Report - elegantfreebies.blogspot.com/?m=1

Report Overview

Visited public
2023-11-27 18:29:48
Tags
URL
elegantfreebies.blogspot.com/?m=1
Finishing URL
elegantfreebies.blogspot.com/?m=1
IP / ASN
172.217.21.161
#15169 GOOGLE
Title
(1) New Message!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pl21233934.toprevenuegate.com	unknown	unknown	No data	No data	471 B	10 kB	192.243.61.227
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20 16:52:05	2023-11-27 10:53:54	456 B	705 B	142.250.74.2
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-27 07:14:04	2.2 kB	55 kB	142.250.74.99
use.typekit.net	494	2010-08-02	2012-07-05 03:42:39	2023-11-27 05:09:38	632 B	19 kB	23.33.119.67
nonsensethingresult.com	unknown	unknown	No data	No data	8.0 kB	12 kB	173.233.139.164
elegantfreebies.blogspot.com	unknown	unknown	No data	No data	3.5 kB	58 kB	172.217.21.161
blogger.googleusercontent.com	16485	2008-11-17	2012-05-25 19:41:01	2023-11-27 10:25:48	13 kB	1.8 MB	142.250.74.97
rpmwhoop.com	unknown	unknown	No data	No data	2.5 kB	5.8 kB	173.233.139.164
casualhappily.com	unknown	unknown	No data	No data	5.0 kB	7.2 kB	173.233.139.164
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-27 07:17:39	428 B	34 kB	142.250.74.106
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-11-27 07:34:07	456 B	29 kB	104.17.24.14
pro.fontawesome.com	5887	2012-10-18	2018-03-17 19:03:41	2023-11-27 11:33:43	1.6 kB	293 kB	104.18.40.68
questioningsanctifypuberty.com	unknown	unknown	No data	No data	2.5 kB	5.8 kB	192.243.59.13
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-11-26 14:13:40	2.4 kB	45 kB	172.64.108.10
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-11-26 14:13:40	528 B	1.9 kB	45.133.44.3
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-11-27 11:39:00	424 B	323 kB	172.64.196.8
www.blogger.com	8975	1999-06-22	2012-05-22 09:35:03	2023-11-27 10:25:48	453 B	60 kB	216.58.207.233
ljii.github.io	429141	2013-03-08	2021-07-21 13:23:23	2023-11-18 14:00:17	420 B	1.6 kB	185.199.108.153
p.typekit.net	620	2010-08-02	2012-05-23 16:28:57	2023-11-27 05:09:39	505 B	338 B	23.36.76.184
www.highcpmcreativeformat.com	unknown	2023-10-20	2023-10-23 21:49:14	2023-11-24 15:32:00	942 B	23 kB	192.243.59.13
pl21195212.toprevenuegate.com	unknown	unknown	No data	No data	473 B	16 kB	192.243.59.13
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-11-26 12:43:47	938 B	870 B	18.157.203.0
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-11-26 14:13:40	2.9 kB	298 kB	45.133.44.9
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-11-26 14:13:40	778 B	423 B	192.243.61.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-27	medium	toprevenuegate.com	Sinkholed
2023-11-27	medium	highcpmcreativeformat.com	Sinkholed
2023-11-27	medium	toprevenuegate.com	Sinkholed
2023-11-27	medium	highcpmcreativeformat.com	Sinkholed
2023-11-27	medium	questioningsanctifypuberty.com	Sinkholed
2023-11-27	medium	rpmwhoop.com	Sinkholed
2023-11-27	medium	questioningsanctifypuberty.com	Sinkholed
2023-11-27	medium	rpmwhoop.com	Sinkholed
2023-11-27	medium	casualhappily.com	Sinkholed
2023-11-27	medium	casualhappily.com	Sinkholed
2023-11-27	medium	nonsensethingresult.com	Sinkholed
2023-11-27	medium	nonsensethingresult.com	Sinkholed
2023-11-27	medium	nonsensethingresult.com	Sinkholed
2023-11-27	medium	casualhappily.com	Sinkholed
2023-11-27	medium	unseenreport.com	Sinkholed
2023-11-27	medium	nonsensethingresult.com	Sinkholed
2023-11-27	medium	nonsensethingresult.com	Sinkholed
2023-11-27	medium	casualhappily.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (29)

	URL	From	Size	First Seen	Last Seen
	elegantfreebies.blogspot.com/?m=1	ScriptElement	275 B	2023-03-07	2025-05-11
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 19:28 Times Seen37742 Hash 38ee2f6ddbe8a478e5795030e72ba35d d332319b04b273e3b9a93ffa22ba9036d59b8e99 97d98978d5864e77cd83bd79a0d31ced40631a6134a154e8f049bcc20f49a319 Loading...

	pagead2.googlesyndication.com/pagead/js/google_top_exp.js	ScriptElement	47 B	2023-03-07	2025-05-11
Pretty URL pagead2.googlesyndication.com/pagead/js/google_top_exp.js IP 142.250.74.2 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 14:30 Times Seen15394 Hash 7f5f2be159837d73b72a4b37616bce44 c93d7f25b530b05c26440d3352213b683d03dcc3 ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash 8667a4692aefda72e94acff2314e95c9 e60b113a122da2adf4d24daae39a355471263b42 e16a66482368ff408fd374b9ad3f8e8fe1bf8b47834091e387faa15306b08a7a Loading...

	elegantfreebies.blogspot.com/?m=1	ScriptElement	291 B	2024-08-20	2024-08-20
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash b78411b455bbbfc501a0f76976160f7d 885ce2b3ffd53d28b76a10ccf58abdad727df4a0 6853096a2c710023624c9d150771b1c116e07abf7a5488a3c61cdf38c472a914 Loading...

	elegantfreebies.blogspot.com/?m=1	ScriptElement	198 B	2023-03-09	2024-08-21
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 14:13 Last Seen2024-08-21 09:40 Times Seen5 Hash 26a3bd73133b32e6c2ac81ca96bbcc15 16a7498a0348903234bfce82687c3e01f543a41f 94f20d060acfb883acd5cddbefad0963264c6c11173e03a3d40da0f037d32c8c Loading...

	elegantfreebies.blogspot.com/?m=1	ScriptElement	101 B	2023-03-10	2024-12-29
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 15:10 Last Seen2024-12-29 12:59 Times Seen47 Hash c2b65c93186f9f451c1785fb2c12e765 3dd1a576cda021e20e7ab3a1909e917778043ddf b684566c1fac728d334bdbe2df881d0be8d493cbd8b48c836066335139c232bf Loading...

	unknown	ScriptElement	196 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash 421759bbd17048026cc4791a433a581b d27a5fdb4ab29793dcc4d90a09f16cce1a782d04 e288d6a4fb3c0177bfe304a6eb02c0f6e19514d3765f997d157c994405f0dc5a Loading...

	www.blogger.com/static/v1/widgets/325989852-widgets.js	ScriptElement	165 kB	2023-11-23	2023-12-04
Pretty URL www.blogger.com/static/v1/widgets/325989852-widgets.js IP 216.58.207.233 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 06:43 Last Seen2023-12-04 01:06 Times Seen1747 Hash 2aaaea7286ee481cbc12cfd76e10c0cf 6e8576cb84ac125faa0bc0a5fe5508166cc4eed8 4bfa00cdbc7a40f5dad3dfc3a21dada224e61e358e78d7b262bab098bccbc580 Loading...

	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash 197ed142f4c35177ff45963a93992375 2cf898cf7fdf5e2fd6d9897cc9a37a95312cad1c 5e72a17d95c2cb8d8020694ba57cb7f2d7c2a7223a772e25081c73a18ad72291 Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-11
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js IP 172.64.108.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 16:56 Times Seen7496 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	elegantfreebies.blogspot.com/?m=1	ScriptElement	302 B	2023-03-07	2025-05-11
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 16:53 Times Seen16404 Hash 5a9442d8fb9a2077b3ebaf7aa6f763fb 1ad7b70635d1b80ddf645acb12b5f17e0ecf0c99 0665437bacd7ab06df7300ed254eac6729ed5e062da4cfb3895416289cfc647a Loading...

	elegantfreebies.blogspot.com/?m=1	ScriptElement	269 B	2023-03-07	2025-05-11
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 14:30 Times Seen15927 Hash 6e880fa46f41c3a142b32e22ca7c06a0 cb7725608bf21d4a5fab1e9050328ab9b024d285 95df5b72788a5634d46797321652a339cd37eeba06d33166541e76a0deb42b61 Loading...

	www.highcpmcreativeformat.com/621d879f00b18948b711855dfb50ccc0/invoke.js	ScriptElement	30 kB	2023-11-27	2023-11-28
Pretty URL www.highcpmcreativeformat.com/621d879f00b18948b711855dfb50ccc0/invoke.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-27 11:36 Last Seen2023-11-28 07:29 Times Seen4 Hash 15f3577d9acfca847a51b939ebdc433b 2942f3aebfa4c600ea9f274ec92e9f9fddb8b688 34be2794f5f1b1046d771bda9f76c74ef56837c4284a8ef87bfd6703b4d4c4ef Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 19:20 Times Seen108977 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	unknown	ScriptElement	1.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash 6bf675994fc888f5857ba2fc7bc88c3c 58522a69bc63e951701f2f2707f0a40b845dc4b7 49abe0b6c32601d3c7106a2ad5b4abbb6cfbfe35ef1bee9d0f0cda15f1b4461d Loading...

	elegantfreebies.blogspot.com/?m=1	ScriptElement	11 kB	2023-03-07	2024-12-31
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-12-31 14:06 Times Seen28 Hash 290b3af0f82987c586afba34d5de233d 26eff9fe636be240e37d388f9b363f9bbf66b3bb 2674f86dc1a75b1f478a7376605042f0761095e5b170dc4e0f6757899e90de7c Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 172.64.196.8 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	www.highcpmcreativeformat.com/621d879f00b18948b711855dfb50ccc0/invoke.js	ScriptElement	30 kB	2023-11-27	2023-11-28
Pretty URL www.highcpmcreativeformat.com/621d879f00b18948b711855dfb50ccc0/invoke.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-27 19:29 Last Seen2023-11-28 07:29 Times Seen2 Hash b37c198582cbb145f72894d668023a95 6afe6f86d15210a8f1102c9e04e71f1c9bcc787b fb6cb92ac1f5535eebe1c72720a1c40a7ee39ff8b03bcb134dbc0be79d14509f Loading...

	pl21195212.toprevenuegate.com/7e/e9/fd/7ee9fd42c85377aed65996b9d77c8a25.js	ScriptElement	43 kB	2023-11-27	2023-11-27
Pretty URL pl21195212.toprevenuegate.com/7e/e9/fd/7ee9fd42c85377aed65996b9d77c8a25.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-27 19:29 Last Seen2023-11-27 19:29 Times Seen1 Hash bec41e67f484b9c2d6fc97b665a89a31 40cb99c765ae06bbde02612f2d42b8baaf1d958e 72715e2755b4c3c7be23b7f7a166f9df1fdd71a46e859d19d0d87ee86b6c8ff6 Loading...

	elegantfreebies.blogspot.com/?m=1	ScriptElement	24 kB	2023-05-14	2024-12-31
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-14 00:53 Last Seen2024-12-31 14:06 Times Seen10 Hash 07ee723491b6c9d99f3d6b1752fb6446 18d2f9b52f3cc1ba8d101b7d1f556e32a3df81bb 3b42961c702acc26c6842bdc8ba988b1d2fbedcd3a21aebaca76d71b92945fdf Loading...

	elegantfreebies.blogspot.com/?m=1	ScriptElement	789 B	2023-03-07	2024-08-21
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2024-08-21 09:44 Times Seen17283 Hash 0699fb3015610319b1639f47466451f0 5f4d8a4022f3a687921d7b3dce01cfc5bd62248f 2443e5c9c4ba5a75e030860f998bcf800907b0d4b3c4017999c2ed7ac84eeefa Loading...

	elegantfreebies.blogspot.com/js/cookienotice.js	ScriptElement	6.5 kB	2023-03-07	2025-05-11
Pretty URL elegantfreebies.blogspot.com/js/cookienotice.js IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 19:28 Times Seen43888 Hash a705132a2174f88e196ec3610d68faa8 3bad57a48d973a678fec600d45933010f6edc659 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568 Loading...

	ljii.github.io/m/m.js	ScriptElement	1.8 kB	2023-09-11	2023-11-30
Pretty URL ljii.github.io/m/m.js IP 185.199.108.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-11 16:08 Last Seen2023-11-30 23:41 Times Seen14 Hash 3945ad53ea46745e9b7ac7df7590ae1f d788fba52be157d95a5ff273eef0121721cce14f 42b7ed7f3144366f3ccd0371c87d6e57fd704b2f99d0a40ae1e5db12b136ddfc Loading...

	elegantfreebies.blogspot.com/?m=1	ScriptElement	15 kB	2024-08-20	2024-08-20
Pretty URL elegantfreebies.blogspot.com/?m=1 IP 172.217.21.161 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash d626ee17162320697df76020e5bbcc97 3f300ae7a581dd6fd3017d835956243ead0a76ef d701e3ed676381ee268b178ceb08b89a8f2439b25dc25cc5f7ca2f88aac6c42d Loading...

	pl21233934.toprevenuegate.com/a84f8187074b7f17110403f19701cd1b/invoke.js	ScriptElement	25 kB	2023-11-27	2023-11-27
Pretty URL pl21233934.toprevenuegate.com/a84f8187074b7f17110403f19701cd1b/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-27 19:29 Last Seen2023-11-27 19:29 Times Seen1 Hash eaeaf7cd42b0eda28167d23376dfac60 25052fddab319c6c16bfaf6957c8602350730989 061e1c9583d58f64c8533066d9e561994d36f0d7917acefc609fc0e52ec0969d Loading...

	unknown	ScriptElement	145 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash 62c275a086b434e575ba21ad2f901833 fcd3b3bb46e3875d7ac95dadac83b099f906b8b3 1d0a795813339f136a709ee66223eaddb31cf8c8daebac508288c12be364030d Loading...

		Size	First Seen	Last Seen
	#1 Eval - 8daa5ac75b2d6a7986e3fedeff89ffc5	2.1 kB	2024-08-20 17:42	2024-08-20 17:42
Pretty Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash 8daa5ac75b2d6a7986e3fedeff89ffc5 eb3cfb4eae38fc226d82bb3eb61e70b1437bc679 fe34b5c227749c4a83ce892f9bc97744f17fd8b8a5f3cf2fac901a3a397946f7 Loading...

	#2 Eval - e91de91ff8c7da3fe14fc0e8522af43c	2.1 kB	2024-08-20 17:42	2024-08-20 17:42
Pretty Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash e91de91ff8c7da3fe14fc0e8522af43c 1e8e29079cfcbd8711968d49c0948da7f672c0b7 7ba8fdb1c2e9fa8cb0b4d14b866c7e3b58e44c0aa85489a58c5e050b0a84a939 Loading...

		Size	First Seen	Last Seen
	#1 Write - fe7bcbdd2d7c9644124d749eb3b6f4b3	121 B	2024-08-20 17:42	2024-08-20 17:42
Pretty Observations First Seen2024-08-20 17:42 Last Seen2024-08-20 17:42 Times Seen1 Hash fe7bcbdd2d7c9644124d749eb3b6f4b3 a77994f4a5569a30af6a586cc9f57cef96ebe02f 3723944baa58abdb82fd0e4e787bf2ea0a4efafd79b4bef147058fe787100c15 Loading...

HTTP Transactions (71)

URL IP Response Size

elegantfreebies.blogspot.com/?m=1

172.217.21.161

200 OK

40 kB

URL User Request GET HTTP/2
elegantfreebies.blogspot.com/?m=1
IP
172.217.21.161:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint07:E2:99:33:66:25:16:0A:1D:C3:C7:18:D8:82:4A:F0:37:40:E1:5B
ValidityMon, 23 Oct 2023 11:23:28 GMT - Mon, 15 Jan 2024 11:23:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1470)
Size
40 kB (39846 bytes)
Hash
591c80b5be728dcc1a6c56601b689c56
41d4dd1a062065f58c41f05f0651ee99bded5c82
eccaa61191e106ed02f3ec2186e47478f9644f8c648ec37bc16cb33c4e79e6ac

HTTP Headers

GET /?m=1 HTTP/1.1
Host: elegantfreebies.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Mon, 27 Nov 2023 18:29:29 GMT
date: Mon, 27 Nov 2023 18:29:29 GMT
cache-control: private, max-age=0
last-modified: Mon, 27 Nov 2023 18:07:05 GMT
etag: W/"1cc17c8c1563514d953250fc9e2f07c6af4bf311271ea9c4f98659ee1b010eb9"
x-robots-tag: all
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 39846
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

elegantfreebies.blogspot.com/js/cookienotice.js

172.217.21.161

200 OK

2.0 kB

URL GET HTTP/3
elegantfreebies.blogspot.com/js/cookienotice.js
IP
172.217.21.161:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint07:E2:99:33:66:25:16:0A:1D:C3:C7:18:D8:82:4A:F0:37:40:E1:5B
ValidityMon, 23 Oct 2023 11:23:28 GMT - Mon, 15 Jan 2024 11:23:27 GMT

File type
ASCII text
Size
2.0 kB (2026 bytes)
Hash
a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: elegantfreebies.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/?m=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Mon, 27 Nov 2023 18:29:30 GMT
expires: Mon, 04 Dec 2023 18:29:30 GMT
cache-control: public, max-age=604800
last-modified: Mon, 27 Nov 2023 17:58:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 392152
expires: Sat, 16 Nov 2024 18:29:30 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jALIi9mb6ZWXEbWfaksHiDEjb5MWB734JKjeiaegz847xCgvAg0Y4h2HYSZGCqXe4oonGgBgdQlRZGKKS9fEGFdCBdu2UDw3HjYzYQGmTQkt8oRP6JybNJ8ghIJhrQyUjtjSYunB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82cc6fdf2b2b569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/325989852-widgets.js

216.58.207.233

200 OK

59 kB

URL GET HTTP/2
www.blogger.com/static/v1/widgets/325989852-widgets.js
IP
216.58.207.233:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.blogger.com
Fingerprint4A:89:9B:E5:F1:54:0E:2D:0A:8E:40:A8:27:DF:2E:6B:7F:74:51:90
ValidityMon, 23 Oct 2023 11:17:52 GMT - Mon, 15 Jan 2024 11:17:51 GMT

File type
ASCII text, with very long lines (2258)
Size
59 kB (59316 bytes)
Hash
2aaaea7286ee481cbc12cfd76e10c0cf
6e8576cb84ac125faa0bc0a5fe5508166cc4eed8
4bfa00cdbc7a40f5dad3dfc3a21dada224e61e358e78d7b262bab098bccbc580

HTTP Headers

GET /static/v1/widgets/325989852-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59316
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 01:57:56 GMT
expires: Fri, 22 Nov 2024 01:57:56 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 23 Nov 2023 00:54:48 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 405094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ljii.github.io/m/m.js

