec23332aa
GET /s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://afs.googlesyndication.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 14:34:52 GMT
expires: Thu, 18 Jan 2024 14:34:52 GMT
cache-control: public, max-age=31536000
age: 46729
last-modified: Tue, 26 Apr 2022 14:38:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db72b0cf36b635e3c0825b954e3f0571
f0f3d97119b058f86553062c835f89b1b283945d
bf6ecaa45a5dbd66d0c657e5f33345ac46bdc94d8cae1274fcaf01c0ff302b97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 03:33:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww1.keywebtracker.com/_tr
199.59.243.222200 OK 22 B URL HTTP/1.1 ww1.keywebtracker.com/_tr
IP 199.59.243.222:0
File type ASCII text, with no line terminators
Hash 5cfde9b47de2d84bd26fc473632647c0
fd53c70631b6068328be57daec71bd94bf004d41
47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b
Analyzer Verdict Alert fortinet Phishing
POST /_tr HTTP/1.1
Host: ww1.keywebtracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.keywebtracker.com/
Content-Type: application/json
Origin: http://ww1.keywebtracker.com
Content-Length: 1661
Connection: keep-alive
Cookie: parking_session=625f286a-7017-55f0-2945-2ef4e1ecf39c; __gsas=ID=37ed428053c70374:T=1674099221:S=ALNI_MY64d4yta4bHVLccfI7zm_twZjNBQ
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 19 Jan 2023 03:33:41 GMT
X-Version: 2.101.3
Set-Cookie: parking_session=625f286a-7017-55f0-2945-2ef4e1ecf39c; expires=Thu, 19-Jan-2023 03:48:41 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 0 B URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.keywebtracker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 19 Jan 2023 03:33:39 GMT
expires: Thu, 19 Jan 2023 03:33:39 GMT
cache-control: private, max-age=3600
etag: "4307628890326065583"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
screenshots.fansub.tv/1107/44/15.jpg
104.21.60.49301 Moved Permanently 0 B URL HTTP/2 screenshots.fansub.tv/1107/44/15.jpg
IP 104.21.60.49:0
GET /1107/44/15.jpg HTTP/1.1
Host: screenshots.fansub.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tattoos-girl-fish-chinas-news.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Thu, 19 Jan 2023 03:33:38 GMT
content-type: text/html; charset=iso-8859-1
location: https://www.fansub.tv/1107/44/15.jpg
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ra7Aexs3f1mIDRE1iwrlwoo7pdFXsK3u0MEjjE5Is4nAL5Jbzc1iBTRPBwOLn%2Bh%2BVKzPeL0gpLK%2FQus4ngj1AVmUGdYPfVjGZoCbVFxmlY6Zbr0e5AT5bAKQ8t4AO%2BiloNEtRYjJgYc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78bc82940d0d0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Michroma&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Michroma&display=swap
IP 142.250.74.106:0
GET /css?family=Michroma&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 19 Jan 2023 03:33:40 GMT
date: Thu, 19 Jan 2023 03:33:40 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2