185.199.108.153

200 OK

883 B

URL GET HTTP/2
ljii.github.io/m/m.js
IP
185.199.108.153:443
ASN
#54113 FASTLY

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerDigiCert Inc
Subject*.github.io
FingerprintA1:46:14:C7:2A:1D:52:79:F6:AA:2B:B2:C5:0A:3B:D3:F5:02:06:75
ValidityTue, 21 Feb 2023 00:00:00 GMT - Wed, 20 Mar 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (546)
Size
883 B (883 bytes)
Hash
3945ad53ea46745e9b7ac7df7590ae1f
d788fba52be157d95a5ff273eef0121721cce14f
42b7ed7f3144366f3ccd0371c87d6e57fd704b2f99d0a40ae1e5db12b136ddfc

HTTP Headers

GET /m/m.js HTTP/1.1
Host: ljii.github.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Wed, 30 Aug 2023 07:00:06 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: W/"64eee8f6-6fc"
expires: Tue, 24 Oct 2023 23:37:56 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: BB3A:0E03:352348:361D3B:653852FB
accept-ranges: bytes
date: Mon, 27 Nov 2023 18:29:30 GMT
via: 1.1 varnish
age: 60
x-served-by: cache-bma1681-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1701109770.186369,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: a21e6bf02433890ca8ef016f5cdd8ee2e8873eab
content-length: 883
X-Firefox-Spdy: h2

p.typekit.net/p.css?s=1&k=byr0bra&ht=tk&f=6846.15528.15529.15530&a=4009364&app=typekit&e=css

23.36.76.184

200 OK

5 B

URL GET HTTP/2
p.typekit.net/p.css?s=1&k=byr0bra&ht=tk&f=6846.15528.15529.15530&a=4009364&app=typekit&e=css
IP
23.36.76.184:443
ASN
#20940 Akamai International B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
ASCII text
Size
5 B (5 bytes)
Hash
83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

HTTP Headers

GET /p.css?s=1&k=byr0bra&ht=tk&f=6846.15528.15529.15530&a=4009364&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: text/css
content-length: 5
last-modified: Tue, 07 Mar 2023 19:56:00 GMT
etag: "640796d0-5"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Mon, 27 Nov 2023 18:29:30 GMT
X-Firefox-Spdy: h2

pl21233934.toprevenuegate.com/a84f8187074b7f17110403f19701cd1b/invoke.js

192.243.61.227

200 OK

9.3 kB

URL GET HTTP/1.1
pl21233934.toprevenuegate.com/a84f8187074b7f17110403f19701cd1b/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjecttoprevenuegate.com
Fingerprint7D:44:5C:97:A8:B4:D2:87:5C:7C:4E:B7:DA:3A:38:99:85:00:67:40
ValidityFri, 20 Oct 2023 09:02:00 GMT - Thu, 18 Jan 2024 09:01:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (25097), with no line terminators
Size
9.3 kB (9282 bytes)
Hash
eaeaf7cd42b0eda28167d23376dfac60
25052fddab319c6c16bfaf6957c8602350730989
061e1c9583d58f64c8533066d9e561994d36f0d7917acefc609fc0e52ec0969d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a84f8187074b7f17110403f19701cd1b/invoke.js HTTP/1.1
Host: pl21233934.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 48e1e0e6fe64c310066698af1056c4e9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.highcpmcreativeformat.com/621d879f00b18948b711855dfb50ccc0/invoke.js

192.243.59.13

200 OK

11 kB

URL GET HTTP/1.1
www.highcpmcreativeformat.com/621d879f00b18948b711855dfb50ccc0/invoke.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjecthighcpmcreativeformat.com
FingerprintDC:3C:35:A8:31:08:8E:E0:A8:24:1F:F4:A8:BE:E4:04:AE:7B:18:BD
ValidityFri, 20 Oct 2023 09:02:37 GMT - Thu, 18 Jan 2024 09:02:36 GMT

File type
exported SGML document, ASCII text, with very long lines (29583), with no line terminators
Size
11 kB (10904 bytes)
Hash
b37c198582cbb145f72894d668023a95
6afe6f86d15210a8f1102c9e04e71f1c9bcc787b
fb6cb92ac1f5535eebe1c72720a1c40a7ee39ff8b03bcb134dbc0be79d14509f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /621d879f00b18948b711855dfb50ccc0/invoke.js HTTP/1.1
Host: www.highcpmcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 27 Nov 2023 18:29:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2e8250dd68fe033db2022d5e658eaeba
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

elegantfreebies.blogspot.com/responsive/sprite_v1_6.css.svg

172.217.21.161

200 OK

2.2 kB

URL GET HTTP/3
elegantfreebies.blogspot.com/responsive/sprite_v1_6.css.svg
IP
172.217.21.161:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint07:E2:99:33:66:25:16:0A:1D:C3:C7:18:D8:82:4A:F0:37:40:E1:5B
ValidityMon, 23 Oct 2023 11:23:28 GMT - Mon, 15 Jan 2024 11:23:27 GMT

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7657)
Size
2.2 kB (2244 bytes)
Hash
d4dcfc8144f556815c7a1d84ed4e959e
22088bd6cdf970dcf7bfab9a74a4768548ca8890
73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c

HTTP Headers

GET /responsive/sprite_v1_6.css.svg HTTP/1.1
Host: elegantfreebies.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/?m=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: image/svg+xml
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2244
date: Mon, 27 Nov 2023 18:29:30 GMT
expires: Mon, 04 Dec 2023 18:29:30 GMT
cache-control: public, max-age=604800
last-modified: Mon, 27 Nov 2023 12:57:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

pl21195212.toprevenuegate.com/7e/e9/fd/7ee9fd42c85377aed65996b9d77c8a25.js

192.243.59.13

200 OK

15 kB

URL GET HTTP/1.1
pl21195212.toprevenuegate.com/7e/e9/fd/7ee9fd42c85377aed65996b9d77c8a25.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjecttoprevenuegate.com
Fingerprint7D:44:5C:97:A8:B4:D2:87:5C:7C:4E:B7:DA:3A:38:99:85:00:67:40
ValidityFri, 20 Oct 2023 09:02:00 GMT - Thu, 18 Jan 2024 09:01:59 GMT

File type
ASCII text, with very long lines (42863), with no line terminators
Size
15 kB (15237 bytes)
Hash
bec41e67f484b9c2d6fc97b665a89a31
40cb99c765ae06bbde02612f2d42b8baaf1d958e
72715e2755b4c3c7be23b7f7a166f9df1fdd71a46e859d19d0d87ee86b6c8ff6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /7e/e9/fd/7ee9fd42c85377aed65996b9d77c8a25.js HTTP/1.1
Host: pl21195212.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 27 Nov 2023 18:29:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8446f43b250544b18c1b4eddebb80bcc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pro.fontawesome.com/releases/v5.15.3/webfonts/fa-regular-400.woff2

104.18.40.68

200 OK

169 kB

URL GET HTTP/2
pro.fontawesome.com/releases/v5.15.3/webfonts/fa-regular-400.woff2
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 168768, version 331.-31261\012- data
Size
169 kB (168768 bytes)
Hash
d8689b99dce7c881d3130f3c91cfefdf
fb005c93930c13b3a5f449bbc75ba5ee23f609fa
4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938

HTTP Headers

GET /releases/v5.15.3/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: pro.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://pro.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:31 GMT
content-type: font/woff2
content-length: 168768
x-amz-id-2: 5FDucNZnWjEtFns1iiRkYNYxYWWtGxsAu2TODwapZMSswkdLLB+c/pygyyHiGY4CYkfr1g8jaLM=
x-amz-request-id: X07G0A3MKZ5NJP1Y
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 28 Jun 2021 17:23:20 GMT
etag: "d8689b99dce7c881d3130f3c91cfefdf"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 82cc6fe13a87b515-OSL
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/google_top_exp.js

142.250.74.2

200 OK

42 B

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP
142.250.74.2:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.g.doubleclick.net
Fingerprint6C:2A:75:F2:3F:EF:4F:43:B1:8D:C3:B7:E9:2E:4A:EF:40:6A:FC:92
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text
Size
42 B (42 bytes)
Hash
7f5f2be159837d73b72a4b37616bce44
c93d7f25b530b05c26440d3352213b683d03dcc3
ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2

HTTP Headers

GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 42
x-xss-protection: 0
date: Mon, 27 Nov 2023 05:09:33 GMT
expires: Mon, 11 Dec 2023 05:09:33 GMT
cache-control: public, max-age=1209600
age: 47998
etag: 13036835877489095579
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sen/v2/6xKjdSxYI9_3nPWNAGn5LA.woff2

142.250.74.99

200 OK

10 kB

URL GET HTTP/2
fonts.gstatic.com/s/sen/v2/6xKjdSxYI9_3nPWNAGn5LA.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10108, version 1.0\012- data
Size
10 kB (10108 bytes)
Hash
4e7451e9ae3c1658df08dab9b6167ac7
789fb9757145253c21d5e7251cdf57f34e4f8039
165ec2e19d2faa9e3562a32cd4e82e03ab835c7ebd6e7a66b589d6687b5fb3d7

HTTP Headers

GET /s/sen/v2/6xKjdSxYI9_3nPWNAGn5LA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Nov 2023 22:26:39 GMT
expires: Thu, 21 Nov 2024 22:26:39 GMT
cache-control: public, max-age=31536000
age: 417772
last-modified: Thu, 23 Jul 2020 19:43:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.typekit.net/af/f3ba4f/00000000000000003b9b12fa/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3

23.33.119.67

200 OK

18 kB

URL GET HTTP/2
use.typekit.net/af/f3ba4f/00000000000000003b9b12fa/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP
23.33.119.67:443
ASN
#20940 Akamai International B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), CFF, length 18512, version 1.0\012- data
Size
18 kB (18512 bytes)
Hash
cf30fef8029b5421916cf930eaf14129
767ea83134ee15133e47ff207c7cebd1b757944e
d954556a9ec67e4ce63d993d026abf4b6cab1fdd80d3df2d55a76f8c8aaef415

HTTP Headers

GET /af/f3ba4f/00000000000000003b9b12fa/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 18512
etag: "e2418760f00448874f89ae40256bf9d1d180c197"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Mon, 27 Nov 2023 18:29:31 GMT
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.157.203.0

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.157.203.0:443
ASN
#16509 AMAZON-02

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
3aaf52c059eec6c146930bf92fa23d73
5a7a7bdb11281ee5a3ad09150f818aad7f1d7c91
be58f28f819677d9d8f9f7a98ec7779ab18236833f59e6899670b3500dba6ff4

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://elegantfreebies.blogspot.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67:2:1; expires=Thu, 24 Nov 2033 18:29:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

www.highcpmcreativeformat.com/621d879f00b18948b711855dfb50ccc0/invoke.js

192.243.59.13

200 OK

11 kB

URL GET HTTP/1.1
www.highcpmcreativeformat.com/621d879f00b18948b711855dfb50ccc0/invoke.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjecthighcpmcreativeformat.com
FingerprintDC:3C:35:A8:31:08:8E:E0:A8:24:1F:F4:A8:BE:E4:04:AE:7B:18:BD
ValidityFri, 20 Oct 2023 09:02:37 GMT - Thu, 18 Jan 2024 09:02:36 GMT

File type
exported SGML document, ASCII text, with very long lines (29637), with no line terminators
Size
11 kB (10915 bytes)
Hash
15f3577d9acfca847a51b939ebdc433b
2942f3aebfa4c600ea9f274ec92e9f9fddb8b688
34be2794f5f1b1046d771bda9f76c74ef56837c4284a8ef87bfd6703b4d4c4ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /621d879f00b18948b711855dfb50ccc0/invoke.js HTTP/1.1
Host: www.highcpmcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 27 Nov 2023 18:29:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f2e8968881455e6c3f865d848839219b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.157.203.0

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.157.203.0:443
ASN
#16509 AMAZON-02

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
8f8b188cb2231691c3b0b52127670045
87941cb74dc4400c00971f9c11c608a28f367e85
840473f0de626f40381cc0a93aae2b200b8b6d9c343c436ec9b9561fa6cdd802

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://elegantfreebies.blogspot.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=65268eee-2af5-4bb8-af3f-7401d6c11fa6:3:1; expires=Thu, 24 Nov 2033 18:29:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sen/v2/6xKudSxYI9__J9CYLUv0BnYASA.woff2

142.250.74.99

200 OK

10 kB

URL GET HTTP/2
fonts.gstatic.com/s/sen/v2/6xKudSxYI9__J9CYLUv0BnYASA.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10244, version 1.0\012- data
Size
10 kB (10244 bytes)
Hash
6a0092120d30aea7e520bf61aad916b2
19616f41b589ac433a3ccf0578cc39f94d3ee6e1
23b2fd21777b1f79dcd57f38ec1254fde451e11aa5ebc24938b1079a7b4e8a6c

HTTP Headers

GET /s/sen/v2/6xKudSxYI9__J9CYLUv0BnYASA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 05:59:43 GMT
expires: Fri, 22 Nov 2024 05:59:43 GMT
cache-control: public, max-age=31536000
age: 390588
last-modified: Thu, 23 Jul 2020 19:38:49 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/a/AVvXsEhfie60z-uXiQpkq2cKY2NmfEuJnvpmoy2_8ml_R7oy0y-tW44kzU9VbpzQeyuCUXUCTXouAFTuit4T3nFtbHG3iIxbgqvtDFX6jh0_vVoq-osyieTyrT8m3fIEwYInnq0sJtQMyShXHGekX41om-MXY5q5Khz1SsthltW69Ra9BI_d7VGW787RYzke1tfA=s442

142.250.74.97

200 OK

18 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/a/AVvXsEhfie60z-uXiQpkq2cKY2NmfEuJnvpmoy2_8ml_R7oy0y-tW44kzU9VbpzQeyuCUXUCTXouAFTuit4T3nFtbHG3iIxbgqvtDFX6jh0_vVoq-osyieTyrT8m3fIEwYInnq0sJtQMyShXHGekX41om-MXY5q5Khz1SsthltW69Ra9BI_d7VGW787RYzke1tfA=s442
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 442 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (17953 bytes)
Hash
6c6426ebd7a1bec5ee1665adf03aee60
ec0d8a3ffdaa120d145b284a72c5e466e1a1b79d
61e9570569c60d45ca2f29a0735d988aa3a995eee6a9fad02083c2b813e809eb

HTTP Headers

GET /img/a/AVvXsEhfie60z-uXiQpkq2cKY2NmfEuJnvpmoy2_8ml_R7oy0y-tW44kzU9VbpzQeyuCUXUCTXouAFTuit4T3nFtbHG3iIxbgqvtDFX6jh0_vVoq-osyieTyrT8m3fIEwYInnq0sJtQMyShXHGekX41om-MXY5q5Khz1SsthltW69Ra9BI_d7VGW787RYzke1tfA=s442 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v453"
expires: Tue, 28 Nov 2023 18:29:31 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="20231105_112800_0000.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:31 GMT
server: fife
content-length: 17953
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/a/AVvXsEiFGsS4iEWV49LZc8c5YMHNY1U2E63ArnFlqEJNhdYaRsc1I7BUQLBJ3oiIcfkFPd2itLu15mKXFQ13EmT09r1F_ZJpXLHUF5IldAWsFu3K8JwoL42zlbmyiOviZ1oEq7V1CZd_VmjKcKZxXa-nr7apWrl2Wr8VtW3VxQLGH3tNgXimUBQt4jJiZP7urtvS=s442

142.250.74.97

200 OK

18 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/a/AVvXsEiFGsS4iEWV49LZc8c5YMHNY1U2E63ArnFlqEJNhdYaRsc1I7BUQLBJ3oiIcfkFPd2itLu15mKXFQ13EmT09r1F_ZJpXLHUF5IldAWsFu3K8JwoL42zlbmyiOviZ1oEq7V1CZd_VmjKcKZxXa-nr7apWrl2Wr8VtW3VxQLGH3tNgXimUBQt4jJiZP7urtvS=s442
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 442 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (17953 bytes)
Hash
6c6426ebd7a1bec5ee1665adf03aee60
ec0d8a3ffdaa120d145b284a72c5e466e1a1b79d
61e9570569c60d45ca2f29a0735d988aa3a995eee6a9fad02083c2b813e809eb

HTTP Headers

GET /img/a/AVvXsEiFGsS4iEWV49LZc8c5YMHNY1U2E63ArnFlqEJNhdYaRsc1I7BUQLBJ3oiIcfkFPd2itLu15mKXFQ13EmT09r1F_ZJpXLHUF5IldAWsFu3K8JwoL42zlbmyiOviZ1oEq7V1CZd_VmjKcKZxXa-nr7apWrl2Wr8VtW3VxQLGH3tNgXimUBQt4jJiZP7urtvS=s442 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v451"
expires: Tue, 28 Nov 2023 18:29:31 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="20231105_112800_0000.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:31 GMT
server: fife
content-length: 17953
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pro.fontawesome.com/releases/v5.15.3/webfonts/fa-brands-400.woff2

104.18.40.68

200 OK

77 kB

URL GET HTTP/2
pro.fontawesome.com/releases/v5.15.3/webfonts/fa-brands-400.woff2
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 76740, version 331.-31261\012- data
Size
77 kB (76740 bytes)
Hash
0511670fe2f5405105a6760294c5c51d
61cb879dec4fa97ece0d2a26cd6767c66117841b
c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388

HTTP Headers

GET /releases/v5.15.3/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: pro.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://pro.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:31 GMT
content-type: font/woff2
content-length: 76740
x-amz-id-2: Rk9ptdL4npcbOyH+YgaP9I24vfHGE6laNWG9kzp5s17kkfJWlgOBSoVj3PtVddIYKuzXkrJgn5Y=
x-amz-request-id: GQC6AHN39ARATBRD
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 28 Jun 2021 17:23:20 GMT
etag: "0511670fe2f5405105a6760294c5c51d"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 82cc6fe4a845b515-OSL
X-Firefox-Spdy: h2

elegantfreebies.blogspot.com/feeds/posts/default?alt=json&max-results=5

172.217.21.161

200 OK

5.1 kB

URL GET HTTP/3
elegantfreebies.blogspot.com/feeds/posts/default?alt=json&max-results=5
IP
172.217.21.161:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint07:E2:99:33:66:25:16:0A:1D:C3:C7:18:D8:82:4A:F0:37:40:E1:5B
ValidityMon, 23 Oct 2023 11:23:28 GMT - Mon, 15 Jan 2024 11:23:27 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (44007), with no line terminators
Size
5.1 kB (5070 bytes)
Hash
8842f2d55a68dc60b98d28feba43f460
715fe7d411511123d75dc7dfb677dc3434edc357
ea5cb563783034d7cdabc80b9bc8a0fedb590e2254506775bd846c21b020f472

HTTP Headers

GET /feeds/posts/default?alt=json&max-results=5 HTTP/1.1
Host: elegantfreebies.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/?m=1
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
etag: W/"d27b69d9dd38729b8bcf89f33055f8824f170a6b0f4b18f3c8fd936b0243b111"
date: Mon, 27 Nov 2023 18:29:31 GMT
content-type: application/json; charset=UTF-8
server: blogger-renderd
expires: Mon, 27 Nov 2023 18:29:32 GMT
cache-control: public, must-revalidate, proxy-revalidate, max-age=1
x-content-type-options: nosniff
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 18:07:05 GMT
content-encoding: gzip
content-length: 5070
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

192.243.59.13

307 Temporary Redirect

0 B

URL GET HTTP/1.1
questioningsanctifypuberty.com/watch.1500425619856.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectquestioningsanctifypuberty.com
Fingerprint59:F5:C3:CB:DB:C8:B0:1E:36:9F:06:05:45:A1:EF:D1:C5:2D:1D:0C
ValidityTue, 21 Nov 2023 13:37:40 GMT - Mon, 19 Feb 2024 13:37:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1500425619856.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1 HTTP/1.1
Host: questioningsanctifypuberty.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 27 Nov 2023 18:29:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://elegantfreebies.blogspot.com
Access-Control-Allow-Origin: https://elegantfreebies.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://questioningsanctifypuberty.com/watch.1500425619856.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1&shu=cd2c3c93e95ece8fc0b91686baaa5f54a994a76231bd3c22c549b7a7bb87b79cb552b9e7f33fdcfa772cd2b647dfb35990d6e2c3b6265c2e0590f56719a8f2b73241e39b70d9e30a7a1a32c66b5c77848e92634445310585726b577778dcaa&pst=1701109831&rmtc=t
Set-Cookie: u_pl=21094467; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA5NDQ2NywiayI6IjYyMWQ4NzlmMDBiMTg5NDhiNzExODU1ZGZiNTBjY2MwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTQyMDcxLCJwaWQiOjEzMzg5MjUsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoid3B2aGhmNHNiIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZWxlZ2FudGZyZWViaWVzLmJsb2dzcG90LmNvbS8_bT0xIn19.EY8oOgtLE22RVe7qVl5ZCG-aWaE4tKtHII4Qizvm5aA; expires=Mon, 27 Nov 2023 18:30:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cb85148fd87e37b8c95dbbfdc5a8342a
Strict-Transport-Security: max-age=0; includeSubdomains

173.233.139.164

307 Temporary Redirect

0 B

URL GET HTTP/1.1
rpmwhoop.com/watch.1029340943346.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=65268eee-2af5-4bb8-af3f-7401d6c11fa6%3A3%3A1
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectrpmwhoop.com
FingerprintF7:B3:1A:4C:B0:69:8F:79:70:2F:98:68:C9:6B:CF:C3:30:FF:28:CA
ValidityTue, 07 Nov 2023 08:02:52 GMT - Mon, 05 Feb 2024 08:02:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1029340943346.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=65268eee-2af5-4bb8-af3f-7401d6c11fa6%3A3%3A1 HTTP/1.1
Host: rpmwhoop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://elegantfreebies.blogspot.com
Access-Control-Allow-Origin: https://elegantfreebies.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://rpmwhoop.com/watch.1029340943346.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=65268eee-2af5-4bb8-af3f-7401d6c11fa6%3A3%3A1&shu=d4a391ac249769a12be6463d1e853212d48ab542acd95ca3e66a6ff65647b4ab5d3b8dc072830c11e187c649327d977cf43feb683301dff5405dd249b95182cdfdb5d94faafca687b9d961342cdf6c293da43fc1277843121a4bbd98a084014b&pst=1701109831&rmtc=t
Set-Cookie: u_pl=21094467; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA5NDQ2NywiayI6IjYyMWQ4NzlmMDBiMTg5NDhiNzExODU1ZGZiNTBjY2MwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTQyMDcxLCJwaWQiOjEzMzg5MjUsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoid3B2aGhmNHNiIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZWxlZ2FudGZyZWViaWVzLmJsb2dzcG90LmNvbS8_bT0xIn19.EY8oOgtLE22RVe7qVl5ZCG-aWaE4tKtHII4Qizvm5aA; expires=Mon, 27 Nov 2023 18:30:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 020e511287c29b6551e2f6147e3faaf5
Strict-Transport-Security: max-age=0; includeSubdomains

questioningsanctifypuberty.com/watch.1500425619856.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1&shu=cd2c3c93e95ece8fc0b91686baaa5f54a994a76231bd3c22c549b7a7bb87b79cb552b9e7f33fdcfa772cd2b647dfb35990d6e2c3b6265c2e0590f56719a8f2b73241e39b70d9e30a7a1a32c66b5c77848e92634445310585726b577778dcaa&pst=1701109831&rmtc=t

192.243.59.13

200 OK

2.1 kB

URL GET HTTP/1.1
questioningsanctifypuberty.com/watch.1500425619856.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1&shu=cd2c3c93e95ece8fc0b91686baaa5f54a994a76231bd3c22c549b7a7bb87b79cb552b9e7f33fdcfa772cd2b647dfb35990d6e2c3b6265c2e0590f56719a8f2b73241e39b70d9e30a7a1a32c66b5c77848e92634445310585726b577778dcaa&pst=1701109831&rmtc=t
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectquestioningsanctifypuberty.com
Fingerprint59:F5:C3:CB:DB:C8:B0:1E:36:9F:06:05:45:A1:EF:D1:C5:2D:1D:0C
ValidityTue, 21 Nov 2023 13:37:40 GMT - Mon, 19 Feb 2024 13:37:39 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2680)
Size
2.1 kB (2130 bytes)
Hash
80d50cba5abf6317b1b2c882dae6b990
93318342a5d8ea81499c53bec0b36d9127d5f236
44273d48f87b8087418187d1cde22c852848726e8ff3785559141e9ff4a03573

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1500425619856.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1&shu=cd2c3c93e95ece8fc0b91686baaa5f54a994a76231bd3c22c549b7a7bb87b79cb552b9e7f33fdcfa772cd2b647dfb35990d6e2c3b6265c2e0590f56719a8f2b73241e39b70d9e30a7a1a32c66b5c77848e92634445310585726b577778dcaa&pst=1701109831&rmtc=t HTTP/1.1
Host: questioningsanctifypuberty.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
Referer: https://elegantfreebies.blogspot.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21094467; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA5NDQ2NywiayI6IjYyMWQ4NzlmMDBiMTg5NDhiNzExODU1ZGZiNTBjY2MwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTQyMDcxLCJwaWQiOjEzMzg5MjUsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoid3B2aGhmNHNiIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZWxlZ2FudGZyZWViaWVzLmJsb2dzcG90LmNvbS8_bT0xIn19.EY8oOgtLE22RVe7qVl5ZCG-aWaE4tKtHII4Qizvm5aA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 27 Nov 2023 18:29:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://elegantfreebies.blogspot.com
Access-Control-Allow-Origin: https://elegantfreebies.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67:2:1; expires=Mon, 04 Dec 2023 18:29:31 GMT; secure; SameSite=None
iprcb708e364a3992befe3e554d278e32c06=3569808; expires=Mon, 27 Nov 2023 22:29:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
uncs=1; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8b10b246e11181609d0c825d40261106
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

rpmwhoop.com/watch.1029340943346.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=65268eee-2af5-4bb8-af3f-7401d6c11fa6%3A3%3A1&shu=d4a391ac249769a12be6463d1e853212d48ab542acd95ca3e66a6ff65647b4ab5d3b8dc072830c11e187c649327d977cf43feb683301dff5405dd249b95182cdfdb5d94faafca687b9d961342cdf6c293da43fc1277843121a4bbd98a084014b&pst=1701109831&rmtc=t

173.233.139.164

200 OK

2.1 kB

URL GET HTTP/1.1
rpmwhoop.com/watch.1029340943346.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=65268eee-2af5-4bb8-af3f-7401d6c11fa6%3A3%3A1&shu=d4a391ac249769a12be6463d1e853212d48ab542acd95ca3e66a6ff65647b4ab5d3b8dc072830c11e187c649327d977cf43feb683301dff5405dd249b95182cdfdb5d94faafca687b9d961342cdf6c293da43fc1277843121a4bbd98a084014b&pst=1701109831&rmtc=t
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectrpmwhoop.com
FingerprintF7:B3:1A:4C:B0:69:8F:79:70:2F:98:68:C9:6B:CF:C3:30:FF:28:CA
ValidityTue, 07 Nov 2023 08:02:52 GMT - Mon, 05 Feb 2024 08:02:51 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2634)
Size
2.1 kB (2101 bytes)
Hash
354fab6b7646c8d704f8b69b0be736d1
362f70f8a84d1079255846e2febca7ab0e9931a2
d07ce23cedd9f7efc29a261fb848fde17bad8324b1945b8c8cab7af1afc46958

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1029340943346.js?key=621d879f00b18948b711855dfb50ccc0&kw=%5B%22elegant%22%2C%22freebies%22%5D&refer=https%3A%2F%2Felegantfreebies.blogspot.com%2F%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=65268eee-2af5-4bb8-af3f-7401d6c11fa6%3A3%3A1&shu=d4a391ac249769a12be6463d1e853212d48ab542acd95ca3e66a6ff65647b4ab5d3b8dc072830c11e187c649327d977cf43feb683301dff5405dd249b95182cdfdb5d94faafca687b9d961342cdf6c293da43fc1277843121a4bbd98a084014b&pst=1701109831&rmtc=t HTTP/1.1
Host: rpmwhoop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
Referer: https://elegantfreebies.blogspot.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21094467; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTA5NDQ2NywiayI6IjYyMWQ4NzlmMDBiMTg5NDhiNzExODU1ZGZiNTBjY2MwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMTQyMDcxLCJwaWQiOjEzMzg5MjUsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjoyMywicHQiOjQsInBrIjoid3B2aGhmNHNiIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZWxlZ2FudGZyZWViaWVzLmJsb2dzcG90LmNvbS8_bT0xIn19.EY8oOgtLE22RVe7qVl5ZCG-aWaE4tKtHII4Qizvm5aA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://elegantfreebies.blogspot.com
Access-Control-Allow-Origin: https://elegantfreebies.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=65268eee-2af5-4bb8-af3f-7401d6c11fa6:3:1; expires=Mon, 04 Dec 2023 18:29:31 GMT; secure; SameSite=None
iprcb708e364a3992befe3e554d278e32c06=3569808; expires=Mon, 27 Nov 2023 22:29:31 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
uncs=1; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 28 Nov 2023 18:29:31 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 06e98dc979aa41789a87ffad46ee0228
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXnihryRiWrsf-Nkbfwv52jYITXtnnA_j7psGfnNwQSxCuzRhe3ZYkyM531PHJHHAxQAVL3DpZA6Ct1dlY_3nFZdnv3uMhcy7tu0FoBD5mL8z1uyhkhX5p1FxgYNg49FNZv0mVHVbGc-CET5b3SbUrGl0PBJCHj-Z-1_Y54ZGcHu5s2BQa2sDdkyMIT9to/w373-h220-p-k-no-nu/4e58a06e488b79af2287551f58f7812e.png

142.250.74.97

200 OK

45 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXnihryRiWrsf-Nkbfwv52jYITXtnnA_j7psGfnNwQSxCuzRhe3ZYkyM531PHJHHAxQAVL3DpZA6Ct1dlY_3nFZdnv3uMhcy7tu0FoBD5mL8z1uyhkhX5p1FxgYNg49FNZv0mVHVbGc-CET5b3SbUrGl0PBJCHj-Z-1_Y54ZGcHu5s2BQa2sDdkyMIT9to/w373-h220-p-k-no-nu/4e58a06e488b79af2287551f58f7812e.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 215 x 160, 8-bit/color RGB, non-interlaced\012- data
Size
45 kB (44597 bytes)
Hash
2f224da634761b6f1eaa020918253d71
9f67ea13b02143621b785a07c5a3ce810edb96e0
7aacb1c15b60971ecf8e7e68e6d279fde3bad66a9edeba4d3b4949d767d90e55

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhXnihryRiWrsf-Nkbfwv52jYITXtnnA_j7psGfnNwQSxCuzRhe3ZYkyM531PHJHHAxQAVL3DpZA6Ct1dlY_3nFZdnv3uMhcy7tu0FoBD5mL8z1uyhkhX5p1FxgYNg49FNZv0mVHVbGc-CET5b3SbUrGl0PBJCHj-Z-1_Y54ZGcHu5s2BQa2sDdkyMIT9to/w373-h220-p-k-no-nu/4e58a06e488b79af2287551f58f7812e.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v40c"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="4e58a06e488b79af2287551f58f7812e.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 44597
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pro.fontawesome.com/releases/v5.15.3/css/all.css

104.18.40.68

200 OK

45 kB

URL GET HTTP/2
pro.fontawesome.com/releases/v5.15.3/css/all.css
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
45 kB (45323 bytes)
Hash
49cf98d7f728ca72b2625abb041ae1e8
3c76c86609f4ad627bec934b65de38e26666e6ca
4b48ee6ca9c63b246db8c2ef09995de98286c87a81683594ee8d2e6478f25053

HTTP Headers

GET /releases/v5.15.3/css/all.css HTTP/1.1
Host: pro.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:30 GMT
content-type: text/css
x-amz-id-2: iTA1IOfVZBNtvqrGRF5NX5v2tadS3BBMiQYFEsA311rQBx/MtYMyyttdTveulEniLGTnX2gGoCk=
x-amz-request-id: X5SRV9VB4W5GDBDD
last-modified: Mon, 28 Jun 2021 17:21:37 GMT
etag: W/"a28e912c1a41becec7f68848d739d5c0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 133596
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc6fdf9e5c569b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6fRWyFcPQhHgw9BtNnW5ZJFcqNRnh6tOJT4Oe0kXpWuBOU5j1omuB3kR8Tnkba8ihfJCYQ2Bkw5SNxpJTotdOx-ba6xApX-wUGDnCzeF4RsQ_zIh6a5hVaIdo35HLfKaNx4i99Hjdzj5nrVtk3Zm5_ZwsJfZ0X7a1Ia7k3I0jcOvK5RlIyacbTve9R_uP/w108-h72-p-k-no-nu/a1bc53fe22786a239dd3f245261bab85.png

142.250.74.97

200 OK

9.0 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6fRWyFcPQhHgw9BtNnW5ZJFcqNRnh6tOJT4Oe0kXpWuBOU5j1omuB3kR8Tnkba8ihfJCYQ2Bkw5SNxpJTotdOx-ba6xApX-wUGDnCzeF4RsQ_zIh6a5hVaIdo35HLfKaNx4i99Hjdzj5nrVtk3Zm5_ZwsJfZ0X7a1Ia7k3I0jcOvK5RlIyacbTve9R_uP/w108-h72-p-k-no-nu/a1bc53fe22786a239dd3f245261bab85.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 108 x 72, 8-bit/color RGB, non-interlaced\012- data
Size
9.0 kB (9028 bytes)
Hash
20f57782302a8c282dd4c6c768be0b7f
2a0e8e5c23021c6af5f05a550d6191727adeb9f4
2437f3a4d263be416d21a4d4009596a7f828f4cec9f03735e1131a6e796d836f

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEg6fRWyFcPQhHgw9BtNnW5ZJFcqNRnh6tOJT4Oe0kXpWuBOU5j1omuB3kR8Tnkba8ihfJCYQ2Bkw5SNxpJTotdOx-ba6xApX-wUGDnCzeF4RsQ_zIh6a5hVaIdo35HLfKaNx4i99Hjdzj5nrVtk3Zm5_ZwsJfZ0X7a1Ia7k3I0jcOvK5RlIyacbTve9R_uP/w108-h72-p-k-no-nu/a1bc53fe22786a239dd3f245261bab85.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v40e"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="a1bc53fe22786a239dd3f245261bab85.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 9028
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAN494AMwfJoJjcaiOKPTdiTqqK52HEWDAedmuUJJ6wCtdxJLPYkXvHVYnBkJAACao5GeLz8tWYPCXHFCHN6KCTI3zltaanAlRUvuyb-2EKbtuo9GceHKq7ueOHBwq3xqhWkYVHrYom8KkVhH4zPPl1p-_34YfLfAWKgdah2JyNpSTwEJjwOOlPq09K7y2/w373-h220-p-k-no-nu/f82325b92d9f8748496eaa6cf721ab54.png

142.250.74.97

200 OK

18 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAN494AMwfJoJjcaiOKPTdiTqqK52HEWDAedmuUJJ6wCtdxJLPYkXvHVYnBkJAACao5GeLz8tWYPCXHFCHN6KCTI3zltaanAlRUvuyb-2EKbtuo9GceHKq7ueOHBwq3xqhWkYVHrYom8KkVhH4zPPl1p-_34YfLfAWKgdah2JyNpSTwEJjwOOlPq09K7y2/w373-h220-p-k-no-nu/f82325b92d9f8748496eaa6cf721ab54.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 373 x 220, 8-bit/color RGB, non-interlaced\012- data
Size
18 kB (17946 bytes)
Hash
64ef7357bd1b3410b3cb8301fd3bc820
34fb162b256b305c1d60990e820352a0506fdd13
c3f7d72369169da427422cb112dfb7862adee27bf9663c64d12ffa2db1960345

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEiAN494AMwfJoJjcaiOKPTdiTqqK52HEWDAedmuUJJ6wCtdxJLPYkXvHVYnBkJAACao5GeLz8tWYPCXHFCHN6KCTI3zltaanAlRUvuyb-2EKbtuo9GceHKq7ueOHBwq3xqhWkYVHrYom8KkVhH4zPPl1p-_34YfLfAWKgdah2JyNpSTwEJjwOOlPq09K7y2/w373-h220-p-k-no-nu/f82325b92d9f8748496eaa6cf721ab54.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v3c2"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="f82325b92d9f8748496eaa6cf721ab54.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 17946
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6fRWyFcPQhHgw9BtNnW5ZJFcqNRnh6tOJT4Oe0kXpWuBOU5j1omuB3kR8Tnkba8ihfJCYQ2Bkw5SNxpJTotdOx-ba6xApX-wUGDnCzeF4RsQ_zIh6a5hVaIdo35HLfKaNx4i99Hjdzj5nrVtk3Zm5_ZwsJfZ0X7a1Ia7k3I0jcOvK5RlIyacbTve9R_uP/w373-h220-p-k-no-nu/a1bc53fe22786a239dd3f245261bab85.png

142.250.74.97

200 OK

61 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6fRWyFcPQhHgw9BtNnW5ZJFcqNRnh6tOJT4Oe0kXpWuBOU5j1omuB3kR8Tnkba8ihfJCYQ2Bkw5SNxpJTotdOx-ba6xApX-wUGDnCzeF4RsQ_zIh6a5hVaIdo35HLfKaNx4i99Hjdzj5nrVtk3Zm5_ZwsJfZ0X7a1Ia7k3I0jcOvK5RlIyacbTve9R_uP/w373-h220-p-k-no-nu/a1bc53fe22786a239dd3f245261bab85.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 373 x 220, 8-bit/color RGB, non-interlaced\012- data
Size
61 kB (60576 bytes)
Hash
475a5c15f425c6dee9e1989a84a61ac1
402c71c403df5ba3dc1b490c6ff559aad88c67c2
3759774df1b47a03deac743d49ea207246b6efbfb91bd1d526e6258fecc42901

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEg6fRWyFcPQhHgw9BtNnW5ZJFcqNRnh6tOJT4Oe0kXpWuBOU5j1omuB3kR8Tnkba8ihfJCYQ2Bkw5SNxpJTotdOx-ba6xApX-wUGDnCzeF4RsQ_zIh6a5hVaIdo35HLfKaNx4i99Hjdzj5nrVtk3Zm5_ZwsJfZ0X7a1Ia7k3I0jcOvK5RlIyacbTve9R_uP/w373-h220-p-k-no-nu/a1bc53fe22786a239dd3f245261bab85.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v40e"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="a1bc53fe22786a239dd3f245261bab85.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 60576
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

elegantfreebies.blogspot.com/feeds/posts/default?alt=json&max-results=4

172.217.21.161

200 OK

4.7 kB

URL GET HTTP/3
elegantfreebies.blogspot.com/feeds/posts/default?alt=json&max-results=4
IP
172.217.21.161:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint07:E2:99:33:66:25:16:0A:1D:C3:C7:18:D8:82:4A:F0:37:40:E1:5B
ValidityMon, 23 Oct 2023 11:23:28 GMT - Mon, 15 Jan 2024 11:23:27 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (35554), with no line terminators
Size
4.7 kB (4680 bytes)
Hash
2a7a82779a146cabb77a12cef9b38be9
cdb9ae426979236f925c8c40e638d10c815de42c
df49307f6100f1888ff837976dbc9c3e818ed382d76def115f74e37dc7071c3f

HTTP Headers

GET /feeds/posts/default?alt=json&max-results=4 HTTP/1.1
Host: elegantfreebies.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/?m=1
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
etag: W/"50c94ab8f52b05d94d6125f2232953efe9ccce14ab4d4263193d641e61074aa3"
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: application/json; charset=UTF-8
server: blogger-renderd
expires: Mon, 27 Nov 2023 18:29:33 GMT
cache-control: public, must-revalidate, proxy-revalidate, max-age=1
x-content-type-options: nosniff
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 18:07:05 GMT
content-encoding: gzip
content-length: 4680
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png

45.133.44.9

200 OK

106 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
106 kB (105910 bytes)
Hash
a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e

HTTP Headers

GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Wed, 29 Nov 2023 18:29:32 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png

45.133.44.9

200 OK

106 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
106 kB (105910 bytes)
Hash
a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e

HTTP Headers

GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Wed, 29 Nov 2023 18:29:32 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivc5TvRJmab2JoEGxstZCxCb4nPS1lAZ6Pwi_yHCfvKwgq2NoZ_k_H0sGoCcl85VD1YaEYrPSyjro3itWcsOjRpwcsfiOpqry4XcFjV1xOP-pcpC_7mgiF0Zy07buAkZDJTwvJQLDv1Qwq0gFgp1gYb3Uz02hk3itX9NItOOY3yYYMvWns8TI8U9L5884N/w220-h146-p-k-no-nu/46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png

142.250.74.97

200 OK

19 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivc5TvRJmab2JoEGxstZCxCb4nPS1lAZ6Pwi_yHCfvKwgq2NoZ_k_H0sGoCcl85VD1YaEYrPSyjro3itWcsOjRpwcsfiOpqry4XcFjV1xOP-pcpC_7mgiF0Zy07buAkZDJTwvJQLDv1Qwq0gFgp1gYb3Uz02hk3itX9NItOOY3yYYMvWns8TI8U9L5884N/w220-h146-p-k-no-nu/46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 220 x 146, 8-bit/color RGB, non-interlaced\012- data
Size
19 kB (19178 bytes)
Hash
8d1feadfc418c9319a38ede922be1911
55ce571bc5524f6290e8cbeef75553e998fbfa8d
4e36ea0b705d3865e386b16d5ba7eef1d76a09d202d7da5cf2d47af482d43205

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEivc5TvRJmab2JoEGxstZCxCb4nPS1lAZ6Pwi_yHCfvKwgq2NoZ_k_H0sGoCcl85VD1YaEYrPSyjro3itWcsOjRpwcsfiOpqry4XcFjV1xOP-pcpC_7mgiF0Zy07buAkZDJTwvJQLDv1Qwq0gFgp1gYb3Uz02hk3itX9NItOOY3yYYMvWns8TI8U9L5884N/w220-h146-p-k-no-nu/46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v43f"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 19178
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqmGPAljZkcgFQbfwreZ0ggpkQ-WRA3UWdHVSKIKZAa7hPeNbrroWY26Kexg6nzy-Br0XZ3CJEY2zItGlcbqQSQ_491cLWVrXZF1_QIpRuBJuxQ-8oAb5bguAMl-mQJXTDFA8WS9FAoZzi-kuJlb4CCLMKBIWdQ4JzXhu8uYO3-kg7TUsfxyVk4MMYPuKT/w220-h146-p-k-no-nu/5219ff469db4690bcc6c104a14490c2c.png

142.250.74.97

200 OK

28 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqmGPAljZkcgFQbfwreZ0ggpkQ-WRA3UWdHVSKIKZAa7hPeNbrroWY26Kexg6nzy-Br0XZ3CJEY2zItGlcbqQSQ_491cLWVrXZF1_QIpRuBJuxQ-8oAb5bguAMl-mQJXTDFA8WS9FAoZzi-kuJlb4CCLMKBIWdQ4JzXhu8uYO3-kg7TUsfxyVk4MMYPuKT/w220-h146-p-k-no-nu/5219ff469db4690bcc6c104a14490c2c.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 220 x 146, 8-bit/color RGB, non-interlaced\012- data
Size
28 kB (28232 bytes)
Hash
b9ba858ef74135567961258c59075f7c
3d5628439875030a88c6788ccfccc11c84ceb129
bfd6abd19bfbf900af40702ab76c5d2dfee5f38beb63352b7fa723329115a7fe

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhqmGPAljZkcgFQbfwreZ0ggpkQ-WRA3UWdHVSKIKZAa7hPeNbrroWY26Kexg6nzy-Br0XZ3CJEY2zItGlcbqQSQ_491cLWVrXZF1_QIpRuBJuxQ-8oAb5bguAMl-mQJXTDFA8WS9FAoZzi-kuJlb4CCLMKBIWdQ4JzXhu8uYO3-kg7TUsfxyVk4MMYPuKT/w220-h146-p-k-no-nu/5219ff469db4690bcc6c104a14490c2c.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v43d"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="5219ff469db4690bcc6c104a14490c2c.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 28232
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.196.8

200 OK

322 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.196.8:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
322 kB (322506 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:31 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c741e0acadf2689cf6b0dcda3f6f4a14
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 27 Nov 2023 18:29:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=npknGIQvCeTygXX9CBJTNVFnPm%2Fkw7XfeD%2BqI6mcnaTaN2z0phQW2Xld9nMtJeC6fsbVH5Ftb7shYk000plO8TLkbOLlCoFJuhRNS6gVI4w9%2BWDmB67GJSEVRU132pVGpoZjvzg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc6fe71aaa732d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

casualhappily.com/sbar.json?key=7ee9fd42c85377aed65996b9d77c8a25&uuid=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1

173.233.139.164

200 OK

4.0 kB

URL GET HTTP/1.1
casualhappily.com/sbar.json?key=7ee9fd42c85377aed65996b9d77c8a25&uuid=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcasualhappily.com
Fingerprint87:4D:D0:16:33:F9:00:E4:B7:12:7A:AC:6A:E4:FA:95:09:8D:08:3B
ValiditySat, 25 Nov 2023 08:12:57 GMT - Fri, 23 Feb 2024 08:12:56 GMT

File type
JSON data\012- , ASCII text, with very long lines (6114), with no line terminators
Size
4.0 kB (3984 bytes)
Hash
594ba771edfb2fdcf3db7f737e4907da
fd3fee125e4cbf7b6090324ca6d6206bf37ff4fd
3c50fb05de885c0ae2ea7a600243f533e25e616a1b5c869ad6e22938f3b6e0c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=7ee9fd42c85377aed65996b9d77c8a25&uuid=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67%3A2%3A1 HTTP/1.1
Host: casualhappily.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:32 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://elegantfreebies.blogspot.com
Access-Control-Allow-Origin: https://elegantfreebies.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=21094713; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
uid_id2=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67:2:1; expires=Mon, 04 Dec 2023 18:29:32 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
uncs=1; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
slec7ee9fd42c85377aed65996b9d77c8a25=[4766299]; expires=Mon, 27 Nov 2023 18:29:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: acc17e6f23760fb00154993c8aabc5a2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

142.250.74.97

200 OK

210 kB

URL GET HTTP/3
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivc5TvRJmab2JoEGxstZCxCb4nPS1lAZ6Pwi_yHCfvKwgq2NoZ_k_H0sGoCcl85VD1YaEYrPSyjro3itWcsOjRpwcsfiOpqry4XcFjV1xOP-pcpC_7mgiF0Zy07buAkZDJTwvJQLDv1Qwq0gFgp1gYb3Uz02hk3itX9NItOOY3yYYMvWns8TI8U9L5884N/s1600/46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 1221 x 587, 8-bit/color RGB, non-interlaced\012- data
Size
210 kB (210469 bytes)
Hash
e5e44b98d3534ab9d0dc4c160b077a35
e34cecb599ccf4c14351791531d666444a6d202b
a66ea86c63ebc0ae2509384b8ad20345d0126516a3486f401581725071f48a9f

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEivc5TvRJmab2JoEGxstZCxCb4nPS1lAZ6Pwi_yHCfvKwgq2NoZ_k_H0sGoCcl85VD1YaEYrPSyjro3itWcsOjRpwcsfiOpqry4XcFjV1xOP-pcpC_7mgiF0Zy07buAkZDJTwvJQLDv1Qwq0gFgp1gYb3Uz02hk3itX9NItOOY3yYYMvWns8TI8U9L5884N/s1600/46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v43f"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 210469
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

casualhappily.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSP2wcxRuddfKrflCA0lAgXUERJHzeu9v7s6SIEoKDhbFN%2FsgF1czO7Hnw7MxqZvf2fBRYREIpD4mCcv3OjgVEEaFBQiChMw2yhMRRIBdYRPSREFJqdPZJB1%2Bx33vf2%2BJ775uP9%2FJT4iOnJxvvmIFUii41q37l8qbU3BSusnanUvOr%2FpXKptSt4EqlP%2F3Y3us1v1n1X63cFNG2War7Nd%2Bv%2BbXKsrQiNv2lMxUyfRjWqqFfDerVWjNA3%2F6Xu9yDox5475S8CMkn%2F9v66TFkNIZOvroh3HZm0tfeTHJFM2PR44d39bY2hUYyh7H1EOvD2d8wbkLIZwsw%2BnDmAKa3P3UAJifE%2B60Gpg9na4L1Ds43ZQpCg%2FH%2Fo%2BiNIdQYko4RmXuQ%2FBcCRBxr69DJgzVjC7pzrtKpOiEXn%2F0NWUzIxd8vQSePrivZr9w2Ks%2Bk0Q79uITsjyG7Y6T5EbKBB1kcIco%2BguQ%2Fk6Vnq9DJ%2FrpTBpKfvBIzHlCfdhYbIW8tBq1OY5HVqVgMG2HcoUFAWat9FpGUY8h4DCWGoG4BufOQSw957CFPPST8pEKbYez77ZjFjUYniKKo0YiiZqfFm7wRdGIfeTT1MESWDhGpISK7i9TuYlsOYfMf4LZKOL4Al02I9%2B6H6PEShSAoHEFBCQpJUGQERa884MrVXfmAK5ez2qzXZ71RjkzW3aMHJusKTfbSU%2FLCNDzv2pMQ2%2BKk0hYijHlQjzrNRrtNBW81w7DFQt5uRx1ab8LJEtItgDoPAzkhS399g1ROyCW9CEaP4NQRInkBNH8ZtBi16z7o1ijo%2BBjo74QSXaqz2ArBpHBVpkzXpSarRiYBNyXS7CKyHW9PnZKXzo761rfvQUTHVz8dPLn56NIHiGyJ1JZ4X%2F5I0FX3R7dMQfZvmcKRx%2BtpJhM5oNOD385oJi588bbYKYzlKzfc8PNr0VSYwod3hMtWqeZSdx358rrkXNhlYyNBvl9xm4Jt5G7rem51nq5uvLG8kqRWOCeNHoPKCSFPv0YkJ%2BT5p%2B7sMV%2B%2B%2ByekHcPmJZL8mMwK0hwhSnfh0vnMGQKr5pylHoq8HNk6mw%2BVJFBizikr4f7F2RzvufvoWg80uwedlOjZEj1VgqohXH5hlKX2%2BOqvjbMCU96IKevtM2XVJ%2BfhOnlSEc3Yj4VfFywOWdymPg%2FjIGQ0rIk2a9IaMjcR%2FI%2Fn%2FgEAAP%2F%2FAQAA%2F%2F%2FXKELPpAQAAA%3D%3D

173.233.139.164

200 OK

7 B

URL GET HTTP/1.1
casualhappily.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSP2wcxRuddfKrflCA0lAgXUERJHzeu9v7s6SIEoKDhbFN%2FsgF1czO7Hnw7MxqZvf2fBRYREIpD4mCcv3OjgVEEaFBQiChMw2yhMRRIBdYRPSREFJqdPZJB1%2Bx33vf2%2BJ775uP9%2FJT4iOnJxvvmIFUii41q37l8qbU3BSusnanUvOr%2FpXKptSt4EqlP%2F3Y3us1v1n1X63cFNG2War7Nd%2Bv%2BbXKsrQiNv2lMxUyfRjWqqFfDerVWjNA3%2F6Xu9yDox5475S8CMkn%2F9v66TFkNIZOvroh3HZm0tfeTHJFM2PR44d39bY2hUYyh7H1EOvD2d8wbkLIZwsw%2BnDmAKa3P3UAJifE%2B60Gpg9na4L1Ds43ZQpCg%2FH%2Fo%2BiNIdQYko4RmXuQ%2FBcCRBxr69DJgzVjC7pzrtKpOiEXn%2F0NWUzIxd8vQSePrivZr9w2Ks%2Bk0Q79uITsjyG7Y6T5EbKBB1kcIco%2BguQ%2Fk6Vnq9DJ%2FrpTBpKfvBIzHlCfdhYbIW8tBq1OY5HVqVgMG2HcoUFAWat9FpGUY8h4DCWGoG4BufOQSw957CFPPST8pEKbYez77ZjFjUYniKKo0YiiZqfFm7wRdGIfeTT1MESWDhGpISK7i9TuYlsOYfMf4LZKOL4Al02I9%2B6H6PEShSAoHEFBCQpJUGQERa884MrVXfmAK5ez2qzXZ71RjkzW3aMHJusKTfbSU%2FLCNDzv2pMQ2%2BKk0hYijHlQjzrNRrtNBW81w7DFQt5uRx1ab8LJEtItgDoPAzkhS399g1ROyCW9CEaP4NQRInkBNH8ZtBi16z7o1ijo%2BBjo74QSXaqz2ArBpHBVpkzXpSarRiYBNyXS7CKyHW9PnZKXzo761rfvQUTHVz8dPLn56NIHiGyJ1JZ4X%2F5I0FX3R7dMQfZvmcKRx%2BtpJhM5oNOD385oJi588bbYKYzlKzfc8PNr0VSYwod3hMtWqeZSdx358rrkXNhlYyNBvl9xm4Jt5G7rem51nq5uvLG8kqRWOCeNHoPKCSFPv0YkJ%2BT5p%2B7sMV%2B%2B%2ByekHcPmJZL8mMwK0hwhSnfh0vnMGQKr5pylHoq8HNk6mw%2BVJFBizikr4f7F2RzvufvoWg80uwedlOjZEj1VgqohXH5hlKX2%2BOqvjbMCU96IKevtM2XVJ%2BfhOnlSEc3Yj4VfFywOWdymPg%2FjIGQ0rIk2a9IaMjcR%2FI%2Fn%2FgEAAP%2F%2FAQAA%2F%2F%2FXKELPpAQAAA%3D%3D
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcasualhappily.com
Fingerprint87:4D:D0:16:33:F9:00:E4:B7:12:7A:AC:6A:E4:FA:95:09:8D:08:3B
ValiditySat, 25 Nov 2023 08:12:57 GMT - Fri, 23 Feb 2024 08:12:56 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSP2wcxRuddfKrflCA0lAgXUERJHzeu9v7s6SIEoKDhbFN%2FsgF1czO7Hnw7MxqZvf2fBRYREIpD4mCcv3OjgVEEaFBQiChMw2yhMRRIBdYRPSREFJqdPZJB1%2Bx33vf2%2BJ775uP9%2FJT4iOnJxvvmIFUii41q37l8qbU3BSusnanUvOr%2FpXKptSt4EqlP%2F3Y3us1v1n1X63cFNG2War7Nd%2Bv%2BbXKsrQiNv2lMxUyfRjWqqFfDerVWjNA3%2F6Xu9yDox5475S8CMkn%2F9v66TFkNIZOvroh3HZm0tfeTHJFM2PR44d39bY2hUYyh7H1EOvD2d8wbkLIZwsw%2BnDmAKa3P3UAJifE%2B60Gpg9na4L1Ds43ZQpCg%2FH%2Fo%2BiNIdQYko4RmXuQ%2FBcCRBxr69DJgzVjC7pzrtKpOiEXn%2F0NWUzIxd8vQSePrivZr9w2Ks%2Bk0Q79uITsjyG7Y6T5EbKBB1kcIco%2BguQ%2Fk6Vnq9DJ%2FrpTBpKfvBIzHlCfdhYbIW8tBq1OY5HVqVgMG2HcoUFAWat9FpGUY8h4DCWGoG4BufOQSw957CFPPST8pEKbYez77ZjFjUYniKKo0YiiZqfFm7wRdGIfeTT1MESWDhGpISK7i9TuYlsOYfMf4LZKOL4Al02I9%2B6H6PEShSAoHEFBCQpJUGQERa884MrVXfmAK5ez2qzXZ71RjkzW3aMHJusKTfbSU%2FLCNDzv2pMQ2%2BKk0hYijHlQjzrNRrtNBW81w7DFQt5uRx1ab8LJEtItgDoPAzkhS399g1ROyCW9CEaP4NQRInkBNH8ZtBi16z7o1ijo%2BBjo74QSXaqz2ArBpHBVpkzXpSarRiYBNyXS7CKyHW9PnZKXzo761rfvQUTHVz8dPLn56NIHiGyJ1JZ4X%2F5I0FX3R7dMQfZvmcKRx%2BtpJhM5oNOD385oJi588bbYKYzlKzfc8PNr0VSYwod3hMtWqeZSdx358rrkXNhlYyNBvl9xm4Jt5G7rem51nq5uvLG8kqRWOCeNHoPKCSFPv0YkJ%2BT5p%2B7sMV%2B%2B%2ByekHcPmJZL8mMwK0hwhSnfh0vnMGQKr5pylHoq8HNk6mw%2BVJFBizikr4f7F2RzvufvoWg80uwedlOjZEj1VgqohXH5hlKX2%2BOqvjbMCU96IKevtM2XVJ%2BfhOnlSEc3Yj4VfFywOWdymPg%2FjIGQ0rIk2a9IaMjcR%2FI%2Fn%2FgEAAP%2F%2FAQAA%2F%2F%2FXKELPpAQAAA%3D%3D HTTP/1.1
Host: casualhappily.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Cookie: u_pl=21094713; uid_id2=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec7ee9fd42c85377aed65996b9d77c8a25=[4766299]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da45a70ad4b453c8e3af5e2fa1b3759c
Strict-Transport-Security: max-age=0; includeSubdomains

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLmtpKbFxjGAB-T3FC8yYJTvIYwvDqudX_sg99IRs336OChz6K8AV6BDSQyrfq0SmvZtqDgtQWBDMREDf7TXA-rwv8dhy6_u8cgtrrB-hRE8SPJ6KuAktpI8i-cjCtOMl6o81P1bdPhTZ8Akxq5rfGLDBBkeOt6vTtJQYVeJC1oWz6EzFnhNVOAyoq8tbo/s1600/89dfa452bb2ac924fa4ce09f708394fd.png

142.250.74.97

200 OK

355 kB

URL GET HTTP/3
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLmtpKbFxjGAB-T3FC8yYJTvIYwvDqudX_sg99IRs336OChz6K8AV6BDSQyrfq0SmvZtqDgtQWBDMREDf7TXA-rwv8dhy6_u8cgtrrB-hRE8SPJ6KuAktpI8i-cjCtOMl6o81P1bdPhTZ8Akxq5rfGLDBBkeOt6vTtJQYVeJC1oWz6EzFnhNVOAyoq8tbo/s1600/89dfa452bb2ac924fa4ce09f708394fd.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 1012 x 596, 8-bit/color RGB, non-interlaced\012- data
Size
355 kB (354805 bytes)
Hash
81ede8adcd6ca1615a24c705f76692de
f9937d800b6b1584d1adec4ae1fd25c0555ec036
b6388b29a2dd629416b051a39f7a35a5cc0279b1bf3b242858ae76735870233a

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEiLmtpKbFxjGAB-T3FC8yYJTvIYwvDqudX_sg99IRs336OChz6K8AV6BDSQyrfq0SmvZtqDgtQWBDMREDf7TXA-rwv8dhy6_u8cgtrrB-hRE8SPJ6KuAktpI8i-cjCtOMl6o81P1bdPhTZ8Akxq5rfGLDBBkeOt6vTtJQYVeJC1oWz6EzFnhNVOAyoq8tbo/s1600/89dfa452bb2ac924fa4ce09f708394fd.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v412"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="89dfa452bb2ac924fa4ce09f708394fd.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 354805
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNNrkfkdTsjPa8sd3dDcAx46flwvIyy1cbuBW0iZcbFK1Q01wJQCUP4ANfdv8c0e_IjOKMaoxVMIDuobPJrb43ZMu2Uq3qThRJE1nDvEMQPiLrm5AgnNo8C9AbWXJmropeWPC3Tbe1uEsI2yXHVeG-aU289wuxYj4lM-kVHnLPxVPtt-PPmYU_k_Gf_nlT/s1600/5162761f46099831631dacb1c4cf7251.png

142.250.74.97

200 OK

107 kB

URL GET HTTP/3
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNNrkfkdTsjPa8sd3dDcAx46flwvIyy1cbuBW0iZcbFK1Q01wJQCUP4ANfdv8c0e_IjOKMaoxVMIDuobPJrb43ZMu2Uq3qThRJE1nDvEMQPiLrm5AgnNo8C9AbWXJmropeWPC3Tbe1uEsI2yXHVeG-aU289wuxYj4lM-kVHnLPxVPtt-PPmYU_k_Gf_nlT/s1600/5162761f46099831631dacb1c4cf7251.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 523 x 607, 8-bit/color RGB, non-interlaced\012- data
Size
107 kB (106667 bytes)
Hash
724ba328cbe72befc9c1d133f7f28167
15c226e4e1f12339a9890495ec9a20c51684915b
a8c127352efcbfe583cb36f9060770a1f2a185b03f7367f7a2b03dc09926a6ae

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhNNrkfkdTsjPa8sd3dDcAx46flwvIyy1cbuBW0iZcbFK1Q01wJQCUP4ANfdv8c0e_IjOKMaoxVMIDuobPJrb43ZMu2Uq3qThRJE1nDvEMQPiLrm5AgnNo8C9AbWXJmropeWPC3Tbe1uEsI2yXHVeG-aU289wuxYj4lM-kVHnLPxVPtt-PPmYU_k_Gf_nlT/s1600/5162761f46099831631dacb1c4cf7251.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v43a"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="5162761f46099831631dacb1c4cf7251.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 106667
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEInzfD_14iY9A_hvCqy1yVMr1EKRgmCzJFPqe5ctB_HCv0FKAFGW6FnFLFw3WSrpSIW-FBPN46hYTEVeaKRJ8USWgBZZVvYz05y8oX46yuXzU-w43aFThTXilO9CwXMlj41YIjhhfp0HQpTYTni1MVskBqHIN_PapYa0nTK-bcRvZz1A2rWrkBXMQMem3/s1600/a22a5b6c0715b58dde838343356a748a.png

142.250.74.97

200 OK

498 kB

URL GET HTTP/3
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEInzfD_14iY9A_hvCqy1yVMr1EKRgmCzJFPqe5ctB_HCv0FKAFGW6FnFLFw3WSrpSIW-FBPN46hYTEVeaKRJ8USWgBZZVvYz05y8oX46yuXzU-w43aFThTXilO9CwXMlj41YIjhhfp0HQpTYTni1MVskBqHIN_PapYa0nTK-bcRvZz1A2rWrkBXMQMem3/s1600/a22a5b6c0715b58dde838343356a748a.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 1295 x 727, 8-bit/color RGB, non-interlaced\012- data
Size
498 kB (497910 bytes)
Hash
d878139a83f08e11ccf11b93c8352819
7f1e686e6a5d41139d00b9fca8e83485890db32c
6a3f07664f52ace26d18a11f5fa338f0362df6ba6c47652f61a463b061179a37

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEiEInzfD_14iY9A_hvCqy1yVMr1EKRgmCzJFPqe5ctB_HCv0FKAFGW6FnFLFw3WSrpSIW-FBPN46hYTEVeaKRJ8USWgBZZVvYz05y8oX46yuXzU-w43aFThTXilO9CwXMlj41YIjhhfp0HQpTYTni1MVskBqHIN_PapYa0nTK-bcRvZz1A2rWrkBXMQMem3/s1600/a22a5b6c0715b58dde838343356a748a.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v410"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="a22a5b6c0715b58dde838343356a748a.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 497910
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

142.250.74.97

200 OK

8.2 kB

URL GET HTTP/3
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNNrkfkdTsjPa8sd3dDcAx46flwvIyy1cbuBW0iZcbFK1Q01wJQCUP4ANfdv8c0e_IjOKMaoxVMIDuobPJrb43ZMu2Uq3qThRJE1nDvEMQPiLrm5AgnNo8C9AbWXJmropeWPC3Tbe1uEsI2yXHVeG-aU289wuxYj4lM-kVHnLPxVPtt-PPmYU_k_Gf_nlT/w110-h72-p-k-no-nu/5162761f46099831631dacb1c4cf7251.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 110 x 72, 8-bit/color RGB, non-interlaced\012- data
Size
8.2 kB (8227 bytes)
Hash
ec003dd19ed42384f7af3ee17a290e41
880df3387115480240ff820068bf651966244aca
748c00092470a85c03be4d1510e8f8e9b769c1a6733cef4863b3c1ea7f5e5f5a

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhNNrkfkdTsjPa8sd3dDcAx46flwvIyy1cbuBW0iZcbFK1Q01wJQCUP4ANfdv8c0e_IjOKMaoxVMIDuobPJrb43ZMu2Uq3qThRJE1nDvEMQPiLrm5AgnNo8C9AbWXJmropeWPC3Tbe1uEsI2yXHVeG-aU289wuxYj4lM-kVHnLPxVPtt-PPmYU_k_Gf_nlT/w110-h72-p-k-no-nu/5162761f46099831631dacb1c4cf7251.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v43a"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="5162761f46099831631dacb1c4cf7251.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 8227
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png

45.133.44.9

200 OK

9.0 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
9.0 kB (9016 bytes)
Hash
a56f06ca83ee06488a213b352e00bd90
aec437b74eb6f1143683872fb2d664286da4a664
7144c526762a9d91bdde1939194c2835f2cb1afe0ebac298bbdf1e9239b539ec

HTTP Headers

GET /si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: image/png
content-length: 9016
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:51:52 GMT
etag: "655b7288-2338"
expires: Wed, 29 Nov 2023 18:29:32 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png

45.133.44.9

200 OK

20 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20001 bytes)
Hash
ea31001ce8fa95eb2ac1617515105332
d505ca04808c25cfa33a555c96886f421ddbbde7
0267f5cd21fe5609405724c20d6f021b8932a696ada766b8e86e42c670000ab3

HTTP Headers

GET /si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: image/png
content-length: 20001
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:52:40 GMT
etag: "655b72b8-4e21"
expires: Wed, 29 Nov 2023 18:29:32 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png

172.64.108.10

200 OK

591 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2380985
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qv7y5KSD9EpQzsHcA0jP8YOLQ8fg6mqXLjf%2B0rl3iXSqfVKcmFq%2BdXCwchF35TtiEQDCUfUMqvoJ07ooJ8kORmuQcHDEkzvzExsXaWeqeEXgn4FtENYaICC66HwfW3cFmAkoPI%2FARynR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc6feffb3a28af-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nonsensethingresult.com/ntv.json?key=a84f8187074b7f17110403f19701cd1b&vstc=2

173.233.139.164

200 OK

8.6 kB

URL GET HTTP/1.1
nonsensethingresult.com/ntv.json?key=a84f8187074b7f17110403f19701cd1b&vstc=2
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectnonsensethingresult.com
Fingerprint1C:B5:18:38:29:B7:7D:7D:BF:01:E2:85:B1:32:FE:6B:70:6F:1E:BF
ValidityTue, 07 Nov 2023 08:01:06 GMT - Mon, 05 Feb 2024 08:01:05 GMT

File type
JSON data\012- , ASCII text, with very long lines (8604), with no line terminators
Size
8.6 kB (8604 bytes)
Hash
7e82f7679845c8ec6b9083354335b497
9c5e87a1cbd62c059d27bc8614866aaad877d97e
9483a06f2ddc1774df2be2ff8b2f0edd270b5a6406d1ae5de147b60b70e2cc01

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ntv.json?key=a84f8187074b7f17110403f19701cd1b&vstc=2 HTTP/1.1
Host: nonsensethingresult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:32 GMT
Content-Type: application/json
Content-Length: 8604
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://elegantfreebies.blogspot.com
Access-Control-Allow-Origin: https://elegantfreebies.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=21133435; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
uncs=1; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
pdhtkv49=true; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
uncs49=1; expires=Tue, 28 Nov 2023 18:29:32 GMT; secure; SameSite=None
nleca84f8187074b7f17110403f19701cd1b=[2229329,2019380]; expires=Mon, 27 Nov 2023 18:29:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad82edde06fc5755ce6e910708b23bbe
Strict-Transport-Security: max-age=0; includeSubdomains

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqmGPAljZkcgFQbfwreZ0ggpkQ-WRA3UWdHVSKIKZAa7hPeNbrroWY26Kexg6nzy-Br0XZ3CJEY2zItGlcbqQSQ_491cLWVrXZF1_QIpRuBJuxQ-8oAb5bguAMl-mQJXTDFA8WS9FAoZzi-kuJlb4CCLMKBIWdQ4JzXhu8uYO3-kg7TUsfxyVk4MMYPuKT/w110-h72-p-k-no-nu/5219ff469db4690bcc6c104a14490c2c.png

142.250.74.97

200 OK

9.1 kB

URL GET HTTP/3
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqmGPAljZkcgFQbfwreZ0ggpkQ-WRA3UWdHVSKIKZAa7hPeNbrroWY26Kexg6nzy-Br0XZ3CJEY2zItGlcbqQSQ_491cLWVrXZF1_QIpRuBJuxQ-8oAb5bguAMl-mQJXTDFA8WS9FAoZzi-kuJlb4CCLMKBIWdQ4JzXhu8uYO3-kg7TUsfxyVk4MMYPuKT/w110-h72-p-k-no-nu/5219ff469db4690bcc6c104a14490c2c.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 110 x 72, 8-bit/color RGB, non-interlaced\012- data
Size
9.1 kB (9139 bytes)
Hash
ed9052f5b7fa403094e7537c6fe98477
a861d84ef5557caa665616e8ddfed3a9e00c38dc
e9e6620e5b9cc14852090b9835d11604cb0e6d6d5f1fce2d002575dd7e63b802

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhqmGPAljZkcgFQbfwreZ0ggpkQ-WRA3UWdHVSKIKZAa7hPeNbrroWY26Kexg6nzy-Br0XZ3CJEY2zItGlcbqQSQ_491cLWVrXZF1_QIpRuBJuxQ-8oAb5bguAMl-mQJXTDFA8WS9FAoZzi-kuJlb4CCLMKBIWdQ4JzXhu8uYO3-kg7TUsfxyVk4MMYPuKT/w110-h72-p-k-no-nu/5219ff469db4690bcc6c104a14490c2c.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v43d"
expires: Tue, 28 Nov 2023 18:29:33 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="5219ff469db4690bcc6c104a14490c2c.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:33 GMT
server: fife
content-length: 9139
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivc5TvRJmab2JoEGxstZCxCb4nPS1lAZ6Pwi_yHCfvKwgq2NoZ_k_H0sGoCcl85VD1YaEYrPSyjro3itWcsOjRpwcsfiOpqry4XcFjV1xOP-pcpC_7mgiF0Zy07buAkZDJTwvJQLDv1Qwq0gFgp1gYb3Uz02hk3itX9NItOOY3yYYMvWns8TI8U9L5884N/w387-h226-p-k-no-nu/46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png

142.250.74.97

200 OK

44 kB

URL GET HTTP/3
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivc5TvRJmab2JoEGxstZCxCb4nPS1lAZ6Pwi_yHCfvKwgq2NoZ_k_H0sGoCcl85VD1YaEYrPSyjro3itWcsOjRpwcsfiOpqry4XcFjV1xOP-pcpC_7mgiF0Zy07buAkZDJTwvJQLDv1Qwq0gFgp1gYb3Uz02hk3itX9NItOOY3yYYMvWns8TI8U9L5884N/w387-h226-p-k-no-nu/46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 387 x 226, 8-bit/color RGB, non-interlaced\012- data
Size
44 kB (44244 bytes)
Hash
f6e41328f3508aad48c9bcab44881180
f33661bea05fed130d8cdea9a76020e90881024f
45ff38ebe0fe1887644898b40cc16a9e9944bc0a4b4e2dbb2856edc3653440b3

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEivc5TvRJmab2JoEGxstZCxCb4nPS1lAZ6Pwi_yHCfvKwgq2NoZ_k_H0sGoCcl85VD1YaEYrPSyjro3itWcsOjRpwcsfiOpqry4XcFjV1xOP-pcpC_7mgiF0Zy07buAkZDJTwvJQLDv1Qwq0gFgp1gYb3Uz02hk3itX9NItOOY3yYYMvWns8TI8U9L5884N/w387-h226-p-k-no-nu/46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v43f"
expires: Tue, 28 Nov 2023 18:29:33 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="46ea51dc4c8cec6fc2ab3c00b7a2f1f2.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:33 GMT
server: fife
content-length: 44244
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

33 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
33 kB (33165 bytes)
Hash
5834f6ac3c0df87d0b18df833fb06887
c728b95228a5ffd43598135aff70304b19545174
846c49f3dfedc31dee550d01f0d7133d3d9bf8e02acb389ec9248a5e66d75b6e

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 27 Nov 2023 18:29:32 GMT
date: Mon, 27 Nov 2023 18:29:32 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg

45.133.44.9

200 OK

23 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
23 kB (22757 bytes)
Hash
9a2dc4fe2ebb70df2dfb1566d22970b8
b85a5f4ef7bd68b834d03d8b9a552e2e546e8701
1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd

HTTP Headers

GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:33 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Wed, 29 Nov 2023 18:29:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

142.250.74.97

200 OK

10 kB

URL GET HTTP/3
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLmtpKbFxjGAB-T3FC8yYJTvIYwvDqudX_sg99IRs336OChz6K8AV6BDSQyrfq0SmvZtqDgtQWBDMREDf7TXA-rwv8dhy6_u8cgtrrB-hRE8SPJ6KuAktpI8i-cjCtOMl6o81P1bdPhTZ8Akxq5rfGLDBBkeOt6vTtJQYVeJC1oWz6EzFnhNVOAyoq8tbo/w110-h72-p-k-no-nu/89dfa452bb2ac924fa4ce09f708394fd.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 110 x 72, 8-bit/color RGB, non-interlaced\012- data
Size
10 kB (10529 bytes)
Hash
0f3b7ed836022561462b4699afbedfa7
3babbd85df1a96d4d49ae4026487e2d8f80fb951
6ecaf0099de7b5831bf0d582ec02ac9a25df86300bc7871c765b8950a59e0e22

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEiLmtpKbFxjGAB-T3FC8yYJTvIYwvDqudX_sg99IRs336OChz6K8AV6BDSQyrfq0SmvZtqDgtQWBDMREDf7TXA-rwv8dhy6_u8cgtrrB-hRE8SPJ6KuAktpI8i-cjCtOMl6o81P1bdPhTZ8Akxq5rfGLDBBkeOt6vTtJQYVeJC1oWz6EzFnhNVOAyoq8tbo/w110-h72-p-k-no-nu/89dfa452bb2ac924fa4ce09f708394fd.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v412"
expires: Tue, 28 Nov 2023 18:29:33 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="89dfa452bb2ac924fa4ce09f708394fd.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:33 GMT
server: fife
content-length: 10529
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css

172.64.108.10

200 OK

4.9 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
4.9 kB (4854 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:06:42 GMT
etag: W/"62136432-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jHDs0Ums98HEz%2FE8kdsbI1orXOMiaeJaCX5vnWYFoFyf4mTidK6eX%2Bo7hS%2BxX6sy77S0YXfmjMhmz1vm6zjLIoVO%2FGKIDGcufusFmdtSF0uvLRWhgpUbTG%2Br7Ma9S%2Fd5gOXeHpbioJ%2FG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc6fefaae828af-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js

172.64.108.10

200 OK

31 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (32025)
Size
31 kB (30619 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2289957
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27Ljlhf9a6DRhS6FVE%2BbX2mv5%2F8zEnQYFrGTI8CVt2R14qxeBK5fQAofJh4wUMyWbQwSXLG5ui278n6ntUNIlegigHioCHN45SwHVCDen9mJkBorxN2OPw8P03iLpgh%2FWOQZyh5nP%2Fot"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc6ff00b4e28af-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nonsensethingresult.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuno2XVQR1L15kEAQVnXTP9OzMuMhiXFcWY5L9ITlXV1VPylRXNVXd05N4CS7IHgdP6qnzTbJBXcQ9eVGQiSBLQExflhwM%2FgsiLB5lkoHRB1XvffW9w%2Fe9V5%2Ft5qfER05P1j4021Iputhu%2BPVX16XmpnD1lTv1wG%2F4V%2BrrUl8Or9SH08sO3gr8dsN%2Frf6%2BYJtmsekHvh%2F4Qf26tCI2w8UzFjJ90AsaPb8RNhtBO8TQ%2Fh%2B73IOjHvjglDwPyaunNh49hGQT6OT7a8JtZiZ9470kVzQzFgN%2B8JHe1KbQSOZlbD3E%2BmDWDeMqQr6oweiDmQOYwd7UASJZEe9xgEgfzGQiGuyfK40UhEbEn0YxmECoCSSdgJm7kPyYAIxjZRU6ub9ibEG3zlk6ZSuy8ORvyKIiC39cgk6%2BW1JyWL9tVJ5Jox2GcQk5nED2J0jzQ2TbHmRxCJZ9Csl%2FI4tPlqGTvVWnDCQvz9xLOYGMJ1BiBOo85NMjPeSxhzz1kPCTOm33Yt%2FvxFHcanVDxlirxVi7e5m3eSvsxj5yNpU3QpaOwNQIzO4gtTvYlCPY%2FGe4jRKOe3BZRbybOxjwEoUgKBxBQQkKSVBkBMWg3OfKNV15nyuXR8EsN2e5VY5N1t%2Bl%2BybrC01201Py3HQu3tLwE2yKkzrthnE36Hb8Thh14qATBH7ot%2BKg1%2FEDxoMITpaQrnZmdVtWZPGvH5DKilzSbyKih3DqEExeAM0D0GLcafqgG%2BOw62Nb%2FyiU6FOdxVaISArXiJTpu9RkDWYScFMizRaQbXm76pS8eLavl34PIdjR1V8vvp2OH18EsyVSW%2BJj%2BQtBX90b3zIF2btlCkcerqaZTOQ2ne7ydkYzceGbD8RWYSy%2Fcc2Nvn6HTYlp%2BeCOcNky1VzqviPfLknOhb1uLBPkpxtuXURrudtYyq3O0%2BW1d6%2FfSFIrnJNGT0Dl8eo%2FYLIiC6%2B8cPZLnz1%2BHdJOYPMSSX5EZgFpDsHSHbh0rt4ZAqvmPVFaQ5GXY9uM5o9KEigxxzQq4f6Do3m96%2B6hb2ug2V3opMTAlhioElSN4PKL4yy1R1cffTmNrxCp2jhStrYXKas%2Br8jLCzfP5%2BvkSb0dhKIbdTuM80gwHnSarW7L95uch52eCHrIXCX4n8%2F8CwAA%2F%2F8BAAD%2F%2F0JMuBqCBAAA

173.233.137.52

200 OK

7 B

URL GET HTTP/1.1
nonsensethingresult.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuno2XVQR1L15kEAQVnXTP9OzMuMhiXFcWY5L9ITlXV1VPylRXNVXd05N4CS7IHgdP6qnzTbJBXcQ9eVGQiSBLQExflhwM%2FgsiLB5lkoHRB1XvffW9w%2Fe9V5%2Ft5qfER05P1j4021Iputhu%2BPVX16XmpnD1lTv1wG%2F4V%2BrrUl8Or9SH08sO3gr8dsN%2Frf6%2BYJtmsekHvh%2F4Qf26tCI2w8UzFjJ90AsaPb8RNhtBO8TQ%2Fh%2B73IOjHvjglDwPyaunNh49hGQT6OT7a8JtZiZ9470kVzQzFgN%2B8JHe1KbQSOZlbD3E%2BmDWDeMqQr6oweiDmQOYwd7UASJZEe9xgEgfzGQiGuyfK40UhEbEn0YxmECoCSSdgJm7kPyYAIxjZRU6ub9ibEG3zlk6ZSuy8ORvyKIiC39cgk6%2BW1JyWL9tVJ5Jox2GcQk5nED2J0jzQ2TbHmRxCJZ9Csl%2FI4tPlqGTvVWnDCQvz9xLOYGMJ1BiBOo85NMjPeSxhzz1kPCTOm33Yt%2FvxFHcanVDxlirxVi7e5m3eSvsxj5yNpU3QpaOwNQIzO4gtTvYlCPY%2FGe4jRKOe3BZRbybOxjwEoUgKBxBQQkKSVBkBMWg3OfKNV15nyuXR8EsN2e5VY5N1t%2Bl%2BybrC01201Py3HQu3tLwE2yKkzrthnE36Hb8Thh14qATBH7ot%2BKg1%2FEDxoMITpaQrnZmdVtWZPGvH5DKilzSbyKih3DqEExeAM0D0GLcafqgG%2BOw62Nb%2FyiU6FOdxVaISArXiJTpu9RkDWYScFMizRaQbXm76pS8eLavl34PIdjR1V8vvp2OH18EsyVSW%2BJj%2BQtBX90b3zIF2btlCkcerqaZTOQ2ne7ydkYzceGbD8RWYSy%2Fcc2Nvn6HTYlp%2BeCOcNky1VzqviPfLknOhb1uLBPkpxtuXURrudtYyq3O0%2BW1d6%2FfSFIrnJNGT0Dl8eo%2FYLIiC6%2B8cPZLnz1%2BHdJOYPMSSX5EZgFpDsHSHbh0rt4ZAqvmPVFaQ5GXY9uM5o9KEigxxzQq4f6Do3m96%2B6hb2ug2V3opMTAlhioElSN4PKL4yy1R1cffTmNrxCp2jhStrYXKas%2Br8jLCzfP5%2BvkSb0dhKIbdTuM80gwHnSarW7L95uch52eCHrIXCX4n8%2F8CwAA%2F%2F8BAAD%2F%2F0JMuBqCBAAA
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectnonsensethingresult.com
Fingerprint1C:B5:18:38:29:B7:7D:7D:BF:01:E2:85:B1:32:FE:6B:70:6F:1E:BF
ValidityTue, 07 Nov 2023 08:01:06 GMT - Mon, 05 Feb 2024 08:01:05 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuno2XVQR1L15kEAQVnXTP9OzMuMhiXFcWY5L9ITlXV1VPylRXNVXd05N4CS7IHgdP6qnzTbJBXcQ9eVGQiSBLQExflhwM%2FgsiLB5lkoHRB1XvffW9w%2Fe9V5%2Ft5qfER05P1j4021Iputhu%2BPVX16XmpnD1lTv1wG%2F4V%2BrrUl8Or9SH08sO3gr8dsN%2Frf6%2BYJtmsekHvh%2F4Qf26tCI2w8UzFjJ90AsaPb8RNhtBO8TQ%2Fh%2B73IOjHvjglDwPyaunNh49hGQT6OT7a8JtZiZ9470kVzQzFgN%2B8JHe1KbQSOZlbD3E%2BmDWDeMqQr6oweiDmQOYwd7UASJZEe9xgEgfzGQiGuyfK40UhEbEn0YxmECoCSSdgJm7kPyYAIxjZRU6ub9ibEG3zlk6ZSuy8ORvyKIiC39cgk6%2BW1JyWL9tVJ5Jox2GcQk5nED2J0jzQ2TbHmRxCJZ9Csl%2FI4tPlqGTvVWnDCQvz9xLOYGMJ1BiBOo85NMjPeSxhzz1kPCTOm33Yt%2FvxFHcanVDxlirxVi7e5m3eSvsxj5yNpU3QpaOwNQIzO4gtTvYlCPY%2FGe4jRKOe3BZRbybOxjwEoUgKBxBQQkKSVBkBMWg3OfKNV15nyuXR8EsN2e5VY5N1t%2Bl%2BybrC01201Py3HQu3tLwE2yKkzrthnE36Hb8Thh14qATBH7ot%2BKg1%2FEDxoMITpaQrnZmdVtWZPGvH5DKilzSbyKih3DqEExeAM0D0GLcafqgG%2BOw62Nb%2FyiU6FOdxVaISArXiJTpu9RkDWYScFMizRaQbXm76pS8eLavl34PIdjR1V8vvp2OH18EsyVSW%2BJj%2BQtBX90b3zIF2btlCkcerqaZTOQ2ne7ydkYzceGbD8RWYSy%2Fcc2Nvn6HTYlp%2BeCOcNky1VzqviPfLknOhb1uLBPkpxtuXURrudtYyq3O0%2BW1d6%2FfSFIrnJNGT0Dl8eo%2FYLIiC6%2B8cPZLnz1%2BHdJOYPMSSX5EZgFpDsHSHbh0rt4ZAqvmPVFaQ5GXY9uM5o9KEigxxzQq4f6Do3m96%2B6hb2ug2V3opMTAlhioElSN4PKL4yy1R1cffTmNrxCp2jhStrYXKas%2Br8jLCzfP5%2BvkSb0dhKIbdTuM80gwHnSarW7L95uch52eCHrIXCX4n8%2F8CwAA%2F%2F8BAAD%2F%2F0JMuBqCBAAA HTTP/1.1
Host: nonsensethingresult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Cookie: u_pl=21133435; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nleca84f8187074b7f17110403f19701cd1b=[2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41d9bcebff2f1638657647f3acc8b6ea
Strict-Transport-Security: max-age=0; includeSubdomains

nonsensethingresult.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuuzuZ32Z8HP%2FbiRQZBUNBJ90zPzoyLLMY1EoxJ9kNyrq6qnpSprmqquqcn8RJckD0OntRT55lkg7qIe%2FKiIBNBlqC4fVlyMPgPeBBh8SgzOzD6QtX7PvW8h%2Bd53%2Fr4ID8nPnJ6tvme2ZNK0aVW3a%2B9vCU1N4Wrrd%2BqBX7dv1LbkvpyeKU2mFy2%2F3rgt%2Br%2BK7V3BNsxSw0%2F8P3AD2or0orYDJamLGR6rxvUu349bNSDVoiB%2FS92uQdHPfD%2BOXkWklf%2F235wH5KNoZNvrgm3k5n01beTXNHMWPT58ft6R5tCI5mXsfUQ6%2BNZN4yrCPl0AUYfzxzA9A8nDhDJiniPAkT6eCYTUf%2FoidJIQWhE%2FP8o%2BmMINYakYzBzG5I%2FJADjWN%2BATu6uG1vQ3ScsnbAVWXz8F2RRkcXfLkEnXy8rOajdNCrPpNEOg7iEHIwhe2Ok%2BQmyPQ%2ByOAHLPoLkv5Clx2vQyeGGUwaSl1P3Uo4h4zGUGII6D%2FnkSA957CFPPST8rEZb3dj323EUN5udkDHWbDLW6lzmLd4MO7GPnE3kDZGlQzA1BLP7SO0%2BduQQNv8BbruE4x5cVhHv%2Bj76vEQhCApHUFCCQhIUGUHRL4%2B4cg1X3uXK5VEwy41ZbpYjk%2FUO6JHJekKTg%2FScPDOZi7c8%2BBA74qxGO2HcCTptvx1G7ThoB4Ef%2Bs046Lb9gPEggpMlpFuYWt2TFVn681uksiKX9GuI6AmcOgGTF0DzALQYtRs%2B6PYo7PjY098JJXpUZ7EVIpLC1SNlei41WZ2ZBNyUSLNFZLvegTonz0%2F39eLidQh2evWni2%2Bko0cXwWyJ1Jb4QP5I0FN3RjdMQQ5vmMKR%2BxtpJhO5Rye7vJnRTFz48l2xWxjLV6%2B54RdvsgkxKe%2FdEi5bo5pL3XPkq2XJubArxjJBvl91WyLazN32cm51nq5tvrWymqRWOCeNHoPKhxt%2Fg8mKLL703PSXPv3zH5B2DJuXSPJTMgtIcwKW7sOlc%2FXOEFg174lSD0Vejmwjmj8qSaDEHNOohPsXjub1gbuDnl0AzW5DJyX6tkRflaBqCJdfHGWpPb364LNJfI5ILYwiZRcOI2XVJ9PRVuSFX0M4eVZrBaHoRJ024zwSjAftRrPT9P0G52G7K4IuMlcJ%2FvtT%2FwAAAP%2F%2FAQAA%2F%2F9iZUTGggQAAA%3D%3D

173.233.137.52

200 OK

7 B

URL GET HTTP/1.1
nonsensethingresult.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuuzuZ32Z8HP%2FbiRQZBUNBJ90zPzoyLLMY1EoxJ9kNyrq6qnpSprmqquqcn8RJckD0OntRT55lkg7qIe%2FKiIBNBlqC4fVlyMPgPeBBh8SgzOzD6QtX7PvW8h%2Bd53%2Fr4ID8nPnJ6tvme2ZNK0aVW3a%2B9vCU1N4Wrrd%2BqBX7dv1LbkvpyeKU2mFy2%2F3rgt%2Br%2BK7V3BNsxSw0%2F8P3AD2or0orYDJamLGR6rxvUu349bNSDVoiB%2FS92uQdHPfD%2BOXkWklf%2F235wH5KNoZNvrgm3k5n01beTXNHMWPT58ft6R5tCI5mXsfUQ6%2BNZN4yrCPl0AUYfzxzA9A8nDhDJiniPAkT6eCYTUf%2FoidJIQWhE%2FP8o%2BmMINYakYzBzG5I%2FJADjWN%2BATu6uG1vQ3ScsnbAVWXz8F2RRkcXfLkEnXy8rOajdNCrPpNEOg7iEHIwhe2Ok%2BQmyPQ%2ByOAHLPoLkv5Clx2vQyeGGUwaSl1P3Uo4h4zGUGII6D%2FnkSA957CFPPST8rEZb3dj323EUN5udkDHWbDLW6lzmLd4MO7GPnE3kDZGlQzA1BLP7SO0%2BduQQNv8BbruE4x5cVhHv%2Bj76vEQhCApHUFCCQhIUGUHRL4%2B4cg1X3uXK5VEwy41ZbpYjk%2FUO6JHJekKTg%2FScPDOZi7c8%2BBA74qxGO2HcCTptvx1G7ThoB4Ef%2Bs046Lb9gPEggpMlpFuYWt2TFVn681uksiKX9GuI6AmcOgGTF0DzALQYtRs%2B6PYo7PjY098JJXpUZ7EVIpLC1SNlei41WZ2ZBNyUSLNFZLvegTonz0%2F39eLidQh2evWni2%2Bko0cXwWyJ1Jb4QP5I0FN3RjdMQQ5vmMKR%2BxtpJhO5Rye7vJnRTFz48l2xWxjLV6%2B54RdvsgkxKe%2FdEi5bo5pL3XPkq2XJubArxjJBvl91WyLazN32cm51nq5tvrWymqRWOCeNHoPKhxt%2Fg8mKLL703PSXPv3zH5B2DJuXSPJTMgtIcwKW7sOlc%2FXOEFg174lSD0Vejmwjmj8qSaDEHNOohPsXjub1gbuDnl0AzW5DJyX6tkRflaBqCJdfHGWpPb364LNJfI5ILYwiZRcOI2XVJ9PRVuSFX0M4eVZrBaHoRJ024zwSjAftRrPT9P0G52G7K4IuMlcJ%2FvtT%2FwAAAP%2F%2FAQAA%2F%2F9iZUTGggQAAA%3D%3D
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectnonsensethingresult.com
Fingerprint1C:B5:18:38:29:B7:7D:7D:BF:01:E2:85:B1:32:FE:6B:70:6F:1E:BF
ValidityTue, 07 Nov 2023 08:01:06 GMT - Mon, 05 Feb 2024 08:01:05 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuuzuZ32Z8HP%2FbiRQZBUNBJ90zPzoyLLMY1EoxJ9kNyrq6qnpSprmqquqcn8RJckD0OntRT55lkg7qIe%2FKiIBNBlqC4fVlyMPgPeBBh8SgzOzD6QtX7PvW8h%2Bd53%2Fr4ID8nPnJ6tvme2ZNK0aVW3a%2B9vCU1N4Wrrd%2BqBX7dv1LbkvpyeKU2mFy2%2F3rgt%2Br%2BK7V3BNsxSw0%2F8P3AD2or0orYDJamLGR6rxvUu349bNSDVoiB%2FS92uQdHPfD%2BOXkWklf%2F235wH5KNoZNvrgm3k5n01beTXNHMWPT58ft6R5tCI5mXsfUQ6%2BNZN4yrCPl0AUYfzxzA9A8nDhDJiniPAkT6eCYTUf%2FoidJIQWhE%2FP8o%2BmMINYakYzBzG5I%2FJADjWN%2BATu6uG1vQ3ScsnbAVWXz8F2RRkcXfLkEnXy8rOajdNCrPpNEOg7iEHIwhe2Ok%2BQmyPQ%2ByOAHLPoLkv5Clx2vQyeGGUwaSl1P3Uo4h4zGUGII6D%2FnkSA957CFPPST8rEZb3dj323EUN5udkDHWbDLW6lzmLd4MO7GPnE3kDZGlQzA1BLP7SO0%2BduQQNv8BbruE4x5cVhHv%2Bj76vEQhCApHUFCCQhIUGUHRL4%2B4cg1X3uXK5VEwy41ZbpYjk%2FUO6JHJekKTg%2FScPDOZi7c8%2BBA74qxGO2HcCTptvx1G7ThoB4Ef%2Bs046Lb9gPEggpMlpFuYWt2TFVn681uksiKX9GuI6AmcOgGTF0DzALQYtRs%2B6PYo7PjY098JJXpUZ7EVIpLC1SNlei41WZ2ZBNyUSLNFZLvegTonz0%2F39eLidQh2evWni2%2Bko0cXwWyJ1Jb4QP5I0FN3RjdMQQ5vmMKR%2BxtpJhO5Rye7vJnRTFz48l2xWxjLV6%2B54RdvsgkxKe%2FdEi5bo5pL3XPkq2XJubArxjJBvl91WyLazN32cm51nq5tvrWymqRWOCeNHoPKhxt%2Fg8mKLL703PSXPv3zH5B2DJuXSPJTMgtIcwKW7sOlc%2FXOEFg174lSD0Vejmwjmj8qSaDEHNOohPsXjub1gbuDnl0AzW5DJyX6tkRflaBqCJdfHGWpPb364LNJfI5ILYwiZRcOI2XVJ9PRVuSFX0M4eVZrBaHoRJ024zwSjAftRrPT9P0G52G7K4IuMlcJ%2FvtT%2FwAAAP%2F%2FAQAA%2F%2F9iZUTGggQAAA%3D%3D HTTP/1.1
Host: nonsensethingresult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Cookie: u_pl=21133435; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nleca84f8187074b7f17110403f19701cd1b=[2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 98b9f9737e248a6c288a2e56300c5945
Strict-Transport-Security: max-age=0; includeSubdomains

elegantfreebies.blogspot.com/favicon.ico

172.217.21.161

200 OK

412 B

URL GET HTTP/3
elegantfreebies.blogspot.com/favicon.ico
IP
172.217.21.161:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.blogspot.com
Fingerprint07:E2:99:33:66:25:16:0A:1D:C3:C7:18:D8:82:4A:F0:37:40:E1:5B
ValidityMon, 23 Oct 2023 11:23:28 GMT - Mon, 15 Jan 2024 11:23:27 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Size
412 B (412 bytes)
Hash
59a0c7b6e4848ccdabcea0636efda02b
30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: elegantfreebies.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/?m=1
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=65268eee-2af5-4bb8-af3f-7401d6c11fa6%3A3%3A1; sb_main_7ee9fd42c85377aed65996b9d77c8a25=1; sb_count_7ee9fd42c85377aed65996b9d77c8a25=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=casualhappily.com; m5a4xojbcp2nx3gptmm633qal3gzmadn=nonsensethingresult.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/x-icon; charset=UTF-8
expires: Mon, 27 Nov 2023 18:29:33 GMT
date: Mon, 27 Nov 2023 18:29:33 GMT
cache-control: private, max-age=86400
last-modified: Mon, 27 Nov 2023 18:07:05 GMT
etag: W/"1cc17c8c1563514d953250fc9e2f07c6af4bf311271ea9c4f98659ee1b010eb9"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 412
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Nov 2023 21:52:12 GMT
expires: Thu, 21 Nov 2024 21:52:12 GMT
cache-control: public, max-age=31536000
age: 419841
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 20 Nov 2023 23:43:03 GMT
expires: Tue, 19 Nov 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 585990
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

casualhappily.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSP6gc1Ru985Jf9dNCSWMhbGERwbdvZmd2d8YUITEmBmMS84cUVvff7Lu%2BO3OHe2d2NmthMCApV7CwnHf2JQ81BGMjiILss5GA4FrIK3wY7AMipJZ9WVj9ivnO%2Bc4U3znf%2FXi7OiA%2BKrp%2F%2BR0zVlrTjW7bbx2%2FoXJhate6eK0V%2BG3%2FROuGynvRidZo8bHD1wO%2F2%2FZfbZ2TfMtsdPzA9wM%2FaJ1VVqZmtHGoQhX3k6Cd%2BO2o0w66EUb2v9xVHhz1IIYH5EUoMf%2Ff5k8PofgMefbVGem2SlO89mZWaVoai6HYvZ5v5abOka1gaj2k%2Be7ybxg3J%2BSzNZh8d%2BkAZrizcACm5sT7LQDLd5drgg3vPtuUacgcTPwf9XAGqWdQdAZubkOJXwjABS5eQp7du2hsTW8%2BU%2BlCnZOjT%2F%2BGqufk6O%2FHkGcPTms1al01uiqVyR1GaQM1mkENZiiqPZRjD6reAy8%2FghI%2Fk42nF5BnO5ecNlBi%2F5WUiYj6NF4PE9Fbj3pxuM46VK4nYZLGNIoo6%2FUPI1JqBpXOoOUE1K2hch4q5aFKPVSFh0zst2g3SX2%2Fn7I0DOOIcx6GnHfjnuiKMIpTHxVfeJigLCbgegJub6Gwt7ClJrDVD3CbDZxYgyvnxHv3QwxFg1oS1I6gpgS1IqhLgnrY3BXadVxzT2hXsWDZO8seNlNTDrbpXVMOZE62iwPywiI879TjBFtyv9WXMklF1OFxN%2Bz3qRS9bpL0WCL6fR7TThdONVBuDdR5GKs52fjrGxRqTo7l62B0D07vgasjoNXLoPW03%2FFBN6dR7GOcfye1HNC8TK2UTEnXZtoMXGHKNjcZhGlQlEdR3vS29QF56fCob337HiR%2FdPLT8eNzD459AG4bFLbB%2B%2BpHgoG%2BM71iarJzxdSOPLxUlCpTY7o4%2BNWSlvLIF2%2FLm7Wx4vwZN%2Fn8FF8IC3j%2FmnTlBZoLlQ8c%2BfK0EkLas8ZySb4%2F725Idrlym6crm1fFhctvnD2fFVY6p0w%2BA1VzQp58Da7m5Pkn7vAxH7%2F%2BJ5SdwVYNsuoRWRaU2QMvbsEVq5kzBFavOCs81FUztR22GmpFoOWKU9bA%2FYuzFd52dzCwHmh5G3nWYGgbDHUDqidw1ZFpWdhHJ38NDwtMe1OmrbfDtNWfPAvXqf1WN4hkzOI%2BF4JJLoJ%2BJ4xD3%2B8IEfUTGSQo3VyKP577BwAA%2F%2F8BAAD%2F%2F8MgzCmkBAAA

173.233.139.164

200 OK

7 B

URL GET HTTP/1.1
casualhappily.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSP6gc1Ru985Jf9dNCSWMhbGERwbdvZmd2d8YUITEmBmMS84cUVvff7Lu%2BO3OHe2d2NmthMCApV7CwnHf2JQ81BGMjiILss5GA4FrIK3wY7AMipJZ9WVj9ivnO%2Bc4U3znf%2FXi7OiA%2BKrp%2F%2BR0zVlrTjW7bbx2%2FoXJhate6eK0V%2BG3%2FROuGynvRidZo8bHD1wO%2F2%2FZfbZ2TfMtsdPzA9wM%2FaJ1VVqZmtHGoQhX3k6Cd%2BO2o0w66EUb2v9xVHhz1IIYH5EUoMf%2Ff5k8PofgMefbVGem2SlO89mZWaVoai6HYvZ5v5abOka1gaj2k%2Be7ybxg3J%2BSzNZh8d%2BkAZrizcACm5sT7LQDLd5drgg3vPtuUacgcTPwf9XAGqWdQdAZubkOJXwjABS5eQp7du2hsTW8%2BU%2BlCnZOjT%2F%2BGqufk6O%2FHkGcPTms1al01uiqVyR1GaQM1mkENZiiqPZRjD6reAy8%2FghI%2Fk42nF5BnO5ecNlBi%2F5WUiYj6NF4PE9Fbj3pxuM46VK4nYZLGNIoo6%2FUPI1JqBpXOoOUE1K2hch4q5aFKPVSFh0zst2g3SX2%2Fn7I0DOOIcx6GnHfjnuiKMIpTHxVfeJigLCbgegJub6Gwt7ClJrDVD3CbDZxYgyvnxHv3QwxFg1oS1I6gpgS1IqhLgnrY3BXadVxzT2hXsWDZO8seNlNTDrbpXVMOZE62iwPywiI879TjBFtyv9WXMklF1OFxN%2Bz3qRS9bpL0WCL6fR7TThdONVBuDdR5GKs52fjrGxRqTo7l62B0D07vgasjoNXLoPW03%2FFBN6dR7GOcfye1HNC8TK2UTEnXZtoMXGHKNjcZhGlQlEdR3vS29QF56fCob337HiR%2FdPLT8eNzD459AG4bFLbB%2B%2BpHgoG%2BM71iarJzxdSOPLxUlCpTY7o4%2BNWSlvLIF2%2FLm7Wx4vwZN%2Fn8FF8IC3j%2FmnTlBZoLlQ8c%2BfK0EkLas8ZySb4%2F725Idrlym6crm1fFhctvnD2fFVY6p0w%2BA1VzQp58Da7m5Pkn7vAxH7%2F%2BJ5SdwVYNsuoRWRaU2QMvbsEVq5kzBFavOCs81FUztR22GmpFoOWKU9bA%2FYuzFd52dzCwHmh5G3nWYGgbDHUDqidw1ZFpWdhHJ38NDwtMe1OmrbfDtNWfPAvXqf1WN4hkzOI%2BF4JJLoJ%2BJ4xD3%2B8IEfUTGSQo3VyKP577BwAA%2F%2F8BAAD%2F%2F8MgzCmkBAAA
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcasualhappily.com
Fingerprint87:4D:D0:16:33:F9:00:E4:B7:12:7A:AC:6A:E4:FA:95:09:8D:08:3B
ValiditySat, 25 Nov 2023 08:12:57 GMT - Fri, 23 Feb 2024 08:12:56 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSP6gc1Ru985Jf9dNCSWMhbGERwbdvZmd2d8YUITEmBmMS84cUVvff7Lu%2BO3OHe2d2NmthMCApV7CwnHf2JQ81BGMjiILss5GA4FrIK3wY7AMipJZ9WVj9ivnO%2Bc4U3znf%2FXi7OiA%2BKrp%2F%2BR0zVlrTjW7bbx2%2FoXJhate6eK0V%2BG3%2FROuGynvRidZo8bHD1wO%2F2%2FZfbZ2TfMtsdPzA9wM%2FaJ1VVqZmtHGoQhX3k6Cd%2BO2o0w66EUb2v9xVHhz1IIYH5EUoMf%2Ff5k8PofgMefbVGem2SlO89mZWaVoai6HYvZ5v5abOka1gaj2k%2Be7ybxg3J%2BSzNZh8d%2BkAZrizcACm5sT7LQDLd5drgg3vPtuUacgcTPwf9XAGqWdQdAZubkOJXwjABS5eQp7du2hsTW8%2BU%2BlCnZOjT%2F%2BGqufk6O%2FHkGcPTms1al01uiqVyR1GaQM1mkENZiiqPZRjD6reAy8%2FghI%2Fk42nF5BnO5ecNlBi%2F5WUiYj6NF4PE9Fbj3pxuM46VK4nYZLGNIoo6%2FUPI1JqBpXOoOUE1K2hch4q5aFKPVSFh0zst2g3SX2%2Fn7I0DOOIcx6GnHfjnuiKMIpTHxVfeJigLCbgegJub6Gwt7ClJrDVD3CbDZxYgyvnxHv3QwxFg1oS1I6gpgS1IqhLgnrY3BXadVxzT2hXsWDZO8seNlNTDrbpXVMOZE62iwPywiI879TjBFtyv9WXMklF1OFxN%2Bz3qRS9bpL0WCL6fR7TThdONVBuDdR5GKs52fjrGxRqTo7l62B0D07vgasjoNXLoPW03%2FFBN6dR7GOcfye1HNC8TK2UTEnXZtoMXGHKNjcZhGlQlEdR3vS29QF56fCob337HiR%2FdPLT8eNzD459AG4bFLbB%2B%2BpHgoG%2BM71iarJzxdSOPLxUlCpTY7o4%2BNWSlvLIF2%2FLm7Wx4vwZN%2Fn8FF8IC3j%2FmnTlBZoLlQ8c%2BfK0EkLas8ZySb4%2F725Idrlym6crm1fFhctvnD2fFVY6p0w%2BA1VzQp58Da7m5Pkn7vAxH7%2F%2BJ5SdwVYNsuoRWRaU2QMvbsEVq5kzBFavOCs81FUztR22GmpFoOWKU9bA%2FYuzFd52dzCwHmh5G3nWYGgbDHUDqidw1ZFpWdhHJ38NDwtMe1OmrbfDtNWfPAvXqf1WN4hkzOI%2BF4JJLoJ%2BJ4xD3%2B8IEfUTGSQo3VyKP577BwAA%2F%2F8BAAD%2F%2F8MgzCmkBAAA HTTP/1.1
Host: casualhappily.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Cookie: u_pl=21094713; uid_id2=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cc62aa75144ecb8f93a8f597a7f9a921
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js

172.64.108.10

200 OK

338 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
338 B (338 bytes)
Hash
89918681df9f363bb293cb027c2f1113
cf7dca97b09ed3d03e821b407286539519a9f037
6648e7501f858c8ffaf2b35736dbd37f2d22afb2c781ee552d7c113d77413b9e

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:33 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y23fYNuKUHdn5xHg9phIEut6cBl93lbADvSYhH%2Bf1ZjZCdH0JeqFs%2FJ3umTK6jfnRHNujGv%2Baa%2BNPDU1yDVlY6IrW7XCNOEeZmMLt%2B0FYOPuYHhzFLetN4gHnPcT4tkOu7W%2B9N302X9J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc6ff0cc4f28af-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=65268eee-2af5-4bb8-af3f-7401d6c11fa6&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=7ee9fd42c85377aed65996b9d77c8a25&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=65268eee-2af5-4bb8-af3f-7401d6c11fa6&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=7ee9fd42c85377aed65996b9d77c8a25&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=65268eee-2af5-4bb8-af3f-7401d6c11fa6&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=7ee9fd42c85377aed65996b9d77c8a25&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:34 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6839e6f9a2b77d0294e0b7816044ee0d
Strict-Transport-Security: max-age=0; includeSubdomains

nonsensethingresult.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuno2XVQR1L15kEAQVnVTPj50ZF1mM68piTLI%2FJOeqrupJmeqqpqp7ehIvwQXZ4%2BBJPXW%2BSTaoi7gnLwoyEWQJiJnLkoPBf0GExaNMMjD6oOq9r753%2BL736rPd%2FJRQ5Oxk7UO7rbRmi60arb66roywha%2Bu3KmGtEavVNeVudy8Uh1ML9d%2FK6StGn2t%2Br6MNu1inYaUhjSsXldOxnaweMZCpQ%2B6Ya1La816LWw1MXD%2Fxz4P4FkA0T8lz0OJyVMbjx5CRWOY5Ptr0m9mNn3jvSTXLLMOfXHwkdk0tjBI5mXsAsTmYNYN6yeEfFGBNQczB7D9vakDcDUhweMQ3BzMZIL398%2BVcg1pwMXTKPpjSD2GYmNE9i6UOCZAJLCyCpPcX7GuYFvnLJuyE7Lw5G%2BoYkIW%2FrgEk3y3pNWgetvqPFPWeAziEmowhuqNkeaHyLYDqOIQUfYplPiNLD5Zhkn2Vr22UKI8c6%2FUGCoeQ8shmA%2BQT48KkMcB8jRAIk6qrNWNKW3HPG40Os0oihqNKGp1LouWaDQ7MUUeTeUNkaVDRHqIyO0gdTvYVEO4%2FGf4jRJeBPDZhAQ3d9AXJQpJUHiCghEUiqDICIp%2BuS%2B0r%2FvyvtA%2B5%2BEs12e5UY5s1ttl%2BzbrSUN201Py3HQuwdLgE2zKkyrrNONO2GnTdpO347AdhrRJG3HYbdMwEiGHVyWUr5xZ3VYTsvjXD0jVhFwyb4KzQ3h9iEhdAMtDsGLUrlOwjVGzQ7FtfpRa9pjJYiclV9LXuLY9n9qsFtkEwpZIswVkW8GuPiUvnu3rpd%2BbkNHR1V8vvp2OHl9E5EqkrsTH6heCnr43umULsnfLFp48XE0zlahtNt3l7Yxl8sI3H8itwjpx45offv1ONCWm5YM70mfLzAhlep58u6SEkO66dZEkP93w65Kv5X5jKXcmT5fX3r1%2BI0md9F5ZMwZTx6v%2FIFITsvDKC2e%2F9Nnj16HcGC4vkeRHZBZQ9hBRugOfztV7S%2BD0vIenFRR5OXJ1Pn%2FUikDLOWa8hP8P5vN6199Dz1XAsrswSYm%2BK9HXJZgewucXR1nqjq4%2B%2BnIaX4HryohrV9nj2unPJ%2BTlhZvn8%2FXqpCpbMY0lrUsed3ncZlR042aXs24o27zFQmR%2BIsWfz%2FwLAAD%2F%2FwEAAP%2F%2FVkQ2%2FIIEAAA%3D

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
nonsensethingresult.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuno2XVQR1L15kEAQVnVTPj50ZF1mM68piTLI%2FJOeqrupJmeqqpqp7ehIvwQXZ4%2BBJPXW%2BSTaoi7gnLwoyEWQJiJnLkoPBf0GExaNMMjD6oOq9r753%2BL736rPd%2FJRQ5Oxk7UO7rbRmi60arb66roywha%2Bu3KmGtEavVNeVudy8Uh1ML9d%2FK6StGn2t%2Br6MNu1inYaUhjSsXldOxnaweMZCpQ%2B6Ya1La816LWw1MXD%2Fxz4P4FkA0T8lz0OJyVMbjx5CRWOY5Ptr0m9mNn3jvSTXLLMOfXHwkdk0tjBI5mXsAsTmYNYN6yeEfFGBNQczB7D9vakDcDUhweMQ3BzMZIL398%2BVcg1pwMXTKPpjSD2GYmNE9i6UOCZAJLCyCpPcX7GuYFvnLJuyE7Lw5G%2BoYkIW%2FrgEk3y3pNWgetvqPFPWeAziEmowhuqNkeaHyLYDqOIQUfYplPiNLD5Zhkn2Vr22UKI8c6%2FUGCoeQ8shmA%2BQT48KkMcB8jRAIk6qrNWNKW3HPG40Os0oihqNKGp1LouWaDQ7MUUeTeUNkaVDRHqIyO0gdTvYVEO4%2FGf4jRJeBPDZhAQ3d9AXJQpJUHiCghEUiqDICIp%2BuS%2B0r%2FvyvtA%2B5%2BEs12e5UY5s1ttl%2BzbrSUN201Py3HQuwdLgE2zKkyrrNONO2GnTdpO347AdhrRJG3HYbdMwEiGHVyWUr5xZ3VYTsvjXD0jVhFwyb4KzQ3h9iEhdAMtDsGLUrlOwjVGzQ7FtfpRa9pjJYiclV9LXuLY9n9qsFtkEwpZIswVkW8GuPiUvnu3rpd%2BbkNHR1V8vvp2OHl9E5EqkrsTH6heCnr43umULsnfLFp48XE0zlahtNt3l7Yxl8sI3H8itwjpx45offv1ONCWm5YM70mfLzAhlep58u6SEkO66dZEkP93w65Kv5X5jKXcmT5fX3r1%2BI0md9F5ZMwZTx6v%2FIFITsvDKC2e%2F9Nnj16HcGC4vkeRHZBZQ9hBRugOfztV7S%2BD0vIenFRR5OXJ1Pn%2FUikDLOWa8hP8P5vN6199Dz1XAsrswSYm%2BK9HXJZgewucXR1nqjq4%2B%2BnIaX4HryohrV9nj2unPJ%2BTlhZvn8%2FXqpCpbMY0lrUsed3ncZlR042aXs24o27zFQmR%2BIsWfz%2FwLAAD%2F%2FwEAAP%2F%2FVkQ2%2FIIEAAA%3D
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectnonsensethingresult.com
Fingerprint1C:B5:18:38:29:B7:7D:7D:BF:01:E2:85:B1:32:FE:6B:70:6F:1E:BF
ValidityTue, 07 Nov 2023 08:01:06 GMT - Mon, 05 Feb 2024 08:01:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuno2XVQR1L15kEAQVnVTPj50ZF1mM68piTLI%2FJOeqrupJmeqqpqp7ehIvwQXZ4%2BBJPXW%2BSTaoi7gnLwoyEWQJiJnLkoPBf0GExaNMMjD6oOq9r753%2BL736rPd%2FJRQ5Oxk7UO7rbRmi60arb66roywha%2Bu3KmGtEavVNeVudy8Uh1ML9d%2FK6StGn2t%2Br6MNu1inYaUhjSsXldOxnaweMZCpQ%2B6Ya1La816LWw1MXD%2Fxz4P4FkA0T8lz0OJyVMbjx5CRWOY5Ptr0m9mNn3jvSTXLLMOfXHwkdk0tjBI5mXsAsTmYNYN6yeEfFGBNQczB7D9vakDcDUhweMQ3BzMZIL398%2BVcg1pwMXTKPpjSD2GYmNE9i6UOCZAJLCyCpPcX7GuYFvnLJuyE7Lw5G%2BoYkIW%2FrgEk3y3pNWgetvqPFPWeAziEmowhuqNkeaHyLYDqOIQUfYplPiNLD5Zhkn2Vr22UKI8c6%2FUGCoeQ8shmA%2BQT48KkMcB8jRAIk6qrNWNKW3HPG40Os0oihqNKGp1LouWaDQ7MUUeTeUNkaVDRHqIyO0gdTvYVEO4%2FGf4jRJeBPDZhAQ3d9AXJQpJUHiCghEUiqDICIp%2BuS%2B0r%2FvyvtA%2B5%2BEs12e5UY5s1ttl%2BzbrSUN201Py3HQuwdLgE2zKkyrrNONO2GnTdpO347AdhrRJG3HYbdMwEiGHVyWUr5xZ3VYTsvjXD0jVhFwyb4KzQ3h9iEhdAMtDsGLUrlOwjVGzQ7FtfpRa9pjJYiclV9LXuLY9n9qsFtkEwpZIswVkW8GuPiUvnu3rpd%2BbkNHR1V8vvp2OHl9E5EqkrsTH6heCnr43umULsnfLFp48XE0zlahtNt3l7Yxl8sI3H8itwjpx45offv1ONCWm5YM70mfLzAhlep58u6SEkO66dZEkP93w65Kv5X5jKXcmT5fX3r1%2BI0md9F5ZMwZTx6v%2FIFITsvDKC2e%2F9Nnj16HcGC4vkeRHZBZQ9hBRugOfztV7S%2BD0vIenFRR5OXJ1Pn%2FUikDLOWa8hP8P5vN6199Dz1XAsrswSYm%2BK9HXJZgewucXR1nqjq4%2B%2BnIaX4HryohrV9nj2unPJ%2BTlhZvn8%2FXqpCpbMY0lrUsed3ncZlR042aXs24o27zFQmR%2BIsWfz%2FwLAAD%2F%2FwEAAP%2F%2FVkQ2%2FIIEAAA%3D HTTP/1.1
Host: nonsensethingresult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Cookie: u_pl=21133435; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nleca84f8187074b7f17110403f19701cd1b=[2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e4dca7f5d7b747d5e52a66650a288d5c
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg

45.133.44.9

200 OK

32 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3\012- data
Size
32 kB (32471 bytes)
Hash
3528385dd0c31dbd2e5bfc4af7a6bec5
832c580ffd7711115d6c036ab4232f5bd88480a4
bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75

HTTP Headers

GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:33 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.21.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Wed, 29 Nov 2023 18:29:33 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

nonsensethingresult.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWtkxRetl8lvMz8XfszGjTSCoKCdev0x3e0gg3GMBGOS%2BZCsq17V65SpV%2FWoeq9fJ26CAzLLxpW6ejmdTFAHcVZuFKQjyBAUpzdDFgb%2FARciDC6lexpaL1Tde%2BrcxTn31scH%2BTmhyNnZ5nt2T2nNlppVWnl5SxlhC19Zv1UJaZVeqWwpc7lxpdKfXK73ekibVfpK5R0Z7dilGg0pDWlYWVFOxra%2FNGWh0nudsNqh1UatGjYb6Lv%2FYp8H8CyA6J2TZ6HE%2BH%2FbD%2B5DRSOY5Jtr0u9kNn317STXLLMOPXH8vtkxtjBI5mXsAsTmeNYN68eEfLoAa45nDmB7hxMH4GpMgkchuDmeyQTvHT1RyjWkARf%2FR9EbQeoRFBshsrehxEMCRALrGzDJ3XXrCrb7hGUTdkwWH%2F8FVYzJ4m%2BXYJKvl7XqV25anWfKGo9%2BXEL1R1DdEdL8BNleAFWcIMo%2BghK%2FkKXHazDJ4YbXFkqUU%2FdKjaDiEbQcgPkA%2BeSoAHkcIE8DJOKswpqdmNJWzON6vd2Ioqhej6Jm%2B7JoinqjHVPk0UTeAFk6QKQHiNw%2BUrePHTWAy3%2BA3y7hRQCfjUlwfR89UaKQBIUnKBhBoQiKjKDolUdC%2B5ov7wrtcx7Ocm2W6%2BXQZt0DdmSzrjTkID0nz0zmEiz3P8SOPKuwdiNuh%2B0WbTV4Kw5bYUgbtB6HnRYNIxFyeFVC%2BYWp1T01Jkt%2FfotUjckl8xo4O4HXJ4jUBbA8BCuGrRoF2x422hR75jupZZeZLHZSciV9lWvb9anNqpFNIGyJNFtEthsc6HPy%2FHRfLy5eh4xOr%2F508Y10%2BOgiIlcidSU%2BUD8SdPWd4Q1bkMMbtvDk%2FkaaqUTtsckub2Yskxe%2BfFfuFtaJ1Wt%2B8MWb0YSYlPduSZ%2BtMSOU6Xry1bISQroV6yJJvl%2F1W5Jv5n57OXcmT9c231pZTVInvVfWjMDUw42%2FEakxWXzpuekvffrnP6DcCC4vkeSnZBZQ9gRRug%2BfztV7S%2BD0vIenAYq8HLoanz9qRaDlHDNewv8L83l94O%2Bg6xbAstswSYmeK9HTJZgewOcXh1nqTq8%2B%2BGwSn4PrhSHXbuGQa6c%2FmY52TF74tQGvziqyGdNY0prkcYfHLUZFJ250OOuEssWbLETmx1L8%2FtQ%2FAAAA%2F%2F8BAAD%2F%2F3ZtyiCCBAAA

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
nonsensethingresult.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWtkxRetl8lvMz8XfszGjTSCoKCdev0x3e0gg3GMBGOS%2BZCsq17V65SpV%2FWoeq9fJ26CAzLLxpW6ejmdTFAHcVZuFKQjyBAUpzdDFgb%2FARciDC6lexpaL1Tde%2BrcxTn31scH%2BTmhyNnZ5nt2T2nNlppVWnl5SxlhC19Zv1UJaZVeqWwpc7lxpdKfXK73ekibVfpK5R0Z7dilGg0pDWlYWVFOxra%2FNGWh0nudsNqh1UatGjYb6Lv%2FYp8H8CyA6J2TZ6HE%2BH%2FbD%2B5DRSOY5Jtr0u9kNn317STXLLMOPXH8vtkxtjBI5mXsAsTmeNYN68eEfLoAa45nDmB7hxMH4GpMgkchuDmeyQTvHT1RyjWkARf%2FR9EbQeoRFBshsrehxEMCRALrGzDJ3XXrCrb7hGUTdkwWH%2F8FVYzJ4m%2BXYJKvl7XqV25anWfKGo9%2BXEL1R1DdEdL8BNleAFWcIMo%2BghK%2FkKXHazDJ4YbXFkqUU%2FdKjaDiEbQcgPkA%2BeSoAHkcIE8DJOKswpqdmNJWzON6vd2Ioqhej6Jm%2B7JoinqjHVPk0UTeAFk6QKQHiNw%2BUrePHTWAy3%2BA3y7hRQCfjUlwfR89UaKQBIUnKBhBoQiKjKDolUdC%2B5ov7wrtcx7Ocm2W6%2BXQZt0DdmSzrjTkID0nz0zmEiz3P8SOPKuwdiNuh%2B0WbTV4Kw5bYUgbtB6HnRYNIxFyeFVC%2BYWp1T01Jkt%2FfotUjckl8xo4O4HXJ4jUBbA8BCuGrRoF2x422hR75jupZZeZLHZSciV9lWvb9anNqpFNIGyJNFtEthsc6HPy%2FHRfLy5eh4xOr%2F508Y10%2BOgiIlcidSU%2BUD8SdPWd4Q1bkMMbtvDk%2FkaaqUTtsckub2Yskxe%2BfFfuFtaJ1Wt%2B8MWb0YSYlPduSZ%2BtMSOU6Xry1bISQroV6yJJvl%2F1W5Jv5n57OXcmT9c231pZTVInvVfWjMDUw42%2FEakxWXzpuekvffrnP6DcCC4vkeSnZBZQ9gRRug%2BfztV7S%2BD0vIenAYq8HLoanz9qRaDlHDNewv8L83l94O%2Bg6xbAstswSYmeK9HTJZgewOcXh1nqTq8%2B%2BGwSn4PrhSHXbuGQa6c%2FmY52TF74tQGvziqyGdNY0prkcYfHLUZFJ250OOuEssWbLETmx1L8%2FtQ%2FAAAA%2F%2F8BAAD%2F%2F3ZtyiCCBAAA
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectnonsensethingresult.com
Fingerprint1C:B5:18:38:29:B7:7D:7D:BF:01:E2:85:B1:32:FE:6B:70:6F:1E:BF
ValidityTue, 07 Nov 2023 08:01:06 GMT - Mon, 05 Feb 2024 08:01:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWtkxRetl8lvMz8XfszGjTSCoKCdev0x3e0gg3GMBGOS%2BZCsq17V65SpV%2FWoeq9fJ26CAzLLxpW6ejmdTFAHcVZuFKQjyBAUpzdDFgb%2FARciDC6lexpaL1Tde%2BrcxTn31scH%2BTmhyNnZ5nt2T2nNlppVWnl5SxlhC19Zv1UJaZVeqWwpc7lxpdKfXK73ekibVfpK5R0Z7dilGg0pDWlYWVFOxra%2FNGWh0nudsNqh1UatGjYb6Lv%2FYp8H8CyA6J2TZ6HE%2BH%2FbD%2B5DRSOY5Jtr0u9kNn317STXLLMOPXH8vtkxtjBI5mXsAsTmeNYN68eEfLoAa45nDmB7hxMH4GpMgkchuDmeyQTvHT1RyjWkARf%2FR9EbQeoRFBshsrehxEMCRALrGzDJ3XXrCrb7hGUTdkwWH%2F8FVYzJ4m%2BXYJKvl7XqV25anWfKGo9%2BXEL1R1DdEdL8BNleAFWcIMo%2BghK%2FkKXHazDJ4YbXFkqUU%2FdKjaDiEbQcgPkA%2BeSoAHkcIE8DJOKswpqdmNJWzON6vd2Ioqhej6Jm%2B7JoinqjHVPk0UTeAFk6QKQHiNw%2BUrePHTWAy3%2BA3y7hRQCfjUlwfR89UaKQBIUnKBhBoQiKjKDolUdC%2B5ov7wrtcx7Ocm2W6%2BXQZt0DdmSzrjTkID0nz0zmEiz3P8SOPKuwdiNuh%2B0WbTV4Kw5bYUgbtB6HnRYNIxFyeFVC%2BYWp1T01Jkt%2FfotUjckl8xo4O4HXJ4jUBbA8BCuGrRoF2x422hR75jupZZeZLHZSciV9lWvb9anNqpFNIGyJNFtEthsc6HPy%2FHRfLy5eh4xOr%2F508Y10%2BOgiIlcidSU%2BUD8SdPWd4Q1bkMMbtvDk%2FkaaqUTtsckub2Yskxe%2BfFfuFtaJ1Wt%2B8MWb0YSYlPduSZ%2BtMSOU6Xry1bISQroV6yJJvl%2F1W5Jv5n57OXcmT9c231pZTVInvVfWjMDUw42%2FEakxWXzpuekvffrnP6DcCC4vkeSnZBZQ9gRRug%2BfztV7S%2BD0vIenAYq8HLoanz9qRaDlHDNewv8L83l94O%2Bg6xbAstswSYmeK9HTJZgewOcXh1nqTq8%2B%2BGwSn4PrhSHXbuGQa6c%2FmY52TF74tQGvziqyGdNY0prkcYfHLUZFJ250OOuEssWbLETmx1L8%2FtQ%2FAAAA%2F%2F8BAAD%2F%2F3ZtyiCCBAAA HTTP/1.1
Host: nonsensethingresult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Cookie: u_pl=21133435; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nleca84f8187074b7f17110403f19701cd1b=[2229329,2019380]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 56a4f1144284e73927eb508552beb9af
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css

172.64.108.10

200 OK

4.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (4404), with no line terminators
Size
4.2 kB (4168 bytes)
Hash
68b1992666e9738c9fe476446c9554c6
7ed918e75115fd3be8bd1df1f6106d3f53129c78
c3ca1c3bc15dfab20c6c3733049214afc18b2deaba8d9685c57cc3f238b687d8

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:59:09 GMT
etag: W/"6213707d-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ub9x8QRKyvBA4FzuGLkMellFj%2FxVE3cpPLHr5yVTqibEGMXeeWfUuFXzH5yJA6q19PrPYkXR8DQ8Ta63IUpun8pwhJiBchPO4ihegflxYqXiJXN629Xmq7uQJE5RBsubj2%2B8ofZ%2Fu%2FSD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82cc6fefaae628af-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXnihryRiWrsf-Nkbfwv52jYITXtnnA_j7psGfnNwQSxCuzRhe3ZYkyM531PHJHHAxQAVL3DpZA6Ct1dlY_3nFZdnv3uMhcy7tu0FoBD5mL8z1uyhkhX5p1FxgYNg49FNZv0mVHVbGc-CET5b3SbUrGl0PBJCHj-Z-1_Y54ZGcHu5s2BQa2sDdkyMIT9to/w108-h72-p-k-no-nu/4e58a06e488b79af2287551f58f7812e.png

142.250.74.97

200 OK

12 kB

URL GET HTTP/2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXnihryRiWrsf-Nkbfwv52jYITXtnnA_j7psGfnNwQSxCuzRhe3ZYkyM531PHJHHAxQAVL3DpZA6Ct1dlY_3nFZdnv3uMhcy7tu0FoBD5mL8z1uyhkhX5p1FxgYNg49FNZv0mVHVbGc-CET5b3SbUrGl0PBJCHj-Z-1_Y54ZGcHu5s2BQa2sDdkyMIT9to/w108-h72-p-k-no-nu/4e58a06e488b79af2287551f58f7812e.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 108 x 72, 8-bit/color RGB, non-interlaced\012- data
Size
12 kB (12515 bytes)
Hash
2bdc6a6f6ee41a39a274e9ac6dfc49b7
ab577d12be0d420c1b246cbe1f67231b167ca1e7
a9555a24bbed518f915404c714a1c36f86331263fdeeead6dce67f3c044726a8

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhXnihryRiWrsf-Nkbfwv52jYITXtnnA_j7psGfnNwQSxCuzRhe3ZYkyM531PHJHHAxQAVL3DpZA6Ct1dlY_3nFZdnv3uMhcy7tu0FoBD5mL8z1uyhkhX5p1FxgYNg49FNZv0mVHVbGc-CET5b3SbUrGl0PBJCHj-Z-1_Y54ZGcHu5s2BQa2sDdkyMIT9to/w108-h72-p-k-no-nu/4e58a06e488b79af2287551f58f7812e.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v40c"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="4e58a06e488b79af2287551f58f7812e.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 12515
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

casualhappily.com/pixel/sbs?c=1

173.233.139.164

200 OK

0 B

URL GET HTTP/1.1
casualhappily.com/pixel/sbs?c=1
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcasualhappily.com
Fingerprint87:4D:D0:16:33:F9:00:E4:B7:12:7A:AC:6A:E4:FA:95:09:8D:08:3B
ValiditySat, 25 Nov 2023 08:12:57 GMT - Fri, 23 Feb 2024 08:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: casualhappily.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Cookie: u_pl=21094713; uid_id2=fbd4a0a8-39d6-4683-b2ae-939f8a44ab67:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 27 Nov 2023 18:29:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

142.250.74.97

200 OK

295 kB

URL GET HTTP/3
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqmGPAljZkcgFQbfwreZ0ggpkQ-WRA3UWdHVSKIKZAa7hPeNbrroWY26Kexg6nzy-Br0XZ3CJEY2zItGlcbqQSQ_491cLWVrXZF1_QIpRuBJuxQ-8oAb5bguAMl-mQJXTDFA8WS9FAoZzi-kuJlb4CCLMKBIWdQ4JzXhu8uYO3-kg7TUsfxyVk4MMYPuKT/s1600/5219ff469db4690bcc6c104a14490c2c.png
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE
ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT

File type
PNG image data, 1172 x 594, 8-bit/color RGB, non-interlaced\012- data
Size
295 kB (295384 bytes)
Hash
16b4f2062280977ee90bcee8952395b2
30cc1d0f84dcdc9d2335a335f9b752a4892cf206
48cf1b9d95d00923569e437fd0fd6f3d071eda1f535447ebe5babb03854ea501

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhqmGPAljZkcgFQbfwreZ0ggpkQ-WRA3UWdHVSKIKZAa7hPeNbrroWY26Kexg6nzy-Br0XZ3CJEY2zItGlcbqQSQ_491cLWVrXZF1_QIpRuBJuxQ-8oAb5bguAMl-mQJXTDFA8WS9FAoZzi-kuJlb4CCLMKBIWdQ4JzXhu8uYO3-kg7TUsfxyVk4MMYPuKT/s1600/5219ff469db4690bcc6c104a14490c2c.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v43d"
expires: Tue, 28 Nov 2023 18:29:32 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="5219ff469db4690bcc6c104a14490c2c.png"
x-content-type-options: nosniff
date: Mon, 27 Nov 2023 18:29:32 GMT
server: fife
content-length: 295384
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html

45.133.44.3

200 OK

1.5 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://elegantfreebies.blogspot.com/?m=1
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (1639), with no line terminators
Size
1.5 kB (1538 bytes)
Hash
97b357c624104a8e915d01424dfe16ce
6bd7fcedfb7986b149601b1bc840f525b67a8f06
8d010e7163298acf3671bb429a2e0b1d69033a5adc314fa4bddebf74b9775e6e

HTTP Headers

GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://elegantfreebies.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://elegantfreebies.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Nov 2023 18:29:32 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 27 Nov 2023 19:29:32 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (29)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations