clementebutcheall.blogspot.com/2021/11/what-is-cause-of-red-color-of-waters.html
142.250.74.161301 Moved Permanently 217 B URL HTTP/1.1 clementebutcheall.blogspot.com/2021/11/what-is-cause-of-red-color-of-waters.html
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash abef110180c669d6c14416896716cd88
ee4937ee8d49a73c2b55d4e8cdb52eba15302a73
5f9845d9413e2872e16d37ed51e253aadf8b0d0fff0c92aed87268c2c4a193ae
GET /2021/11/what-is-cause-of-red-color-of-waters.html HTTP/1.1
Host: clementebutcheall.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://clementebutcheall.blogspot.com/2021/11/what-is-cause-of-red-color-of-waters.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Thu, 24 Nov 2022 18:09:24 GMT
Expires: Thu, 24 Nov 2022 18:09:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 217
Server: GSE
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10506
Expires: Thu, 24 Nov 2022 21:04:30 GMT
Date: Thu, 24 Nov 2022 18:09:24 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5510
Cache-Control: max-age=150817
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:24 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 12:03:01 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 17:17:19 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3125
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6691
Expires: Thu, 24 Nov 2022 20:00:55 GMT
Date: Thu, 24 Nov 2022 18:09:24 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: u3DVHz953IPQa5z4MXFiNX5rwJUrhTIiuepb4lf4NFVjZGsEUznFkssHLu8LEJ3GF7Xa9tnDEqs8dp1flVWT+w==
x-amz-request-id: 2M5444XEWPHCD7W5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 17:40:29 GMT
age: 1735
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6670d72d487e9659c04c74563b60a962
47d621aed97253a6023c4f22a34260a831c406c1
f1bafc7a8db870f25ddb3b368e7b86196d1fffabfcae65a4c04c224a667890cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 24 Nov 2022 18:09:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 18:08:53 GMT
cache-control: public,max-age=3600
age: 31
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6670d72d487e9659c04c74563b60a962
47d621aed97253a6023c4f22a34260a831c406c1
f1bafc7a8db870f25ddb3b368e7b86196d1fffabfcae65a4c04c224a667890cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2682
Cache-Control: max-age=142926
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 09:51:31 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 186f5295f578dc81663537fd23a898a8
212cd5caaa9d44817996854d067e7a4eae843a56
01a37259454aef3bf6436eeac239313c9bb17f58337ad0070c7784f154069e8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
clementebutcheall.blogspot.com/2021/11/what-is-cause-of-red-color-of-waters.html
142.250.74.161200 OK 67 kB URL HTTP/2 clementebutcheall.blogspot.com/2021/11/what-is-cause-of-red-color-of-waters.html
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (7031)
Hash 330727f32ddd85a9f19bb2d5c87c3898
5d17de7bef63e2f9bad1d632161019e577eec5ac
20b99f1fefb48d92f4b5a91f5846b92729bd8fdc8c8fb8e69dfb93f70cfbc73d
GET /2021/11/what-is-cause-of-red-color-of-waters.html HTTP/1.1
Host: clementebutcheall.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Thu, 24 Nov 2022 18:09:25 GMT
date: Thu, 24 Nov 2022 18:09:25 GMT
cache-control: private, max-age=0
last-modified: Thu, 24 Nov 2022 00:33:58 GMT
etag: W/"9d26b189e31fa8b47a91c3bc24c64a0045364adbbef1f4d356e574b102a72f20"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 67065
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/js/platform.js
142.250.74.174200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1279)
Hash 7ac44ef24e267df17ff72f195b252806
62db12d9ce11a576ccd7fa3544d851c5fd42f3b7
aae7897e7b55999c1b3166309381d19ac488dced51e14071339d8b193a686a61
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Thu, 24 Nov 2022 18:09:25 GMT
expires: Thu, 24 Nov 2022 18:09:25 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs
142.250.74.174200 OK 58 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (580)
Hash 813b15c3004464f6bd39fd0773b04757
bd2218fe1e647f61132aad70d29cd91fd0416f26
446c6d83404c0fc4bc1ca6e1c0895f9400309185a534b3f4b6d500e668efeadf
GET /_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57794
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 09:56:18 GMT
expires: Thu, 23 Nov 2023 09:56:18 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
content-type: text/javascript; charset=UTF-8
age: 115987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6fe23ae41ec0cbb3d702b1c64028cd13
e0e4d852454a5eae80a797aaa6f0991834dcc19a
47a12f27ec1ec271d17295d822c69d1b49c6a24107f3f7ce06a320688fae7f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 85c366a970be2cf52f279f054d4c13ea
203d25dc5965e9c45b25948ae4473d09a3e2fdaf
1373f167d86539ac40cfed4722408ded3edd87701107caa70da536dec8278249
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 85c366a970be2cf52f279f054d4c13ea
203d25dc5965e9c45b25948ae4473d09a3e2fdaf
1373f167d86539ac40cfed4722408ded3edd87701107caa70da536dec8278249
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ffb13937b10a670543c4626095f373c4
2a204f9426c84ebafbc697432423cfbb3edd4ae0
93dac33a613e64a083c9d09901920793f7f87041fc35b3d8e7a674f734915815
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=126923
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Etag: "637f0020-117"
Expires: Sat, 26 Nov 2022 05:24:48 GMT
Last-Modified: Thu, 24 Nov 2022 05:24:48 GMT
Server: nginx
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 85c366a970be2cf52f279f054d4c13ea
203d25dc5965e9c45b25948ae4473d09a3e2fdaf
1373f167d86539ac40cfed4722408ded3edd87701107caa70da536dec8278249
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/2342155703-widgets.js
142.250.74.105200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2342155703-widgets.js
IP 142.250.74.105:0
File type ASCII text, with very long lines (2221)
Hash 1217c8e34acb09c7cea97bae4d386ea1
55ee17703d0a7710943e93913bacb49220d98b4b
c2f23437ab938096bf8b40de8b08c4f27bb880b7ef8588481ec5ccc08b58870b
GET /static/v1/widgets/2342155703-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 16:02:03 GMT
expires: Tue, 21 Nov 2023 16:02:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 00:52:59 GMT
content-type: text/javascript
age: 266842
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
142.250.74.105200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
IP 142.250.74.105:0
File type ASCII text, with very long lines (1441)
Hash f60e5037324bf7fd2256c16929886f09
aae4b1aea3737e0268e3578dd1d0e7cfe6c6d66b
71846da8d45274b77549b110389ab3dbcb8ce042051b5c39547909c1c343dfde
GET /static/v1/jsbin/3469866930-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6573
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 18:59:43 GMT
expires: Wed, 22 Nov 2023 18:59:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 19:52:12 GMT
content-type: text/javascript
age: 169782
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.35.190.173101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.190.173:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TsR7uWaJ70vlv9GpKvbd7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: s1Kbil2ge9VvFg29ZCN+Sj7A6yw=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3704c4dca7a2dbf1943d4b83315ac0f8
1a911993372e2b1c35472c46ab8bda5a50385b8b
6f0e503211a52263bc4822b22b7b7d7e022d8cc2068f372d14ad42ee33d10b4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F0E503211A52263BC4822B22B7B7D7E022D8CC2068F372D14AD42EE33D10B4E"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20149
Expires: Thu, 24 Nov 2022 23:45:14 GMT
Date: Thu, 24 Nov 2022 18:09:25 GMT
Connection: keep-alive
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
216.58.207.194200 OK 67 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 216.58.207.194:0
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 67
x-xss-protection: 0
date: Thu, 24 Nov 2022 10:13:37 GMT
expires: Thu, 08 Dec 2022 10:13:37 GMT
cache-control: public, max-age=1209600
age: 28548
etag: 13036835877489095579
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/dyn-css/authorization.css?targetBlogID=4216445858628812882&zx=addec227-5726-476a-a4b3-5f60168d5686
142.250.74.105200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=4216445858628812882&zx=addec227-5726-476a-a4b3-5f60168d5686
IP 142.250.74.105:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=4216445858628812882&zx=addec227-5726-476a-a4b3-5f60168d5686 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 18:09:25 GMT
last-modified: Thu, 24 Nov 2022 18:09:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
upload.wikimedia.org/wikipedia/commons/thumb/9/96/Lake_Retba_%28Lac_Rose%29%2C_worker_is_digging_the_salt_in_the_lake.jpg/220px-Lake_Retba_%28Lac_Rose%29%2C_worker_is_digging_the_salt_in_the_lake.jpg
91.198.174.208200 OK 9.5 kB URL HTTP/2 upload.wikimedia.org/wikipedia/commons/thumb/9/96/Lake_Retba_%28Lac_Rose%29%2C_worker_is_digging_the_salt_in_the_lake.jpg/220px-Lake_Retba_%28Lac_Rose%29%2C_worker_is_digging_the_salt_in_the_lake.jpg
IP 91.198.174.208:0
File type JPEG image data, baseline, precision 8, 220x124, components 3\012- data
Hash 13bba7d46f4e1324fa29fa3ddd2eac06
b765801bd859d3af09d283563d05a3926fc07e63
d6a048002c259e3b67f7a8bf9f92fd26c8fa822718a132750dc06f7c78633d1f
GET /wikipedia/commons/thumb/9/96/Lake_Retba_%28Lac_Rose%29%2C_worker_is_digging_the_salt_in_the_lake.jpg/220px-Lake_Retba_%28Lac_Rose%29%2C_worker_is_digging_the_salt_in_the_lake.jpg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 20:01:25 GMT
content-type: image/jpeg
content-length: 9528
etag: 13bba7d46f4e1324fa29fa3ddd2eac06
last-modified: Thu, 09 Nov 2017 13:07:29 GMT
server: ATS/9.1.3
age: 79680
x-cache: cp3059 hit, cp3061 miss
x-cache-status: hit-local
server-timing: cache;desc="hit-local", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 85c366a970be2cf52f279f054d4c13ea
203d25dc5965e9c45b25948ae4473d09a3e2fdaf
1373f167d86539ac40cfed4722408ded3edd87701107caa70da536dec8278249
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f86429279e19a89ba7fae87ba2406b4e
abfa5369a7feb4dfebf13f5eb902c3e860976238
76d03c181e150e7e3a61bfa8489231999fb562f6cb0b382c456b9a37da1106a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
upload.wikimedia.org/wikipedia/commons/thumb/2/2e/Senegal_location_map_Topographic.png/256px-Senegal_location_map_Topographic.png
91.198.174.208200 OK 80 kB URL HTTP/2 upload.wikimedia.org/wikipedia/commons/thumb/2/2e/Senegal_location_map_Topographic.png/256px-Senegal_location_map_Topographic.png
IP 91.198.174.208:0
File type PNG image data, 256 x 193, 8-bit/color RGB, non-interlaced\012- data
Hash 6ae646ba04afeb12575b4d64cc99e2a6
70610156f15198213e536946d1e0fae4a8992d01
348c419547320ede932668c1e113f4305038e3f93ee2babe1fc283a3db80b6b7
GET /wikipedia/commons/thumb/2/2e/Senegal_location_map_Topographic.png/256px-Senegal_location_map_Topographic.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:05:13 GMT
content-type: image/png
content-length: 80547
accept-ranges: bytes
last-modified: Tue, 06 Aug 2019 17:29:08 GMT
etag: 6ae646ba04afeb12575b4d64cc99e2a6
server: ATS/9.1.3
age: 72252
x-cache: cp3051 hit, cp3061 miss
x-cache-status: hit-local
server-timing: cache;desc="hit-local", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
upload.wikimedia.org/wikipedia/commons/thumb/e/e1/Lac_Rose_in_Senegal.jpg/220px-Lac_Rose_in_Senegal.jpg
91.198.174.208200 OK 7.2 kB URL HTTP/2 upload.wikimedia.org/wikipedia/commons/thumb/e/e1/Lac_Rose_in_Senegal.jpg/220px-Lac_Rose_in_Senegal.jpg
IP 91.198.174.208:0
File type JPEG image data, baseline, precision 8, 220x165, components 3\012- data
Hash d9cabbf9751c41744cc4d7715b7232b1
0a81a26de2c56731cef5bd75716518d28b9b477d
919a86b5226fdce61ba409f57034fc6d0e6d067e0e3489aac67fee805013c7f0
GET /wikipedia/commons/thumb/e/e1/Lac_Rose_in_Senegal.jpg/220px-Lac_Rose_in_Senegal.jpg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 16:13:05 GMT
content-type: image/jpeg
content-length: 7237
etag: d9cabbf9751c41744cc4d7715b7232b1
last-modified: Tue, 17 Oct 2017 21:18:09 GMT
server: ATS/9.1.3
age: 6980
x-cache: cp3063 hit, cp3061 miss
x-cache-status: hit-local
server-timing: cache;desc="hit-local", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
upload.wikimedia.org/wikipedia/commons/thumb/8/83/LacRoseSatellite.jpg/220px-LacRoseSatellite.jpg
91.198.174.208200 OK 10 kB URL HTTP/2 upload.wikimedia.org/wikipedia/commons/thumb/8/83/LacRoseSatellite.jpg/220px-LacRoseSatellite.jpg
IP 91.198.174.208:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 220x158, components 3\012- data
Hash e9b6e26ffc7c4d297ea014fdb375dbe9
a7eac0cb40092160abe52f738b3a63b0d154c8f0
e944e5e7ce7dbd649aeab9ccd2175c25c5f40bddb8cbb103322edae2a4bebb12
GET /wikipedia/commons/thumb/8/83/LacRoseSatellite.jpg/220px-LacRoseSatellite.jpg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 13:25:53 GMT
content-type: image/jpeg
content-length: 10013
etag: e9b6e26ffc7c4d297ea014fdb375dbe9
last-modified: Thu, 31 Oct 2013 03:48:49 GMT
server: ATS/9.1.3
age: 17012
x-cache: cp3063 hit, cp3061 miss
x-cache-status: hit-local
server-timing: cache;desc="hit-local", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Red_pog.svg/6px-Red_pog.svg.png
91.198.174.208200 OK 138 B URL HTTP/2 upload.wikimedia.org/wikipedia/commons/thumb/0/0c/Red_pog.svg/6px-Red_pog.svg.png
IP 91.198.174.208:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 81e1e1d2b6040c8b5757aae8005f7d55
c2a302365b22e79bf89aa73a2c7f7037aef2860c
36d4b315f9f38b500b8aa398fc03014f1939ae813d424343a82bbfe67705b660
GET /wikipedia/commons/thumb/0/0c/Red_pog.svg/6px-Red_pog.svg.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 19:33:00 GMT
etag: 81e1e1d2b6040c8b5757aae8005f7d55
server: ATS/9.1.3
content-type: image/webp
content-length: 138
last-modified: Fri, 21 Jun 2019 08:11:12 GMT
age: 81385
x-cache: cp3053 hit, cp3061 hit/26221
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3704c4dca7a2dbf1943d4b83315ac0f8
1a911993372e2b1c35472c46ab8bda5a50385b8b
6f0e503211a52263bc4822b22b7b7d7e022d8cc2068f372d14ad42ee33d10b4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F0E503211A52263BC4822B22B7B7D7E022D8CC2068F372D14AD42EE33D10B4E"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3824
Expires: Thu, 24 Nov 2022 19:13:09 GMT
Date: Thu, 24 Nov 2022 18:09:25 GMT
Connection: keep-alive
fonts.gstatic.com/s/poppins/v6/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
216.58.207.195200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v6/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7924, version 1.0\012- data
Hash e535f7856b24153e0f3146e8f90a45c5
e5da5f96d38b08cc6ed2973735b5a9b9af066458
56a522e79770e488da6015ed10f8c2bdafbcd87a7c6d443f7a293579bd0ef58d
GET /s/poppins/v6/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clementebutcheall.blogspot.com
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 00:46:05 GMT
expires: Tue, 21 Nov 2023 00:46:05 GMT
cache-control: public, max-age=31536000
age: 321800
last-modified: Tue, 19 Feb 2019 22:26:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ee7dfd7708b6cba74ec79aa7266a4e9e
d36a19314341fcb8effad1ba4a3e5d5e444b5294
62f49a3cbefcd2d52fddf4c35d7d978f2cc3482683fe201667d5f34df67ba13b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ee7dfd7708b6cba74ec79aa7266a4e9e
d36a19314341fcb8effad1ba4a3e5d5e444b5294
62f49a3cbefcd2d52fddf4c35d7d978f2cc3482683fe201667d5f34df67ba13b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ee7dfd7708b6cba74ec79aa7266a4e9e
d36a19314341fcb8effad1ba4a3e5d5e444b5294
62f49a3cbefcd2d52fddf4c35d7d978f2cc3482683fe201667d5f34df67ba13b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
upload.wikimedia.org/wikipedia/commons/thumb/3/3f/RetbaLakeShore.jpg/264px-RetbaLakeShore.jpg
91.198.174.208200 OK 12 kB URL HTTP/2 upload.wikimedia.org/wikipedia/commons/thumb/3/3f/RetbaLakeShore.jpg/264px-RetbaLakeShore.jpg
IP 91.198.174.208:0
File type JPEG image data, baseline, precision 8, 264x176, components 3\012- data
Hash 09dbfdb544b2061af00c8f7b425984bc
9f30bcdb54752e91c07b3a127bdd959804ebbfd4
60c709ace52d15393c242133b7cb7cb4430466f15c126d4113e031c407d48443
GET /wikipedia/commons/thumb/3/3f/RetbaLakeShore.jpg/264px-RetbaLakeShore.jpg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:25 GMT
content-type: image/jpeg
content-length: 12516
content-disposition: inline;filename*=UTF-8''RetbaLakeShore.jpg
etag: 09dbfdb544b2061af00c8f7b425984bc
last-modified: Mon, 12 Apr 2021 23:05:28 GMT
server: ATS/9.1.3
age: 0
x-cache: cp3061 miss, cp3061 miss
x-cache-status: miss
server-timing: cache;desc="miss", host;desc="cp3061"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
accept-ch: Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
permissions-policy: interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
x-client-ip: 91.90.42.154
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ibikini.cyou/native
167.235.250.180307 Temporary Redirect 0 B IP 167.235.250.180:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /native HTTP/1.1
Host: ibikini.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
x-robots-tag: noindex, nofollow
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Pro 3.2.5 http://prettylink.com
x-redirect-by: WordPress
set-cookie: prli_click_2=native; expires=Sat, 24-Dec-2022 18:09:25 GMT; Max-Age=2592000; path=/
prli_visitor=637fb355b6482; expires=Fri, 24-Nov-2023 18:09:25 GMT; Max-Age=31536000; path=/
location: https://annesuspense.com/46b21327aabb2b9c66a4011e6188e2ec/invoke.js
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 24 Nov 2022 18:09:25 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ibikini.cyou/social
167.235.250.180307 Temporary Redirect 0 B IP 167.235.250.180:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /social HTTP/1.1
Host: ibikini.cyou
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
x-robots-tag: noindex, nofollow
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Pro 3.2.5 http://prettylink.com
x-redirect-by: WordPress
set-cookie: prli_click_1=social; expires=Sat, 24-Dec-2022 18:09:25 GMT; Max-Age=2592000; path=/
prli_visitor=637fb355ccb35; expires=Fri, 24-Nov-2023 18:09:25 GMT; Max-Age=31536000; path=/
location: https://annesuspense.com/cc/58/5f/cc585f6c9356b37d414b25b86a1b7ad2.js
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 24 Nov 2022 18:09:25 GMT
server: Apache
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha0osHaaxj4MEwMA1sREef5QCE66NHbVVckRIdw_5ZXehtJfiH-KGp40TScYRFAx1R6B-D98p2FMvb5clrqNHvGFyamAvavLo7YY5jNUFVWMHy2G8cljiXrg3-XKRb6wXV_Gqz9Sh6VtTf-p1isuVvZSA86SbSU_fOXNneZJU7HUkJhQirge9u8=w72-h72-p-k-no-nu
142.250.74.33200 OK 2.0 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha0osHaaxj4MEwMA1sREef5QCE66NHbVVckRIdw_5ZXehtJfiH-KGp40TScYRFAx1R6B-D98p2FMvb5clrqNHvGFyamAvavLo7YY5jNUFVWMHy2G8cljiXrg3-XKRb6wXV_Gqz9Sh6VtTf-p1isuVvZSA86SbSU_fOXNneZJU7HUkJhQirge9u8=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Hash dcc7826e694dbc0cc82448a3e9e04708
9e3c534facf23d6607ba3256e42aca35957bc5cd
1b78553ff3e316ffa24101de118e327a84d93e09fdf2e2edfe81f4f729e3d971
GET /blogger_img_proxy/ANbyha0osHaaxj4MEwMA1sREef5QCE66NHbVVckRIdw_5ZXehtJfiH-KGp40TScYRFAx1R6B-D98p2FMvb5clrqNHvGFyamAvavLo7YY5jNUFVWMHy2G8cljiXrg3-XKRb6wXV_Gqz9Sh6VtTf-p1isuVvZSA86SbSU_fOXNneZJU7HUkJhQirge9u8=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Fri, 25 Nov 2022 18:09:25 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Thu, 24 Nov 2022 18:09:25 GMT
server: fife
content-length: 1990
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ffb13937b10a670543c4626095f373c4
2a204f9426c84ebafbc697432423cfbb3edd4ae0
93dac33a613e64a083c9d09901920793f7f87041fc35b3d8e7a674f734915815
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=126923
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Etag: "637f0020-117"
Expires: Sat, 26 Nov 2022 05:24:48 GMT
Last-Modified: Thu, 24 Nov 2022 05:24:48 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ee7dfd7708b6cba74ec79aa7266a4e9e
d36a19314341fcb8effad1ba4a3e5d5e444b5294
62f49a3cbefcd2d52fddf4c35d7d978f2cc3482683fe201667d5f34df67ba13b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lh3.googleusercontent.com/blogger_img_proxy/ANbyha2_l_ZL9Aw236Vqcdag3JC8opDHS6wmUWV3kRQ93GOjl5-vkvHJPN8jOsTr3AYMCQ8p7w673iiXUt8_bFxDormaNfOdOyF4OlO5a98fFsP9GdH2H2SpEFfrwWWDf518DuAToLyf9aPQhNd2X9vdzF18oRamdWaS8pcwxE7z0-ayml-7dFGBFeOjfNozB3QVY1rI6kHgUmtJ-tr1TkjVhaZTRiAFNQPSuMn0MUo2iBgUpfdlQz_uS1_vo03AjZc8NbCaWspTmoy10qiSFS2CtxNVwbYoK3ZxekEIz2gsK-Q=w72-h72-p-k-no-nu
142.250.74.33200 OK 5.7 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha2_l_ZL9Aw236Vqcdag3JC8opDHS6wmUWV3kRQ93GOjl5-vkvHJPN8jOsTr3AYMCQ8p7w673iiXUt8_bFxDormaNfOdOyF4OlO5a98fFsP9GdH2H2SpEFfrwWWDf518DuAToLyf9aPQhNd2X9vdzF18oRamdWaS8pcwxE7z0-ayml-7dFGBFeOjfNozB3QVY1rI6kHgUmtJ-tr1TkjVhaZTRiAFNQPSuMn0MUo2iBgUpfdlQz_uS1_vo03AjZc8NbCaWspTmoy10qiSFS2CtxNVwbYoK3ZxekEIz2gsK-Q=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Hash c8bc4a54ea8235b52debc43226bf042c
150d031468802f1dd032dea0d3d3f5d8e562daf0
d5bc5aa48975b9f6f98b6668dc3d5337e26575a890ca14641f0c12016ed34a44
GET /blogger_img_proxy/ANbyha2_l_ZL9Aw236Vqcdag3JC8opDHS6wmUWV3kRQ93GOjl5-vkvHJPN8jOsTr3AYMCQ8p7w673iiXUt8_bFxDormaNfOdOyF4OlO5a98fFsP9GdH2H2SpEFfrwWWDf518DuAToLyf9aPQhNd2X9vdzF18oRamdWaS8pcwxE7z0-ayml-7dFGBFeOjfNozB3QVY1rI6kHgUmtJ-tr1TkjVhaZTRiAFNQPSuMn0MUo2iBgUpfdlQz_uS1_vo03AjZc8NbCaWspTmoy10qiSFS2CtxNVwbYoK3ZxekEIz2gsK-Q=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Fri, 25 Nov 2022 18:09:25 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Thu, 24 Nov 2022 18:09:25 GMT
server: fife
content-length: 5710
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f7801fe8b983652ae788bc952856c2ed
f3898da21792b146a9f856e87ed3520d76277fb8
faa1bc8a9887e2dc694ff645546ea16cb96ac4bd1b0c460aef95f2cced100d6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
142.250.74.164200 OK 665 B URL HTTP/2 www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
IP 142.250.74.164:0
File type ASCII text, with very long lines (1034), with no line terminators
Hash 34e37af4d526255a20a2056cd5f4addf
bcac186d6a49539e69a3f67aa08d0188966f5623
51a2c479b272414cb9d7e1ec62edffbad01217068b73d516d33cb8f26a4fc634
GET /recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 24 Nov 2022 18:09:26 GMT
date: Thu, 24 Nov 2022 18:09:26 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 665
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.163200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 09:43:42 GMT
expires: Fri, 24 Nov 2023 09:43:42 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 30344
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6fe23ae41ec0cbb3d702b1c64028cd13
e0e4d852454a5eae80a797aaa6f0991834dcc19a
47a12f27ec1ec271d17295d822c69d1b49c6a24107f3f7ce06a320688fae7f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6fe23ae41ec0cbb3d702b1c64028cd13
e0e4d852454a5eae80a797aaa6f0991834dcc19a
47a12f27ec1ec271d17295d822c69d1b49c6a24107f3f7ce06a320688fae7f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/navbar.g?targetBlogID=4216445858628812882&blogName=Clemente+Butcheall&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://clementebutcheall.blogspot.com/search&blogLocale=en&v=2&homepageUrl=https://clementebutcheall.blogspot.com/&targetPostID=808909024606914144&blogPostOrPageUrl=https://clementebutcheall.blogspot.com/2021/11/what-is-cause-of-red-color-of-waters.html&vt=-7847734907766474223&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
142.250.74.105200 OK 2.7 kB URL HTTP/2 www.blogger.com/navbar.g?targetBlogID=4216445858628812882&blogName=Clemente+Butcheall&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://clementebutcheall.blogspot.com/search&blogLocale=en&v=2&homepageUrl=https://clementebutcheall.blogspot.com/&targetPostID=808909024606914144&blogPostOrPageUrl=https://clementebutcheall.blogspot.com/2021/11/what-is-cause-of-red-color-of-waters.html&vt=-7847734907766474223&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
IP 142.250.74.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3154)
Hash 0c050ac241cd93547d6363ba41f21229
1a7f2818f7c119b15a50a17034e6ade844be626c
fd48f82b1ea131d3999b3fa42748bc5231dedda63354afbe0e3ef0465b5f9424
GET /navbar.g?targetBlogID=4216445858628812882&blogName=Clemente+Butcheall&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://clementebutcheall.blogspot.com/search&blogLocale=en&v=2&homepageUrl=https://clementebutcheall.blogspot.com/&targetPostID=808909024606914144&blogPostOrPageUrl=https://clementebutcheall.blogspot.com/2021/11/what-is-cause-of-red-color-of-waters.html&vt=-7847734907766474223&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__ HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 18:09:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 2664
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
play.google.com/log?format=json&hasfast=true&authuser=0
142.250.74.110200 OK 0 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 142.250.74.110:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Thu, 24 Nov 2022 18:09:26 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+367; expires=Sat, 23-Nov-2024 18:09:26 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 24 Nov 2022 18:09:26 GMT
cache-control: private
X-Firefox-Spdy: h2
play.google.com/log?format=json&hasfast=true&authuser=0
142.250.74.110200 OK 131 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 142.250.74.110:0
File type JSON data\012- , ASCII text, with no line terminators
Hash babb6f090aeebc6f421624475b4aefff
06079b7547949822c118224e51604f4c5ebf80c8
b2fe8b91f31edc7284cc9690e90dd4a38d985598374df68967d917590beb55dd
POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
X-Goog-AuthUser: 0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 2975
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 24 Nov 2022 18:09:26 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+430; expires=Sat, 23-Nov-2024 18:09:26 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 24 Nov 2022 18:09:26 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c0896430edb4f332118f75c49ad10e2e
4c9f4d598e3742990197da4073aef6b35a97652c
0341823d0189e82399fbf482828ca90afb6607fa6db7846cf0d24c7335cabaf1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0341823D0189E82399FBF482828CA90AFB6607FA6DB7846CF0D24C7335CABAF1"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5940
Expires: Thu, 24 Nov 2022 19:48:26 GMT
Date: Thu, 24 Nov 2022 18:09:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash daee33250c6a9b918b832b4460ec14d9
ef49419794701cf358f499071b70cb1c71259172
68765c955e3bb33eb59c81bbb9c6e167bfcc20ffe9e6f13e9fd80c5f720dd2b7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68765C955E3BB33EB59C81BBB9C6E167BFCC20FFE9E6F13E9FD80C5F720DD2B7"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15572
Expires: Thu, 24 Nov 2022 22:28:58 GMT
Date: Thu, 24 Nov 2022 18:09:26 GMT
Connection: keep-alive
annesuspense.com/cc/58/5f/cc585f6c9356b37d414b25b86a1b7ad2.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 annesuspense.com/cc/58/5f/cc585f6c9356b37d414b25b86a1b7ad2.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37131), with no line terminators
Hash 8365def9f9b512051971816e19fb0696
1edb121851f2e1b233dacd53a6d52894aa695075
ea464b0d47e6e926004639db42ef5b3f50feddf7f4622bec7fe34cab9b565469
Analyzer Verdict Alert quad9 Sinkholed
GET /cc/58/5f/cc585f6c9356b37d414b25b86a1b7ad2.js HTTP/1.1
Host: annesuspense.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clementebutcheall.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 18:09:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 76c2b44dd34bb44cc58b3f2bb5beaf22
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
annesuspense.com/46b21327aabb2b9c66a4011e6188e2ec/invoke.js
173.233.137.60200 OK 9.3 kB URL HTTP/1.1 annesuspense.com/46b21327aabb2b9c66a4011e6188e2ec/invoke.js
IP 173.233.137.60:0
File type Unicode text, UTF-8 text, with very long lines (25110), with no line terminators
Hash 6541519ba6cbd34bf3181ef074f5fc0c
0125133444945288d8c54512b1ac6980b4dae6cd
2dee6691385e0375aec8ed842ba5d60a149c36bce2d76b55fb2153fce0136d15
Analyzer Verdict Alert quad9 Sinkholed
GET /46b21327aabb2b9c66a4011e6188e2ec/invoke.js HTTP/1.1
Host: annesuspense.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clementebutcheall.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 18:09:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cecf9f38aa7fa1b3bab95cb76e2bed59
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 19 Nov 2022 12:31:58 GMT
expires: Sun, 19 Nov 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 452248
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 21:46:16 GMT
expires: Fri, 17 Nov 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 591790
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha3HZz9W8gylMrTjpXm-1rmxi_NxS-GorOPSSNzM8dAV1R4z53dFRqHZMekR8DDr19fowY3DHt9CwYjXMX_LuV6jHM4NlJopVmA5D_BQsSf2hDedaPn1UEwLy-XC2LdE1FyD5JQ=w72-h72-p-k-no-nu
142.250.74.33200 OK 1.8 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha3HZz9W8gylMrTjpXm-1rmxi_NxS-GorOPSSNzM8dAV1R4z53dFRqHZMekR8DDr19fowY3DHt9CwYjXMX_LuV6jHM4NlJopVmA5D_BQsSf2hDedaPn1UEwLy-XC2LdE1FyD5JQ=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type PNG image data, 72 x 72, 8-bit colormap, non-interlaced\012- data
Hash d963b92c3871d90729452f7f88222f7f
9c8f58ade6eed47757b0778421ee8c0dc8cb4b92
37cdf701d0dadbb81ada4686970aced6a2513c34fbddc9eae2e43d8f1e86563a
GET /blogger_img_proxy/ANbyha3HZz9W8gylMrTjpXm-1rmxi_NxS-GorOPSSNzM8dAV1R4z53dFRqHZMekR8DDr19fowY3DHt9CwYjXMX_LuV6jHM4NlJopVmA5D_BQsSf2hDedaPn1UEwLy-XC2LdE1FyD5JQ=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Fri, 25 Nov 2022 18:09:26 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Thu, 24 Nov 2022 18:09:26 GMT
server: fife
content-length: 1807
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pop.dojo.cc/5832.js
172.66.40.196200 OK 6.9 kB IP 172.66.40.196:0
File type HTML document, ASCII text, with very long lines (6098)
Hash 675946425f7a7d549bcc1a5ceb872388
9743db5431b655900a4c15e4682ad7cf93446f13
9014616170e75dd495347245798f84cdef4d6f3c0199b96c9929873ef569c59f
GET /5832.js HTTP/1.1
Host: pop.dojo.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:25 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: no-cache, private
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B1UUcfqM%2FtgMKZsvze0gwQ0LCAJ52fs%2BOYmb%2FvyeL%2BrVIHMCzgoWwsB6g4gXysTtSc2sSJ9d2Y1%2BneBA1evYGm7dfQnPTMJyQBzD%2Bn2c8O89jDzbrDydjXYJcu%2B6rA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f41876899db4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8b0a6ea4a1b52f72d93c9e643b0dd179
02df9611887db2044802892f436f0448eb0e332c
ec8284c369490389342d5a3a33d3501262ecd1498d46153689de13e4356b799c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EC8284C369490389342D5A3A33D3501262ECD1498D46153689DE13E4356B799C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10663
Expires: Thu, 24 Nov 2022 21:07:09 GMT
Date: Thu, 24 Nov 2022 18:09:26 GMT
Connection: keep-alive
annesuspense.com/22445398d1a51748dcdb9dcab239afd3/invoke.js
173.233.137.60200 OK 9.8 kB URL HTTP/1.1 annesuspense.com/22445398d1a51748dcdb9dcab239afd3/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (26951), with no line terminators
Hash 064ecd0f8b09812054fb6e6468ae81d1
bef0947280a0f2fb278903e4a67da4aada434d63
e849984280e71fa15f25ef210551cdf0eae1a528aab4c0eb21429bbb90e61d7e
Analyzer Verdict Alert quad9 Sinkholed
GET /22445398d1a51748dcdb9dcab239afd3/invoke.js HTTP/1.1
Host: annesuspense.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 18:09:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6a8835e551743c201e57deda1ea92589
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2647
Expires: Thu, 24 Nov 2022 18:53:33 GMT
Date: Thu, 24 Nov 2022 18:09:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2647
Expires: Thu, 24 Nov 2022 18:53:33 GMT
Date: Thu, 24 Nov 2022 18:09:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2647
Expires: Thu, 24 Nov 2022 18:53:33 GMT
Date: Thu, 24 Nov 2022 18:09:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4157f2c5c3c77ce699324ecb08f47c7
a7d9135f9d01ba13c3cdaf8b038c70212f159297
2305f7afee95bb34d9e8dbff571c6b146ba7b694be96e9e925c32d1f41785916
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d85d03d-8fcf-42f4-bada-e7f488f04307.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7462
x-amzn-requestid: 1f6fb14d-83e0-43d3-9dab-5bc83af1a7c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwV3HV9oAMFs9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9425-634d43db6308e0be596aa5a0;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GW5UTfY7-TwPWTno9z1e21a2cA9fmU7GfHFYWdL-zQvMLxeq-S9Trg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:08:16 GMT
age: 72070
etag: "a7d9135f9d01ba13c3cdaf8b038c70212f159297"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 05:04:28 GMT
age: 47098
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 5348b4ee74a9c894db836c2b61cc7086
9a65195ea94f2f7326007ad86ca1675010f4c00e
d2c786795613bca9a9bee9143dc278307b828a07b40880cfa20e087895aa359a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=161612
Date: Thu, 24 Nov 2022 18:09:26 GMT
Etag: "637f7219-1d7"
Expires: Sat, 26 Nov 2022 15:02:58 GMT
Last-Modified: Thu, 24 Nov 2022 13:31:05 GMT
Server: ECS (dcb/7ECB)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: h-YxZOXU0_gyHogDKf2aFlL2wtDcbwXhF07rLURKytfQdduLDywnjw==
Age: 5513
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9d93b2a6875d446c3467eb49767eef5
303c571b13b05fcf27ee1159d8fdf6369aaef0a2
2a2345a925e0187979930a7f2de8548957ad9f2baae77364dcb157286e2b3fcf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50d7d834-f80d-4fd9-a728-24643ed00c45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: 4d94ce1b-d18f-43b8-bb4d-e7093f9bea42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvd2G9UIAMFrEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5f2-64a570135be59b83031811da;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:04:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JygkDI7XSvlgurUTot874ZAXlOIqnv4cntMQ55IvHVqw93JBcksZjQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 07:10:24 GMT
age: 39542
etag: "303c571b13b05fcf27ee1159d8fdf6369aaef0a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 5348b4ee74a9c894db836c2b61cc7086
9a65195ea94f2f7326007ad86ca1675010f4c00e
d2c786795613bca9a9bee9143dc278307b828a07b40880cfa20e087895aa359a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=157483
Date: Thu, 24 Nov 2022 18:09:26 GMT
Etag: "637f7219-1d7"
Expires: Sat, 26 Nov 2022 13:54:09 GMT
Last-Modified: Thu, 24 Nov 2022 13:31:05 GMT
Server: ECS (dcb/7FA5)
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8GWDhaJ1xxBTK3IxFWejFwr_3t5n4w1jlNZCiQDc2X8rSBPBS5aIGw==
Age: 1384
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64d79191f005c9876b952c5f948aa0f7
1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DYBcunpyI0FBJsJGh1kKpFI3X8kzCkO3mCxzUtWnaMKBT-Bv-zkq3Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:59:18 GMT
age: 72608
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YJuHCuUgkLuFFiQUlrPWgv9grHznufMTU08hi4ZMpQTBmou6BGWrhQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:47:52 GMT
age: 73294
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856fdb55f19f03a1bec38b3d6e0ac77
89accd230fba95fe0049678070817b36ead015fa
17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rrs7G6Wto6iY0rT6KsKwKAOPJjehXqD0jHZrR_eaiqpepQILFr7Dtw==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:49:07 GMT
age: 73219
etag: "89accd230fba95fe0049678070817b36ead015fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash c1dec264b0b1efddcc0740448988bc74
f96b1e246b9fc78b04aa12c2f70e00437ed287a8
231a0c1d0ff550f418f85027fc1936a39d3e6234dab342899d71a7f90249ce58
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clementebutcheall.blogspot.com
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://clementebutcheall.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=d825401e-1c29-465d-bc0a-61d893004c2d:3:1; expires=Sun, 21 Nov 2032 18:09:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 8c2c4382fa11af43c54e6eacbe5c2454
e193ea2de9c57689bcf099b509ac2ccc73b55187
9c5ac88571798d09635e39fbedae452aa1df9bd53788ca7d95e9dcefe0a626ca
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clementebutcheall.blogspot.com
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://clementebutcheall.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=51f7befe-e1c6-4752-ad95-f9ded87f1ca4:1:1; expires=Sun, 21 Nov 2032 18:09:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash a7f14bb179c3f73144976a61508df3c5
9efe14d7835c7f8cc653505f75f7a0d794f382a6
be2f38f665cecfc4851d5f3903f825c56c13d33c8b449415e46de6039318f79f
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clementebutcheall.blogspot.com
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:26 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://clementebutcheall.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=0b86a2cc-730e-4d17-bb91-a90fae6c29bd:2:1; expires=Sun, 21 Nov 2032 18:09:26 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8b0a6ea4a1b52f72d93c9e643b0dd179
02df9611887db2044802892f436f0448eb0e332c
ec8284c369490389342d5a3a33d3501262ecd1498d46153689de13e4356b799c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EC8284C369490389342D5A3A33D3501262ECD1498D46153689DE13E4356B799C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10663
Expires: Thu, 24 Nov 2022 21:07:09 GMT
Date: Thu, 24 Nov 2022 18:09:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e4187a43946d8ea5337bb1347757b7a6
05dd65dd513f85c93974052ac7fa227aaf250fe4
495169482368a285ec3b8581b00365be1dd6c011d0278437bc55be18a6231adf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "495169482368A285EC3B8581B00365BE1DD6C011D0278437BC55BE18A6231ADF"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9177
Expires: Thu, 24 Nov 2022 20:42:23 GMT
Date: Thu, 24 Nov 2022 18:09:26 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:05:06 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 803766422
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e08160e18a9e9fc0d2f95eaa1ca56026
7a3aee048fd7162fc1ac9a2bb7a5a4d1f3ce18a6
a9409bfc5e9770abbeab2e97905a469520887924baf7667f7b928a74331a55b7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9409BFC5E9770ABBEAB2E97905A469520887924BAF7667F7B928A74331A55B7"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7534
Expires: Thu, 24 Nov 2022 20:15:01 GMT
Date: Thu, 24 Nov 2022 18:09:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9dd99424d7fdef2ba07ed2df5e93e5ba
8cbad8b675aa34acf63f8244d9a35c4fe7a6e960
fb2c1e21824f9e5486f33c27233d69216011008c7055f590f2a5c8dcea468d47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FB2C1E21824F9E5486F33C27233D69216011008C7055F590F2A5C8DCEA468D47"
Last-Modified: Thu, 24 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10877
Expires: Thu, 24 Nov 2022 21:10:44 GMT
Date: Thu, 24 Nov 2022 18:09:27 GMT
Connection: keep-alive
schemevolcanosuspicions.com/ntv.json?key=46b21327aabb2b9c66a4011e6188e2ec&vstc=2
192.243.59.13200 OK 8.2 kB URL HTTP/1.1 schemevolcanosuspicions.com/ntv.json?key=46b21327aabb2b9c66a4011e6188e2ec&vstc=2
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (8206), with no line terminators
Hash fd185685416d824addc357e51138f447
3b117a4d20f78d53edbc00a3197600fd40b7e75c
adaf247cb62bcd10ac1cfaba2c57d2a706824ab81030d63efadb650b6bfb802d
Analyzer Verdict Alert quad9 Sinkholed
GET /ntv.json?key=46b21327aabb2b9c66a4011e6188e2ec&vstc=2 HTTP/1.1
Host: schemevolcanosuspicions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clementebutcheall.blogspot.com
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: application/json
Content-Length: 8206
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://clementebutcheall.blogspot.com
Access-Control-Allow-Origin: https://clementebutcheall.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16718737; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
uncs=1; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
pdhtkv49=true; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
uncs49=1; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
nlec46b21327aabb2b9c66a4011e6188e2ec=[2229215,2229213]; expires=Thu, 24 Nov 2022 18:09:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff87bdeeba10abc5bee14491ece831ff
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e35fa4dae40bd0e50b8721139c5c1e96
29c62a374706992243f28a55ccde2c170e0957f4
906b12ecb187e42e1a0522ad8a6418b1901f7c87adb31afe4b602e3756ade39f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "906B12ECB187E42E1A0522AD8A6418B1901F7C87ADB31AFE4B602E3756ADE39F"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8485
Expires: Thu, 24 Nov 2022 20:30:52 GMT
Date: Thu, 24 Nov 2022 18:09:27 GMT
Connection: keep-alive
parkingridiculous.com/watch.1435028843277.js?key=22445398d1a51748dcdb9dcab239afd3&kw=%5B%22what%22%2C%22is%22%2C%22the%22%2C%22cause%22%2C%22of%22%2C%22the%22%2C%22red%22%2C%22color%22%2C%22of%22%2C%22the%22%2C%22waters%22%2C%22about%22%2C%22madagascar%22%2C%22-%22%2C%22clemente%22%2C%22butcheall%22%5D&refer=https%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&tz=0&dev=e&res=12.1055&uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd%3A2%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 parkingridiculous.com/watch.1435028843277.js?key=22445398d1a51748dcdb9dcab239afd3&kw=%5B%22what%22%2C%22is%22%2C%22the%22%2C%22cause%22%2C%22of%22%2C%22the%22%2C%22red%22%2C%22color%22%2C%22of%22%2C%22the%22%2C%22waters%22%2C%22about%22%2C%22madagascar%22%2C%22-%22%2C%22clemente%22%2C%22butcheall%22%5D&refer=https%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&tz=0&dev=e&res=12.1055&uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd%3A2%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1435028843277.js?key=22445398d1a51748dcdb9dcab239afd3&kw=%5B%22what%22%2C%22is%22%2C%22the%22%2C%22cause%22%2C%22of%22%2C%22the%22%2C%22red%22%2C%22color%22%2C%22of%22%2C%22the%22%2C%22waters%22%2C%22about%22%2C%22madagascar%22%2C%22-%22%2C%22clemente%22%2C%22butcheall%22%5D&refer=https%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&tz=0&dev=e&res=12.1055&uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd%3A2%3A1 HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clementebutcheall.blogspot.com
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://clementebutcheall.blogspot.com
Access-Control-Allow-Origin: https://clementebutcheall.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://parkingridiculous.com/watch.1435028843277.js?key=22445398d1a51748dcdb9dcab239afd3&kw=%5B%22what%22%2C%22is%22%2C%22the%22%2C%22cause%22%2C%22of%22%2C%22the%22%2C%22red%22%2C%22color%22%2C%22of%22%2C%22the%22%2C%22waters%22%2C%22about%22%2C%22madagascar%22%2C%22-%22%2C%22clemente%22%2C%22butcheall%22%5D&refer=https%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&tz=0&dev=e&res=12.1055&uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd%3A2%3A1&shu=6c8732b116ed0e586891b6750fc42833f2ba6ed6d8d8f9929966882d1a21eb61219df48aae5eb863e34db6ef63a0bfed5de9f6e40c0eca9a324a0d836444b878b8907538feaf5c76b383c2c0bdd8582d8039b7ad&pst=1669313427&rmtc=t
Set-Cookie: u_pl=16073926; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjA3MzkyNiwiayI6IjIyNDQ1Mzk4ZDFhNTE3NDhkY2RiOWRjYWIyMzlhZmQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDkxMjI3LCJwaWQiOjI4MjYxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJqZWpkYjQ5Nml5IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vY2xlbWVudGVidXRjaGVhbGwuYmxvZ3Nwb3QuY29tLzIwMjEvMTEvd2hhdC1pcy1jYXVzZS1vZi1yZWQtY29sb3Itb2Ytd2F0ZXJzLmh0bWwifX0.hdmd7CCnZ9zFnOEkxIf1mAfzQPH-hRFUM-BZrUQv6x4; expires=Thu, 24 Nov 2022 18:10:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 783a4bf000b2600e38f15a9a3b4bb4d3
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f6c1497d491ebdec0b24caf356dad1f
6efe847d68565760b80862295cb809e7efee7de8
5a7ebb4a3bfc1046cd3c07cef6bd550f3452c3cf4d48d48e6428473f2de44c51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A7EBB4A3BFC1046CD3C07CEF6BD550F3452C3CF4D48D48E6428473F2DE44C51"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7434
Expires: Thu, 24 Nov 2022 20:13:21 GMT
Date: Thu, 24 Nov 2022 18:09:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f6c1497d491ebdec0b24caf356dad1f
6efe847d68565760b80862295cb809e7efee7de8
5a7ebb4a3bfc1046cd3c07cef6bd550f3452c3cf4d48d48e6428473f2de44c51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A7EBB4A3BFC1046CD3C07CEF6BD550F3452C3CF4D48D48E6428473F2DE44C51"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7434
Expires: Thu, 24 Nov 2022 20:13:21 GMT
Date: Thu, 24 Nov 2022 18:09:27 GMT
Connection: keep-alive
schemevolcanosuspicions.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSedYyEoAFEE0FxokAgofPu%2FfmOFBEhBFkY2yRBbmjmb8%2FDze4sM7u3ZzcYIkHKgwqo1t%2FZsRIsRERFAUJnmsgCKdcgFzE1NVIEFWgvJx08ad5733yv%2BL4388ledkZ8ZPR0422zo7SmS82qX3lpU8XC5K6ydr0S%2BFX%2FQmVTxa3GhcqgTLb%2FauA3q%2F7LlTcl75mlmh%2F4fuAHlSvKytAMlqYsVHLUCaodv9qoVYNmAwP7f%2BwyD456EP0z8gyUmDy2de8uFB8jjr69LF0vNckrb0SZpqmx6IvDd%2BNebPIY0bwNrYcwPpxNw7gJIV8swMSHMwcw%2Ff3SAZiaEO%2B3ACw%2BnMkE6x88Uso0ZAwmnkTeH0PqMRQdg5sbUOI%2BAbjA2jri6NaasTndfsTSkp2QxYd%2FQuUTsvjgWcTRN5e0GlSuGZ2lysQOg7CAGoyhumMk2THSHQ8qPwZPP4YSv5Klh6uIo%2F11pw2UKKbulRpDhWNoOQR1HrLyKA9Z6CFLPETitEKbndD3l0MW1uvtBue8Xue82W6Jpqg32qGPjJfyhkiTIbgegttdJHYXPTWEzX6C2yrghAeXToj3zi76okAuCXJHkFOCXBHkKUHeLw6EdjVX3BLaZSyY1dqs1ouRSbt79MCkXRmTveSMPD3dyz%2FPfYaePK00WqwW1GvLlDJWYx3eatGGHwSyFbTbsiY5nCqg3MLU6o6akPPvfY9ETcji%2Bt9g9BhOH4Orc6BZAJqPlms%2B6Nao0faxE9%2FeMh%2F0VJWbCMIUSNJFpNvenj4j56ciXjj3OyQ%2FuXjn%2BaPHgxf%2FALcFElvgffUzQVffHF01Odm%2FanJH7q4nqYrUDi0f7lpKU3nuzltyOzdWrFx2w9uv8ZIo26Pr0qWrNBYq7jry9SUlhLRXjOWS%2FLDiNiXbyNzWpczGWbK68fqVlSix0jll4jGour%2F%2BF3jp7qMfp1%2FyqV8%2BhbJj2KxAlJ2QWUCZY%2FBkFy6Zq3eGwOr5DEs85FkxsjU2v9SKQMs5pqyA%2Bw9m837P3UTXLoCmNxBHBfq2QF8XoHoIlz0xShN7cvHel2V8BaYXRkzbhX2mrf58utoyPYBTpxXZDP1Q%2BjXJwg4Ll6kvOmGjw2gnkMusSQOkbsI%2F%2FG7zXwAAAP%2F%2FAQAA%2F%2F8OCEPKbwQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 schemevolcanosuspicions.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSedYyEoAFEE0FxokAgofPu%2FfmOFBEhBFkY2yRBbmjmb8%2FDze4sM7u3ZzcYIkHKgwqo1t%2FZsRIsRERFAUJnmsgCKdcgFzE1NVIEFWgvJx08ad5733yv%2BL4388ledkZ8ZPR0422zo7SmS82qX3lpU8XC5K6ydr0S%2BFX%2FQmVTxa3GhcqgTLb%2FauA3q%2F7LlTcl75mlmh%2F4fuAHlSvKytAMlqYsVHLUCaodv9qoVYNmAwP7f%2BwyD456EP0z8gyUmDy2de8uFB8jjr69LF0vNckrb0SZpqmx6IvDd%2BNebPIY0bwNrYcwPpxNw7gJIV8swMSHMwcw%2Ff3SAZiaEO%2B3ACw%2BnMkE6x88Uso0ZAwmnkTeH0PqMRQdg5sbUOI%2BAbjA2jri6NaasTndfsTSkp2QxYd%2FQuUTsvjgWcTRN5e0GlSuGZ2lysQOg7CAGoyhumMk2THSHQ8qPwZPP4YSv5Klh6uIo%2F11pw2UKKbulRpDhWNoOQR1HrLyKA9Z6CFLPETitEKbndD3l0MW1uvtBue8Xue82W6Jpqg32qGPjJfyhkiTIbgegttdJHYXPTWEzX6C2yrghAeXToj3zi76okAuCXJHkFOCXBHkKUHeLw6EdjVX3BLaZSyY1dqs1ouRSbt79MCkXRmTveSMPD3dyz%2FPfYaePK00WqwW1GvLlDJWYx3eatGGHwSyFbTbsiY5nCqg3MLU6o6akPPvfY9ETcji%2Bt9g9BhOH4Orc6BZAJqPlms%2B6Nao0faxE9%2FeMh%2F0VJWbCMIUSNJFpNvenj4j56ciXjj3OyQ%2FuXjn%2BaPHgxf%2FALcFElvgffUzQVffHF01Odm%2FanJH7q4nqYrUDi0f7lpKU3nuzltyOzdWrFx2w9uv8ZIo26Pr0qWrNBYq7jry9SUlhLRXjOWS%2FLDiNiXbyNzWpczGWbK68fqVlSix0jll4jGour%2F%2BF3jp7qMfp1%2FyqV8%2BhbJj2KxAlJ2QWUCZY%2FBkFy6Zq3eGwOr5DEs85FkxsjU2v9SKQMs5pqyA%2Bw9m837P3UTXLoCmNxBHBfq2QF8XoHoIlz0xShN7cvHel2V8BaYXRkzbhX2mrf58utoyPYBTpxXZDP1Q%2BjXJwg4Ll6kvOmGjw2gnkMusSQOkbsI%2F%2FG7zXwAAAP%2F%2FAQAA%2F%2F8OCEPKbwQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSedYyEoAFEE0FxokAgofPu%2FfmOFBEhBFkY2yRBbmjmb8%2FDze4sM7u3ZzcYIkHKgwqo1t%2FZsRIsRERFAUJnmsgCKdcgFzE1NVIEFWgvJx08ad5733yv%2BL4388ledkZ8ZPR0422zo7SmS82qX3lpU8XC5K6ydr0S%2BFX%2FQmVTxa3GhcqgTLb%2FauA3q%2F7LlTcl75mlmh%2F4fuAHlSvKytAMlqYsVHLUCaodv9qoVYNmAwP7f%2BwyD456EP0z8gyUmDy2de8uFB8jjr69LF0vNckrb0SZpqmx6IvDd%2BNebPIY0bwNrYcwPpxNw7gJIV8swMSHMwcw%2Ff3SAZiaEO%2B3ACw%2BnMkE6x88Uso0ZAwmnkTeH0PqMRQdg5sbUOI%2BAbjA2jri6NaasTndfsTSkp2QxYd%2FQuUTsvjgWcTRN5e0GlSuGZ2lysQOg7CAGoyhumMk2THSHQ8qPwZPP4YSv5Klh6uIo%2F11pw2UKKbulRpDhWNoOQR1HrLyKA9Z6CFLPETitEKbndD3l0MW1uvtBue8Xue82W6Jpqg32qGPjJfyhkiTIbgegttdJHYXPTWEzX6C2yrghAeXToj3zi76okAuCXJHkFOCXBHkKUHeLw6EdjVX3BLaZSyY1dqs1ouRSbt79MCkXRmTveSMPD3dyz%2FPfYaePK00WqwW1GvLlDJWYx3eatGGHwSyFbTbsiY5nCqg3MLU6o6akPPvfY9ETcji%2Bt9g9BhOH4Orc6BZAJqPlms%2B6Nao0faxE9%2FeMh%2F0VJWbCMIUSNJFpNvenj4j56ciXjj3OyQ%2FuXjn%2BaPHgxf%2FALcFElvgffUzQVffHF01Odm%2FanJH7q4nqYrUDi0f7lpKU3nuzltyOzdWrFx2w9uv8ZIo26Pr0qWrNBYq7jry9SUlhLRXjOWS%2FLDiNiXbyNzWpczGWbK68fqVlSix0jll4jGour%2F%2BF3jp7qMfp1%2FyqV8%2BhbJj2KxAlJ2QWUCZY%2FBkFy6Zq3eGwOr5DEs85FkxsjU2v9SKQMs5pqyA%2Bw9m837P3UTXLoCmNxBHBfq2QF8XoHoIlz0xShN7cvHel2V8BaYXRkzbhX2mrf58utoyPYBTpxXZDP1Q%2BjXJwg4Ll6kvOmGjw2gnkMusSQOkbsI%2F%2FG7zXwAAAP%2F%2FAQAA%2F%2F8OCEPKbwQAAA%3D%3D HTTP/1.1
Host: schemevolcanosuspicions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229215,2229213]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a4b943da3309eb50f11243e17946701e
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
45.133.44.10200 OK 23 kB URL HTTP/2 cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 4452445afb73fab8af9ff308eb667024
130401c47d822426e1cce9981c30d775cba1b576
923b0ac505decd181f473f1fa460f21590777993c3581723f127b032d8c45bdd
GET /cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:27 GMT
content-type: image/jpeg
content-length: 22987
server: nginx/1.17.6
last-modified: Tue, 10 Aug 2021 09:16:05 GMT
etag: "611243d5-59cb"
expires: Sat, 26 Nov 2022 18:09:27 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg
45.133.44.10200 OK 23 kB URL HTTP/2 cdn.cloudimagesb.com/cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash c6f19781c79ff746b99178f813cfbff2
5c307e43c63001535aa3a3683777dbb1a7f0775b
816b5a5d078f27271fa2d7c210d708f386a6f9fbd9242531b07f0b051382870d
GET /cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:27 GMT
content-type: image/jpeg
content-length: 22883
server: nginx/1.17.6
last-modified: Tue, 10 Aug 2021 09:15:16 GMT
etag: "611243a4-5963"
expires: Sat, 26 Nov 2022 18:09:27 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?4597531&@f16&@g1&@h1&@i1&@j1669313366664&@k0&@l1&@mWhat%20Is%20The%20Cause%20Of%20The%20Red%20Color%20Of%20The%20Waters%20About%20Madagascar%3F%20-%20Clemente%20Butcheall&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-113482755&@b3:1669313367&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&@w
158.69.248.123200 OK 49 B URL HTTP/1.1 s4.histats.com/stats/0.php?4597531&@f16&@g1&@h1&@i1&@j1669313366664&@k0&@l1&@mWhat%20Is%20The%20Cause%20Of%20The%20Red%20Color%20Of%20The%20Waters%20About%20Madagascar%3F%20-%20Clemente%20Butcheall&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-113482755&@b3:1669313367&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&@w
IP 158.69.248.123:0
File type ASCII text, with no line terminators
Hash 3e5174aa9839aabd828abdfeecb05768
da6a94f5169aa777a03a8cc1afc3796eece06938
a4f11af0ba02a5320f177b2b5bdf1193a3721d771b21a705aed64ffe65a145e9
GET /stats/0.php?4597531&@f16&@g1&@h1&@i1&@j1669313366664&@k0&@l1&@mWhat%20Is%20The%20Cause%20Of%20The%20Red%20Color%20Of%20The%20Waters%20About%20Madagascar%3F%20-%20Clemente%20Butcheall&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-113482755&@b3:1669313367&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 49
Connection: close
schemevolcanosuspicions.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidPRsJQQOIJoLiRIFAQufdvX9SRJhgZGFskwS5oZmdmTsPN7uzzOzent1giEApDyqgWr%2BzYyVYiIiKAoTONJEFUq5BLmJqaqQIKtCeTzr4pN3ve%2FO%2B4r038%2Bl%2Bek5cpPRs8229K5WiS%2FWKW35pS0ZcZ7a8fqPsuRX3cnlLRo3a5fKg%2BJn%2Bq55br7gvl98UrKeXfNdzXc%2F1yivSiI4eLE1ZyPi47VXabqXmV7x6DQPzf2xTB5Y64P1z8gwknzy2ff8eJBsjCr%2B9Kmwv0fErb4Spook26POjd6NepLMI4XzsGAed6Gi2DW0nhHxRgo6OZg6g%2BweFAwRyQpzfPATR0Uwmgv7hhdJAQUQI%2BJPI%2BmMINYakYzB9E5I%2FIADjWN9AFN5e1yajOxcsLdgJWXz0J2Q2IYsPn0UUfrOs5KB8Xas0kTqyGHRyyMEYsjtGnJ4g2XUgsxOw5GNI%2FitZerSGKDzYsEpD8nzqXsoxZGcMJYag1kFafNJB2nGQxg5Cflam9XbHdZudoFOttmqMsWqVsXqrweu8Wmt1XKSskDdEEg%2FB1BDM7CE2e%2BjJIUz6E%2Bx2Dssd2GRCnHf20Oc5MkGQWYKMEmSSIEsIsn5%2ByJX1bX6bK5sG3qz7s17NRzrp7tNDnXRFRPbjc%2FL0NJd%2FnvsMPXFWrjUC36v6TUqDwA%2FarNGgNdfzRMNrtYQvGKzMIW1panVXTsil975HLCdkceNvBPQEVp2AyQXQ1APNRk3fBd0e1VoudqM72%2FqDnqwwHYLrHHGyiGTH2Vfn5NJUxAsLDyHY6ZW7zx8%2F7r34B5jJEZsc78ufCbrq1uiazsjBNZ1Zcm8jTmQod2lxcdcTmoiFu2%2BJnUwbvnrVDu%2B8xgqiGI9vCJus0YjLqGvJ18uSc2FWtGGC%2FLBqt0Swmdrt5dREaby2%2BfrKahgbYa3U0RhUPtj4C6xw99GP0yf51C%2BfQJoxTJojTE%2FJrCD1CVi8BxvP1VtNYNR8J4hLyNJ8ZPxgfqgkgRJzTIMc9j84mM%2F79ha6pgSa3EQU5uibHH2Vg6ohbPrEKInN6ZX7Xxb1FQJVGgXKlA4CZdTnRbS%2FX%2BRr5Vm57tVEK2g1GeeBYNxr%2BtVW1XV9zmvNtvDaSOyEffjd1r8AAAD%2F%2FwEAAP%2F%2FFJBc628EAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 schemevolcanosuspicions.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidPRsJQQOIJoLiRIFAQufdvX9SRJhgZGFskwS5oZmdmTsPN7uzzOzent1giEApDyqgWr%2BzYyVYiIiKAoTONJEFUq5BLmJqaqQIKtCeTzr4pN3ve%2FO%2B4r038%2Bl%2Bek5cpPRs8229K5WiS%2FWKW35pS0ZcZ7a8fqPsuRX3cnlLRo3a5fKg%2BJn%2Bq55br7gvl98UrKeXfNdzXc%2F1yivSiI4eLE1ZyPi47VXabqXmV7x6DQPzf2xTB5Y64P1z8gwknzy2ff8eJBsjCr%2B9Kmwv0fErb4Spook26POjd6NepLMI4XzsGAed6Gi2DW0nhHxRgo6OZg6g%2BweFAwRyQpzfPATR0Uwmgv7hhdJAQUQI%2BJPI%2BmMINYakYzB9E5I%2FIADjWN9AFN5e1yajOxcsLdgJWXz0J2Q2IYsPn0UUfrOs5KB8Xas0kTqyGHRyyMEYsjtGnJ4g2XUgsxOw5GNI%2FitZerSGKDzYsEpD8nzqXsoxZGcMJYag1kFafNJB2nGQxg5Cflam9XbHdZudoFOttmqMsWqVsXqrweu8Wmt1XKSskDdEEg%2FB1BDM7CE2e%2BjJIUz6E%2Bx2Dssd2GRCnHf20Oc5MkGQWYKMEmSSIEsIsn5%2ByJX1bX6bK5sG3qz7s17NRzrp7tNDnXRFRPbjc%2FL0NJd%2FnvsMPXFWrjUC36v6TUqDwA%2FarNGgNdfzRMNrtYQvGKzMIW1panVXTsil975HLCdkceNvBPQEVp2AyQXQ1APNRk3fBd0e1VoudqM72%2FqDnqwwHYLrHHGyiGTH2Vfn5NJUxAsLDyHY6ZW7zx8%2F7r34B5jJEZsc78ufCbrq1uiazsjBNZ1Zcm8jTmQod2lxcdcTmoiFu2%2BJnUwbvnrVDu%2B8xgqiGI9vCJus0YjLqGvJ18uSc2FWtGGC%2FLBqt0Swmdrt5dREaby2%2BfrKahgbYa3U0RhUPtj4C6xw99GP0yf51C%2BfQJoxTJojTE%2FJrCD1CVi8BxvP1VtNYNR8J4hLyNJ8ZPxgfqgkgRJzTIMc9j84mM%2F79ha6pgSa3EQU5uibHH2Vg6ohbPrEKInN6ZX7Xxb1FQJVGgXKlA4CZdTnRbS%2FX%2BRr5Vm57tVEK2g1GeeBYNxr%2BtVW1XV9zmvNtvDaSOyEffjd1r8AAAD%2F%2FwEAAP%2F%2FFJBc628EAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidPRsJQQOIJoLiRIFAQufdvX9SRJhgZGFskwS5oZmdmTsPN7uzzOzent1giEApDyqgWr%2BzYyVYiIiKAoTONJEFUq5BLmJqaqQIKtCeTzr4pN3ve%2FO%2B4r038%2Bl%2Bek5cpPRs8229K5WiS%2FWKW35pS0ZcZ7a8fqPsuRX3cnlLRo3a5fKg%2BJn%2Bq55br7gvl98UrKeXfNdzXc%2F1yivSiI4eLE1ZyPi47VXabqXmV7x6DQPzf2xTB5Y64P1z8gwknzy2ff8eJBsjCr%2B9Kmwv0fErb4Spook26POjd6NepLMI4XzsGAed6Gi2DW0nhHxRgo6OZg6g%2BweFAwRyQpzfPATR0Uwmgv7hhdJAQUQI%2BJPI%2BmMINYakYzB9E5I%2FIADjWN9AFN5e1yajOxcsLdgJWXz0J2Q2IYsPn0UUfrOs5KB8Xas0kTqyGHRyyMEYsjtGnJ4g2XUgsxOw5GNI%2FitZerSGKDzYsEpD8nzqXsoxZGcMJYag1kFafNJB2nGQxg5Cflam9XbHdZudoFOttmqMsWqVsXqrweu8Wmt1XKSskDdEEg%2FB1BDM7CE2e%2BjJIUz6E%2Bx2Dssd2GRCnHf20Oc5MkGQWYKMEmSSIEsIsn5%2ByJX1bX6bK5sG3qz7s17NRzrp7tNDnXRFRPbjc%2FL0NJd%2FnvsMPXFWrjUC36v6TUqDwA%2FarNGgNdfzRMNrtYQvGKzMIW1panVXTsil975HLCdkceNvBPQEVp2AyQXQ1APNRk3fBd0e1VoudqM72%2FqDnqwwHYLrHHGyiGTH2Vfn5NJUxAsLDyHY6ZW7zx8%2F7r34B5jJEZsc78ufCbrq1uiazsjBNZ1Zcm8jTmQod2lxcdcTmoiFu2%2BJnUwbvnrVDu%2B8xgqiGI9vCJus0YjLqGvJ18uSc2FWtGGC%2FLBqt0Swmdrt5dREaby2%2BfrKahgbYa3U0RhUPtj4C6xw99GP0yf51C%2BfQJoxTJojTE%2FJrCD1CVi8BxvP1VtNYNR8J4hLyNJ8ZPxgfqgkgRJzTIMc9j84mM%2F79ha6pgSa3EQU5uibHH2Vg6ohbPrEKInN6ZX7Xxb1FQJVGgXKlA4CZdTnRbS%2FX%2BRr5Vm57tVEK2g1GeeBYNxr%2BtVW1XV9zmvNtvDaSOyEffjd1r8AAAD%2F%2FwEAAP%2F%2FFJBc628EAAA%3D HTTP/1.1
Host: schemevolcanosuspicions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229215,2229213]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7924e1b7b4dc45d30231f0dc324572b9
Strict-Transport-Security: max-age=0; includeSubdomains
parkingridiculous.com/watch.1435028843277.js?key=22445398d1a51748dcdb9dcab239afd3&kw=%5B%22what%22%2C%22is%22%2C%22the%22%2C%22cause%22%2C%22of%22%2C%22the%22%2C%22red%22%2C%22color%22%2C%22of%22%2C%22the%22%2C%22waters%22%2C%22about%22%2C%22madagascar%22%2C%22-%22%2C%22clemente%22%2C%22butcheall%22%5D&refer=https%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&tz=0&dev=e&res=12.1055&uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd%3A2%3A1&shu=6c8732b116ed0e586891b6750fc42833f2ba6ed6d8d8f9929966882d1a21eb61219df48aae5eb863e34db6ef63a0bfed5de9f6e40c0eca9a324a0d836444b878b8907538feaf5c76b383c2c0bdd8582d8039b7ad&pst=1669313427&rmtc=t
192.243.59.12200 OK 2.1 kB URL HTTP/1.1 parkingridiculous.com/watch.1435028843277.js?key=22445398d1a51748dcdb9dcab239afd3&kw=%5B%22what%22%2C%22is%22%2C%22the%22%2C%22cause%22%2C%22of%22%2C%22the%22%2C%22red%22%2C%22color%22%2C%22of%22%2C%22the%22%2C%22waters%22%2C%22about%22%2C%22madagascar%22%2C%22-%22%2C%22clemente%22%2C%22butcheall%22%5D&refer=https%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&tz=0&dev=e&res=12.1055&uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd%3A2%3A1&shu=6c8732b116ed0e586891b6750fc42833f2ba6ed6d8d8f9929966882d1a21eb61219df48aae5eb863e34db6ef63a0bfed5de9f6e40c0eca9a324a0d836444b878b8907538feaf5c76b383c2c0bdd8582d8039b7ad&pst=1669313427&rmtc=t
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (2669)
Hash ff23beb7c2d7c643940059c4a906ad0c
da819d79a887dbd4e8406a32a0ae20b09541615f
b39f48f9e7f1dd44a413a3bde870a3bb1dfa00ba149966292388c55605490296
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1435028843277.js?key=22445398d1a51748dcdb9dcab239afd3&kw=%5B%22what%22%2C%22is%22%2C%22the%22%2C%22cause%22%2C%22of%22%2C%22the%22%2C%22red%22%2C%22color%22%2C%22of%22%2C%22the%22%2C%22waters%22%2C%22about%22%2C%22madagascar%22%2C%22-%22%2C%22clemente%22%2C%22butcheall%22%5D&refer=https%3A%2F%2Fclementebutcheall.blogspot.com%2F2021%2F11%2Fwhat-is-cause-of-red-color-of-waters.html&tz=0&dev=e&res=12.1055&uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd%3A2%3A1&shu=6c8732b116ed0e586891b6750fc42833f2ba6ed6d8d8f9929966882d1a21eb61219df48aae5eb863e34db6ef63a0bfed5de9f6e40c0eca9a324a0d836444b878b8907538feaf5c76b383c2c0bdd8582d8039b7ad&pst=1669313427&rmtc=t HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clementebutcheall.blogspot.com
Referer: https://clementebutcheall.blogspot.com/
Connection: keep-alive
Cookie: u_pl=16073926; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjA3MzkyNiwiayI6IjIyNDQ1Mzk4ZDFhNTE3NDhkY2RiOWRjYWIyMzlhZmQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDkxMjI3LCJwaWQiOjI4MjYxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJqZWpkYjQ5Nml5IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vY2xlbWVudGVidXRjaGVhbGwuYmxvZ3Nwb3QuY29tLzIwMjEvMTEvd2hhdC1pcy1jYXVzZS1vZi1yZWQtY29sb3Itb2Ytd2F0ZXJzLmh0bWwifX0.hdmd7CCnZ9zFnOEkxIf1mAfzQPH-hRFUM-BZrUQv6x4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://clementebutcheall.blogspot.com
Access-Control-Allow-Origin: https://clementebutcheall.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=0b86a2cc-730e-4d17-bb91-a90fae6c29bd:2:1; expires=Thu, 01 Dec 2022 18:09:27 GMT; secure; SameSite=None
iprc3144d60ecf7c16377fd22429e241bd28=3569806; expires=Thu, 24 Nov 2022 22:09:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
uncs=1; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 47e425578adcd9d1fb3ab3c8cd313833
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
schemevolcanosuspicions.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSedYyEoAFEE0FxokAgofPu3j8pIkwwsjC2SYLc0MzfnYeb3Vlmdm%2FPbjBEgpQHFVCtv7NjJViIiIoChM40kQVSrkEuYmpqpAgq0F1OOnjSvPe%2B%2BV7xfW%2Fmk%2F3snPjI6Nnm22ZXaU2XamW%2F9NKWioXJXWn9einwy%2F6l0paK69VLpf4k2d6rgV8r%2By%2BX3pS8a5ZCP%2FD9wA9KK8rKtukvTVmo5LgVlFt%2BuRqWg1oVfft%2F7DIPjnoQvXPyDJQYP7Z97y4UHyGOvr0iXTc1yStvRJmmqbHoiaN3425s8hjRvG1bD%2B34aDYN48aEfLEAEx%2FNHMD0DiYOwNSYeL8FYPHRTCZY7%2FCRUqYhYzDxJPLeCFKPoOgI3NyAEvcJwAXWNxBHt9aNzenOI5ZO2DFZfPgnVD4miw%2BeRRx9s6xVv3TN6CxVJnbotwuo%2FgiqM0KSnSDd9aDyE%2FD0YyjxK1l6uIY4Othw2kCJYupeqRFUewQtB6DOQzY5ykPW9pAlHiJxVqK1Vtv3G23WrlSaVc55pcJ5rVkXNVGpNts%2BMj6RN0CaDMD1ANzuIbF76KoBbPYT3HYBJzy4dEy8d%2FbQEwVySZA7gpwS5IogTwnyXnEotAtdcUtol7FgVsNZrRRDk3b26aFJOzIm%2B8k5eXq6l3%2Be%2BwxdeVaq1lkYVMIGpYyFrMXrdVr1g0DWg2ZThpLDqQLKLUyt7qoxufje90jUmCxu%2FA1GT%2BD0Cbi6AJoFoPmwEfqg28Nq08dufHvbfNBVZW4iCFMgSReR7nj7%2BpxcnIp44cLvkPz08p3njx8PXvwD3BZIbIH31c8EHX1zeNXk5OCqyR25u5GkKlK7dPJw11Kaygt33pI7ubFi9Yob3H6NT4hJe3xdunSNxkLFHUe%2BXlZCSLtiLJfkh1W3Jdlm5raXMxtnydrm6yurUWKlc8rEI1B1f%2BMv8Im7j36cfsmnfvkUyo5gswJRdkpmAWVOwJM9uGSu3hkCq%2BczLPGQZ8XQhmx%2BqRWBlnNMWQH3H8zm%2Fb67iY5dAE1vII4K9GyBni5A9QAue2KYJvb08r0vJ%2FEVmF4YMm0XDpi2%2BvPpaifpAZw6K9WCqmyyZoMLwSQXQSOsNCu%2BHwpRbbRk0ELqxvzD77b%2BBQAA%2F%2F8BAAD%2F%2FxoAzSxvBAAA
192.243.59.13200 OK 7 B URL HTTP/1.1 schemevolcanosuspicions.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSedYyEoAFEE0FxokAgofPu3j8pIkwwsjC2SYLc0MzfnYeb3Vlmdm%2FPbjBEgpQHFVCtv7NjJViIiIoChM40kQVSrkEuYmpqpAgq0F1OOnjSvPe%2B%2BV7xfW%2Fmk%2F3snPjI6Nnm22ZXaU2XamW%2F9NKWioXJXWn9einwy%2F6l0paK69VLpf4k2d6rgV8r%2By%2BX3pS8a5ZCP%2FD9wA9KK8rKtukvTVmo5LgVlFt%2BuRqWg1oVfft%2F7DIPjnoQvXPyDJQYP7Z97y4UHyGOvr0iXTc1yStvRJmmqbHoiaN3425s8hjRvG1bD%2B34aDYN48aEfLEAEx%2FNHMD0DiYOwNSYeL8FYPHRTCZY7%2FCRUqYhYzDxJPLeCFKPoOgI3NyAEvcJwAXWNxBHt9aNzenOI5ZO2DFZfPgnVD4miw%2BeRRx9s6xVv3TN6CxVJnbotwuo%2FgiqM0KSnSDd9aDyE%2FD0YyjxK1l6uIY4Othw2kCJYupeqRFUewQtB6DOQzY5ykPW9pAlHiJxVqK1Vtv3G23WrlSaVc55pcJ5rVkXNVGpNts%2BMj6RN0CaDMD1ANzuIbF76KoBbPYT3HYBJzy4dEy8d%2FbQEwVySZA7gpwS5IogTwnyXnEotAtdcUtol7FgVsNZrRRDk3b26aFJOzIm%2B8k5eXq6l3%2Be%2BwxdeVaq1lkYVMIGpYyFrMXrdVr1g0DWg2ZThpLDqQLKLUyt7qoxufje90jUmCxu%2FA1GT%2BD0Cbi6AJoFoPmwEfqg28Nq08dufHvbfNBVZW4iCFMgSReR7nj7%2BpxcnIp44cLvkPz08p3njx8PXvwD3BZIbIH31c8EHX1zeNXk5OCqyR25u5GkKlK7dPJw11Kaygt33pI7ubFi9Yob3H6NT4hJe3xdunSNxkLFHUe%2BXlZCSLtiLJfkh1W3Jdlm5raXMxtnydrm6yurUWKlc8rEI1B1f%2BMv8Im7j36cfsmnfvkUyo5gswJRdkpmAWVOwJM9uGSu3hkCq%2BczLPGQZ8XQhmx%2BqRWBlnNMWQH3H8zm%2Fb67iY5dAE1vII4K9GyBni5A9QAue2KYJvb08r0vJ%2FEVmF4YMm0XDpi2%2BvPpaifpAZw6K9WCqmyyZoMLwSQXQSOsNCu%2BHwpRbbRk0ELqxvzD77b%2BBQAA%2F%2F8BAAD%2F%2FxoAzSxvBAAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSedYyEoAFEE0FxokAgofPu3j8pIkwwsjC2SYLc0MzfnYeb3Vlmdm%2FPbjBEgpQHFVCtv7NjJViIiIoChM40kQVSrkEuYmpqpAgq0F1OOnjSvPe%2B%2BV7xfW%2Fmk%2F3snPjI6Nnm22ZXaU2XamW%2F9NKWioXJXWn9einwy%2F6l0paK69VLpf4k2d6rgV8r%2By%2BX3pS8a5ZCP%2FD9wA9KK8rKtukvTVmo5LgVlFt%2BuRqWg1oVfft%2F7DIPjnoQvXPyDJQYP7Z97y4UHyGOvr0iXTc1yStvRJmmqbHoiaN3425s8hjRvG1bD%2B34aDYN48aEfLEAEx%2FNHMD0DiYOwNSYeL8FYPHRTCZY7%2FCRUqYhYzDxJPLeCFKPoOgI3NyAEvcJwAXWNxBHt9aNzenOI5ZO2DFZfPgnVD4miw%2BeRRx9s6xVv3TN6CxVJnbotwuo%2FgiqM0KSnSDd9aDyE%2FD0YyjxK1l6uIY4Othw2kCJYupeqRFUewQtB6DOQzY5ykPW9pAlHiJxVqK1Vtv3G23WrlSaVc55pcJ5rVkXNVGpNts%2BMj6RN0CaDMD1ANzuIbF76KoBbPYT3HYBJzy4dEy8d%2FbQEwVySZA7gpwS5IogTwnyXnEotAtdcUtol7FgVsNZrRRDk3b26aFJOzIm%2B8k5eXq6l3%2Be%2BwxdeVaq1lkYVMIGpYyFrMXrdVr1g0DWg2ZThpLDqQLKLUyt7qoxufje90jUmCxu%2FA1GT%2BD0Cbi6AJoFoPmwEfqg28Nq08dufHvbfNBVZW4iCFMgSReR7nj7%2BpxcnIp44cLvkPz08p3njx8PXvwD3BZIbIH31c8EHX1zeNXk5OCqyR25u5GkKlK7dPJw11Kaygt33pI7ubFi9Yob3H6NT4hJe3xdunSNxkLFHUe%2BXlZCSLtiLJfkh1W3Jdlm5raXMxtnydrm6yurUWKlc8rEI1B1f%2BMv8Im7j36cfsmnfvkUyo5gswJRdkpmAWVOwJM9uGSu3hkCq%2BczLPGQZ8XQhmx%2BqRWBlnNMWQH3H8zm%2Fb67iY5dAE1vII4K9GyBni5A9QAue2KYJvb08r0vJ%2FEVmF4YMm0XDpi2%2BvPpaifpAZw6K9WCqmyyZoMLwSQXQSOsNCu%2BHwpRbbRk0ELqxvzD77b%2BBQAA%2F%2F8BAAD%2F%2FxoAzSxvBAAA HTTP/1.1
Host: schemevolcanosuspicions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229215,2229213]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41dac917224dd53b90512b110eee1df5
Strict-Transport-Security: max-age=0; includeSubdomains
schemevolcanosuspicions.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidvRgJQQOIJoLiRIFAQufd%2B%2FMdKSJCMLIwtkmC3NDM356Hm91ZZnZvz24wRKCUBxVQrd%2FZsRIsRERFAUJnmsgCKdcgFzE1NVIEFejOJx180u73vXlf8d6b%2BXQvOyM%2BMnq68bbZUVrTxUbFL7%2B0qWJhcldeu1EO%2FIp%2Fqbyp4mb9Urk%2F%2Bdneq4HfqPgvl9%2BUvGsWq37g%2B4EflJeVlaHpL05ZqOSoHVTafqVerQSNOvr2%2F9hlHhz1IHpn5BkoMX5s6%2F49KD5CHH17VbpuapJX3ogyTVNj0ROH78bd2OQxovkYWg9hfDjbhnFjQr4owcSHMwcwvf2JAzA1Jt5vAVh8OJMJ1js4V8o0ZAwmnkTeG0HqERQdgZubUOIBAbjA2jri6PaasTndPmfphB2ThUd%2FQuVjsvDwWcTRN1e06pevG52lysQO%2FbCA6o%2BgOiMk2THSHQ8qPwZPP4YSv5LFR6uIo%2F11pw2UKKbulRpBhSNoOQB1HrLJpzxkoYcs8RCJ0zJttEPfXwpZWKu16pzzWo3zRqspGqJWb4U%2BMj6RN0CaDMD1ANzuIrG76KoBbPYT3FYBJzy4dEy8d3bREwVySZA7gpwS5IogTwnyXnEgtKu64rbQLmPBrFdnvVYMTdrZowcm7ciY7CVn5OlpLv889xm68rRcb7JqUKsuUcpYlbV5s0nrfhDIZtBqyarkcKqAcqWp1R01Jhff%2Bx6JGpOF9b%2FB6DGcPgZXF0CzADQfLlV90K1hveVjJ76zZT7oqgo3EYQpkKQLSLe9PX1GLk5FvHDhISQ%2FuXz3%2BaPHgxf%2FALcFElvgffUzQUffGl4zOdm%2FZnJH7q0nqYrUDp1c3PWUpvLC3bfkdm6sWLnqBnde4xNiMh7dkC5dpbFQcceRr68oIaRdNpZL8sOK25RsI3NbVzIbZ8nqxuvLK1FipXPKxCNQ9WD9L%2FCJu49%2BnD7Jp375BMqOYLMCUXZCZgVljsGTXbhkrt4ZAqvnOywpIc%2BKoa2y%2BaFWBFrOMWUF3H8wm8977hY6tgSa3kQcFejZAj1dgOoBXPbEME3syeX7X07qKzBdGjJtS%2FtMW%2F35JNrfz%2FN16rQsG6EfSr8qWdhm4RL1RTustxltB3KJNWiA1I35h99t%2FgsAAP%2F%2FAQAA%2F%2F8AmNINbwQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 schemevolcanosuspicions.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidvRgJQQOIJoLiRIFAQufd%2B%2FMdKSJCMLIwtkmC3NDM356Hm91ZZnZvz24wRKCUBxVQrd%2FZsRIsRERFAUJnmsgCKdcgFzE1NVIEFejOJx180u73vXlf8d6b%2BXQvOyM%2BMnq68bbZUVrTxUbFL7%2B0qWJhcldeu1EO%2FIp%2Fqbyp4mb9Urk%2F%2Bdneq4HfqPgvl9%2BUvGsWq37g%2B4EflJeVlaHpL05ZqOSoHVTafqVerQSNOvr2%2F9hlHhz1IHpn5BkoMX5s6%2F49KD5CHH17VbpuapJX3ogyTVNj0ROH78bd2OQxovkYWg9hfDjbhnFjQr4owcSHMwcwvf2JAzA1Jt5vAVh8OJMJ1js4V8o0ZAwmnkTeG0HqERQdgZubUOIBAbjA2jri6PaasTndPmfphB2ThUd%2FQuVjsvDwWcTRN1e06pevG52lysQO%2FbCA6o%2BgOiMk2THSHQ8qPwZPP4YSv5LFR6uIo%2F11pw2UKKbulRpBhSNoOQB1HrLJpzxkoYcs8RCJ0zJttEPfXwpZWKu16pzzWo3zRqspGqJWb4U%2BMj6RN0CaDMD1ANzuIrG76KoBbPYT3FYBJzy4dEy8d3bREwVySZA7gpwS5IogTwnyXnEgtKu64rbQLmPBrFdnvVYMTdrZowcm7ciY7CVn5OlpLv889xm68rRcb7JqUKsuUcpYlbV5s0nrfhDIZtBqyarkcKqAcqWp1R01Jhff%2Bx6JGpOF9b%2FB6DGcPgZXF0CzADQfLlV90K1hveVjJ76zZT7oqgo3EYQpkKQLSLe9PX1GLk5FvHDhISQ%2FuXz3%2BaPHgxf%2FALcFElvgffUzQUffGl4zOdm%2FZnJH7q0nqYrUDp1c3PWUpvLC3bfkdm6sWLnqBnde4xNiMh7dkC5dpbFQcceRr68oIaRdNpZL8sOK25RsI3NbVzIbZ8nqxuvLK1FipXPKxCNQ9WD9L%2FCJu49%2BnD7Jp375BMqOYLMCUXZCZgVljsGTXbhkrt4ZAqvnOywpIc%2BKoa2y%2BaFWBFrOMWUF3H8wm8977hY6tgSa3kQcFejZAj1dgOoBXPbEME3syeX7X07qKzBdGjJtS%2FtMW%2F35JNrfz%2FN16rQsG6EfSr8qWdhm4RL1RTustxltB3KJNWiA1I35h99t%2FgsAAP%2F%2FAQAA%2F%2F8AmNINbwQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRidvRgJQQOIJoLiRIFAQufd%2B%2FMdKSJCMLIwtkmC3NDM356Hm91ZZnZvz24wRKCUBxVQrd%2FZsRIsRERFAUJnmsgCKdcgFzE1NVIEFejOJx180u73vXlf8d6b%2BXQvOyM%2BMnq68bbZUVrTxUbFL7%2B0qWJhcldeu1EO%2FIp%2Fqbyp4mb9Urk%2F%2Bdneq4HfqPgvl9%2BUvGsWq37g%2B4EflJeVlaHpL05ZqOSoHVTafqVerQSNOvr2%2F9hlHhz1IHpn5BkoMX5s6%2F49KD5CHH17VbpuapJX3ogyTVNj0ROH78bd2OQxovkYWg9hfDjbhnFjQr4owcSHMwcwvf2JAzA1Jt5vAVh8OJMJ1js4V8o0ZAwmnkTeG0HqERQdgZubUOIBAbjA2jri6PaasTndPmfphB2ThUd%2FQuVjsvDwWcTRN1e06pevG52lysQO%2FbCA6o%2BgOiMk2THSHQ8qPwZPP4YSv5LFR6uIo%2F11pw2UKKbulRpBhSNoOQB1HrLJpzxkoYcs8RCJ0zJttEPfXwpZWKu16pzzWo3zRqspGqJWb4U%2BMj6RN0CaDMD1ANzuIrG76KoBbPYT3FYBJzy4dEy8d3bREwVySZA7gpwS5IogTwnyXnEgtKu64rbQLmPBrFdnvVYMTdrZowcm7ciY7CVn5OlpLv889xm68rRcb7JqUKsuUcpYlbV5s0nrfhDIZtBqyarkcKqAcqWp1R01Jhff%2Bx6JGpOF9b%2FB6DGcPgZXF0CzADQfLlV90K1hveVjJ76zZT7oqgo3EYQpkKQLSLe9PX1GLk5FvHDhISQ%2FuXz3%2BaPHgxf%2FALcFElvgffUzQUffGl4zOdm%2FZnJH7q0nqYrUDp1c3PWUpvLC3bfkdm6sWLnqBnde4xNiMh7dkC5dpbFQcceRr68oIaRdNpZL8sOK25RsI3NbVzIbZ8nqxuvLK1FipXPKxCNQ9WD9L%2FCJu49%2BnD7Jp375BMqOYLMCUXZCZgVljsGTXbhkrt4ZAqvnOywpIc%2BKoa2y%2BaFWBFrOMWUF3H8wm8977hY6tgSa3kQcFejZAj1dgOoBXPbEME3syeX7X07qKzBdGjJtS%2FtMW%2F35JNrfz%2FN16rQsG6EfSr8qWdhm4RL1RTustxltB3KJNWiA1I35h99t%2FgsAAP%2F%2FAQAA%2F%2F8AmNINbwQAAA%3D%3D HTTP/1.1
Host: schemevolcanosuspicions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229215,2229213]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 811d3ba9cea296b2a748823d29ca4804
Strict-Transport-Security: max-age=0; includeSubdomains
ifknittedhurtful.com/sbar.json?key=cc585f6c9356b37d414b25b86a1b7ad2&uuid=51f7befe-e1c6-4752-ad95-f9ded87f1ca4%3A1%3A1
192.243.59.13200 OK 3.2 kB URL HTTP/1.1 ifknittedhurtful.com/sbar.json?key=cc585f6c9356b37d414b25b86a1b7ad2&uuid=51f7befe-e1c6-4752-ad95-f9ded87f1ca4%3A1%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5784), with no line terminators
Hash 7f5042f6364b5d26b6a7630725b492cf
314c1345af7e7934c45481d1bcb08b3c6cad710c
86938f79d38b3ccd7a5a1e1ac8cb4cef7a17df652e628a5aeaf38b7213a71c2e
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=cc585f6c9356b37d414b25b86a1b7ad2&uuid=51f7befe-e1c6-4752-ad95-f9ded87f1ca4%3A1%3A1 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clementebutcheall.blogspot.com
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://clementebutcheall.blogspot.com
Access-Control-Allow-Origin: https://clementebutcheall.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16602886; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
uid_id2=51f7befe-e1c6-4752-ad95-f9ded87f1ca4:1:1; expires=Thu, 01 Dec 2022 18:09:27 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
uncs=1; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 25 Nov 2022 18:09:27 GMT; secure; SameSite=None
sleccc585f6c9356b37d414b25b86a1b7ad2=[3760946]; expires=Thu, 24 Nov 2022 18:09:32 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d36098cbe4715db7514de6d94fe41c78
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
schemevolcanosuspicions.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
192.243.59.13200 OK 29 kB URL HTTP/1.1 schemevolcanosuspicions.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 831bb7559506deff248de1bdd077b10e
101672caaa92fd2701b5e54a939ae298a3bbb822
5985e82e2491b80467600a7b33d43101f7d8b805b3b0c5a2d512a135977d0e62
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /65/aa/28/65aa283021630dfd9030555c4c61a78c.js HTTP/1.1
Host: schemevolcanosuspicions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229215,2229213]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5d41c75e1f1c8f29e1505c5a18fe9629
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
45.133.44.10200 OK 144 kB URL HTTP/2 cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 144 kB (144379 bytes)
Hash 33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:28 GMT
content-type: image/png
content-length: 144379
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sat, 26 Nov 2022 18:09:28 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ifknittedhurtful.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTtYc9KR4yUEZQcGAO9s9Mz0%2F5hBNYiSYZJckspdc6q9ny6nuaqu6p2f34mpAAgqOiOCx95vdLNEgBk8eRJnNRRaEjAfZg3v2KIhBD4LM7MDig6r3Xn3v8H1fvQ%2B38kPiI6cHK1fNhtKaLoVVv%2FLyqkqEKVzl2s1K4Ff9s5VVlTQbZyuD6WX7rwZ%2BWPXPVN6UvGeWan7g%2B4EfVC4pKyMzWJqhUOn9TlDt%2BNVGrRqEDQzs%2F3uXe3DUg%2BgfkmegxOSJtZ8eQPExkvibi9L1MpO%2B8kaca5oZi77YfTvpJaZIEB%2BXkfUQJbvzaRg3IeSLEzDJ7lwBTH97qgBMTYj3awCW7M5pgvV3jpgyDZmAiadQ9MeQegxFx%2BDmNpR4RAAucG0ZSXz3mrEFXT9C6RSdkIXHf0IVE7Lw27NI4q%2FPazWo3DA6z5RJHAZRCTUYQ3XHSPM9ZBseVLEHnn0AJX4mS4%2BvIIm3l502UOLgxTCIWkxGclEGvLnYaIW1RSo64WLUEVK0W1HAaWNmkVJjqGgMLYegzkM%2BPcpDHnnIUw%2BxOKjQsBP5fitiUb3ebnDO63XOw3ZThKLeaEc%2Bcj7VMESWDsH1ENxuIrWb6KkhbP4j3FoJJzy4jKAvShSSoHAEBSUoFEGRERT9ckdoV3PlXaFdzoJ5rs1zvRyZrLtFd0zWlQnZSg%2FJ0zPj%2Fl09hZ48qEwphVGTd%2Bphk9VbohE0WC1k7SYNWIuKGpwqodyJmcwNNSGnb32HVE3IwvI%2FYHQPTu%2BBq5Og%2BXOgxahV80HXRo22j43k3pp5t6eq3MQQpkSaLSBb97b0ITk9I9HhNUi%2B%2F9oLv%2F81%2FuTWGXBbIrUl3lEPCbr6zui6Kcj2dVM48mA5zVSsNuj0Z29kNJMLX74l1wtjxeWLbnjvdT4FpuX9m9JlV2giVNJ15KvzSghpLxnLJfn%2BsluVbCV3a%2Bdzm%2BTplZULly7HqZXOKZOMQdWj1mfgakKevLo529nnP34IZceweYk43yfzgDJ74OkmXLp%2F7u%2BPLnz%2B%2FqmX4AyB1cczLPVQ5OXI1tjxo1YEWh73lJVw8tgCJvd%2F%2BOMI23J30LUeaHYbSVyib0v0dQmqh3D5yVGW2v1zv9RnAaa9EdPW22ba6k%2BPrHXqoCLDyI%2BkX5Ms6rCoRX3RiRodRjuBbLGQBsjchL%2F37ep%2FAAAA%2F%2F8BAAD%2F%2FyztEu6LBAAA
192.243.59.13200 OK 7 B URL HTTP/1.1 ifknittedhurtful.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTtYc9KR4yUEZQcGAO9s9Mz0%2F5hBNYiSYZJckspdc6q9ny6nuaqu6p2f34mpAAgqOiOCx95vdLNEgBk8eRJnNRRaEjAfZg3v2KIhBD4LM7MDig6r3Xn3v8H1fvQ%2B38kPiI6cHK1fNhtKaLoVVv%2FLyqkqEKVzl2s1K4Ff9s5VVlTQbZyuD6WX7rwZ%2BWPXPVN6UvGeWan7g%2B4EfVC4pKyMzWJqhUOn9TlDt%2BNVGrRqEDQzs%2F3uXe3DUg%2BgfkmegxOSJtZ8eQPExkvibi9L1MpO%2B8kaca5oZi77YfTvpJaZIEB%2BXkfUQJbvzaRg3IeSLEzDJ7lwBTH97qgBMTYj3awCW7M5pgvV3jpgyDZmAiadQ9MeQegxFx%2BDmNpR4RAAucG0ZSXz3mrEFXT9C6RSdkIXHf0IVE7Lw27NI4q%2FPazWo3DA6z5RJHAZRCTUYQ3XHSPM9ZBseVLEHnn0AJX4mS4%2BvIIm3l502UOLgxTCIWkxGclEGvLnYaIW1RSo64WLUEVK0W1HAaWNmkVJjqGgMLYegzkM%2BPcpDHnnIUw%2BxOKjQsBP5fitiUb3ebnDO63XOw3ZThKLeaEc%2Bcj7VMESWDsH1ENxuIrWb6KkhbP4j3FoJJzy4jKAvShSSoHAEBSUoFEGRERT9ckdoV3PlXaFdzoJ5rs1zvRyZrLtFd0zWlQnZSg%2FJ0zPj%2Fl09hZ48qEwphVGTd%2Bphk9VbohE0WC1k7SYNWIuKGpwqodyJmcwNNSGnb32HVE3IwvI%2FYHQPTu%2BBq5Og%2BXOgxahV80HXRo22j43k3pp5t6eq3MQQpkSaLSBb97b0ITk9I9HhNUi%2B%2F9oLv%2F81%2FuTWGXBbIrUl3lEPCbr6zui6Kcj2dVM48mA5zVSsNuj0Z29kNJMLX74l1wtjxeWLbnjvdT4FpuX9m9JlV2giVNJ15KvzSghpLxnLJfn%2BsluVbCV3a%2Bdzm%2BTplZULly7HqZXOKZOMQdWj1mfgakKevLo529nnP34IZceweYk43yfzgDJ74OkmXLp%2F7u%2BPLnz%2B%2FqmX4AyB1cczLPVQ5OXI1tjxo1YEWh73lJVw8tgCJvd%2F%2BOMI23J30LUeaHYbSVyib0v0dQmqh3D5yVGW2v1zv9RnAaa9EdPW22ba6k%2BPrHXqoCLDyI%2BkX5Ms6rCoRX3RiRodRjuBbLGQBsjchL%2F37ep%2FAAAA%2F%2F8BAAD%2F%2FyztEu6LBAAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTtYc9KR4yUEZQcGAO9s9Mz0%2F5hBNYiSYZJckspdc6q9ny6nuaqu6p2f34mpAAgqOiOCx95vdLNEgBk8eRJnNRRaEjAfZg3v2KIhBD4LM7MDig6r3Xn3v8H1fvQ%2B38kPiI6cHK1fNhtKaLoVVv%2FLyqkqEKVzl2s1K4Ff9s5VVlTQbZyuD6WX7rwZ%2BWPXPVN6UvGeWan7g%2B4EfVC4pKyMzWJqhUOn9TlDt%2BNVGrRqEDQzs%2F3uXe3DUg%2BgfkmegxOSJtZ8eQPExkvibi9L1MpO%2B8kaca5oZi77YfTvpJaZIEB%2BXkfUQJbvzaRg3IeSLEzDJ7lwBTH97qgBMTYj3awCW7M5pgvV3jpgyDZmAiadQ9MeQegxFx%2BDmNpR4RAAucG0ZSXz3mrEFXT9C6RSdkIXHf0IVE7Lw27NI4q%2FPazWo3DA6z5RJHAZRCTUYQ3XHSPM9ZBseVLEHnn0AJX4mS4%2BvIIm3l502UOLgxTCIWkxGclEGvLnYaIW1RSo64WLUEVK0W1HAaWNmkVJjqGgMLYegzkM%2BPcpDHnnIUw%2BxOKjQsBP5fitiUb3ebnDO63XOw3ZThKLeaEc%2Bcj7VMESWDsH1ENxuIrWb6KkhbP4j3FoJJzy4jKAvShSSoHAEBSUoFEGRERT9ckdoV3PlXaFdzoJ5rs1zvRyZrLtFd0zWlQnZSg%2FJ0zPj%2Fl09hZ48qEwphVGTd%2Bphk9VbohE0WC1k7SYNWIuKGpwqodyJmcwNNSGnb32HVE3IwvI%2FYHQPTu%2BBq5Og%2BXOgxahV80HXRo22j43k3pp5t6eq3MQQpkSaLSBb97b0ITk9I9HhNUi%2B%2F9oLv%2F81%2FuTWGXBbIrUl3lEPCbr6zui6Kcj2dVM48mA5zVSsNuj0Z29kNJMLX74l1wtjxeWLbnjvdT4FpuX9m9JlV2giVNJ15KvzSghpLxnLJfn%2BsluVbCV3a%2Bdzm%2BTplZULly7HqZXOKZOMQdWj1mfgakKevLo529nnP34IZceweYk43yfzgDJ74OkmXLp%2F7u%2BPLnz%2B%2FqmX4AyB1cczLPVQ5OXI1tjxo1YEWh73lJVw8tgCJvd%2F%2BOMI23J30LUeaHYbSVyib0v0dQmqh3D5yVGW2v1zv9RnAaa9EdPW22ba6k%2BPrHXqoCLDyI%2BkX5Ms6rCoRX3RiRodRjuBbLGQBsjchL%2F37ep%2FAAAA%2F%2F8BAAD%2F%2FyztEu6LBAAA HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16602886; uid_id2=51f7befe-e1c6-4752-ad95-f9ded87f1ca4:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:28 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d0d1eef455c7c6fe3aa009ee590496c
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f46bbbaed40ddd7d66dc07a510d128e6
63f0c610a767c70c337b06cfaa01a7a152249196
9d1088838a00c0d99333fb0e41c67616e11f6df0169d4337a38ac3384e66aca4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D1088838A00C0D99333FB0E41C67616E11F6DF0169D4337A38AC3384E66ACA4"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9460
Expires: Thu, 24 Nov 2022 20:47:08 GMT
Date: Thu, 24 Nov 2022 18:09:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47321a660cc180721ed78d92dcee934a
8b35d23b1bc8a79a7163e9a8ad5d3abc4faecf5c
ce1778ba0bccf8d4a25ff3d86a7d4b416b754c1d53bdd3e1466ea42e207342bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE1778BA0BCCF8D4A25FF3D86A7D4B416B754C1D53BDD3E1466EA42E207342BB"
Last-Modified: Thu, 24 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10161
Expires: Thu, 24 Nov 2022 20:58:49 GMT
Date: Thu, 24 Nov 2022 18:09:28 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0eae74238d1c9828cd086271241b5e66
4cdd2c9e819b5c71d1d3e4836063a7a9f89ccf15
4884107002b9840725b58cd3ff13215471bdcd8c2a1029c3eeadd16abe4d91d2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "4884107002B9840725B58CD3FF13215471BDCD8C2A1029C3EEADD16ABE4D91D2"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9951
Expires: Thu, 24 Nov 2022 20:55:19 GMT
Date: Thu, 24 Nov 2022 18:09:28 GMT
Connection: keep-alive
ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=391
192.243.59.13200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=391
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=391 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16602886; uid_id2=51f7befe-e1c6-4752-ad95-f9ded87f1ca4:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png
172.64.109.13200 OK 9.4 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png
IP 172.64.109.13:0
File type PNG image data, 240 x 240, 8-bit colormap, non-interlaced\012- data
Hash 910542c04f8bf2f90ee33d17d538a006
18d5943e5d51539038f7988c34bccef2937c5545
5969cb3c5c4f573f5c05035ddf9748ee17d5c71df6fca4e484f65d30e2694e57
GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:28 GMT
content-type: image/png
content-length: 9360
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: "612f708f-2490"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 792918
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XDhLGF2PLkcYv1HCn0x3hUDGv0ZdSJ%2Fkf3ADqRaYd2PppO%2FiUuHBMXC6WtzVaoggRWElMr7mYhsDG5ph38olrfXmXReyxy0BcZjQJWGrcK8qUdaV%2BWXIoUjNWNiSOnDC6mYkQ0N60X5X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f41889dc04d17c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0eae74238d1c9828cd086271241b5e66
4cdd2c9e819b5c71d1d3e4836063a7a9f89ccf15
4884107002b9840725b58cd3ff13215471bdcd8c2a1029c3eeadd16abe4d91d2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "4884107002B9840725B58CD3FF13215471BDCD8C2A1029C3EEADD16ABE4D91D2"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9951
Expires: Thu, 24 Nov 2022 20:55:19 GMT
Date: Thu, 24 Nov 2022 18:09:28 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Nov 2022 18:09:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
moleconcern.com/pixel/purst?dl=0&th=0&sc=0&rs=3850&rd=3850&fd=483&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 moleconcern.com/pixel/purst?dl=0&th=0&sc=0&rs=3850&rd=3850&fd=483&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3850&rd=3850&fd=483&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 24 Nov 2022 18:09:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html
45.133.44.3200 OK 5.8 kB URL HTTP/2 cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash ac692a549e44f845d0020759a83745e4
c4f7c53fd3850837b58559675c56399027de3304
8b037e28431009351363266015451c7ce36db48cd981e4bff90a7b59cffa00a7
Analyzer Verdict Alert fortinet Phishing
GET /sb/interstitial/software/flashPlayer/mac/multi/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clementebutcheall.blogspot.com
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:28 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 01 Sep 2021 12:22:33 GMT
etag: W/"612f7089-cfb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 24 Nov 2022 19:09:28 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=347
192.243.59.13200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=347
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=347 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16602886; uid_id2=51f7befe-e1c6-4752-ad95-f9ded87f1ca4:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
friendshipmale.com/sfp.js
104.21.234.92200 OK 38 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 104.21.234.92:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash e29c714dae23a6348c58a75bee0900c9
e3ae11a17093aef7594c239ea5486f2b657ce0b7
0d6bd3abbb75ee22cd4506496ea8f11cda87957b1f98ba0134cd108da07350a3
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:26 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: e05e472c035283b3a600bfeca1e8049d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 24 Nov 2022 18:09:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDXyzlWmZvXiULIVO9hY0wuOWL84HKoe8DL04uzdlLel%2B%2FYzfdcjvUhGy6u5aQTGBhS9CB4m71O4nYO8oY0UErGIdkyxz7U1wGbBT7C13thjU8%2Fcx4sycZFiITZ%2BlKUSpPzdXvs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f4187db82571a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65f96a268c71dd2240b791911c212326
1c35b60c96efc632a131cb94748ee415a879f3b2
eecc5be54045ae30a37b00d7b96102d40dacc0e1c761a6432425673e04761c3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EECC5BE54045AE30A37B00D7B96102D40DACC0E1C761A6432425673E04761C3A"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11863
Expires: Thu, 24 Nov 2022 21:27:12 GMT
Date: Thu, 24 Nov 2022 18:09:29 GMT
Connection: keep-alive
ifknittedhurtful.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 ifknittedhurtful.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16602886; uid_id2=51f7befe-e1c6-4752-ad95-f9ded87f1ca4:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ifknittedhurtful.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTtYc9KR4yUEZQcGAO9vd0z0%2F5hBNYiSYZJckspdcqquqZ8up7mqruqdn9%2BJqQAIKjojgsfeb3SzRIAZPHkSZzUUWhIwH2YN79iiIQQ%2BCzOzA4oOq91597%2FB9X70Pt4pD4qKgBytX9YZUii6Fdbf28qpMuS5t7drNmufW3bO1VZk2g7O1wfQy%2FVc9N6y7Z2pvCtbTS77rua7nerVL0ohYD5ZmKGR2v%2BPVO2498OteGGBg%2Ft%2FbwoGlDnj%2FkDwDySdPrP30AJKNkSbfXBS2l%2BvslTeSQtFcG%2FT57ttpL9VliuS4jI2DON2dT0PbCSFfnIBOd%2BcKoPvbUwWI5IQ4v3qI0t05TUT9nSOmkYJIEfGnUPbHEGoMScdg%2BjYkf0QAxnFtGWly95o2JV0%2FQukUnZCFx39ClhOy8NuzSJOvzys5qN3QqsilTi0GcQU5GEN2x8iKPeQbDmS5B5Z%2FAMl%2FJkuPryBNtpet0pD84MXQi1uRiMWi8FhzMWiF%2FiLlnXAx7nDB263YYzSYWSTlGDIeQ4khqHVQTI90UMQOisxBwg9qNOzErtuKo7jRaAeMsUaDsbDd5CFvBO3YRcGmGobIsyGYGoKZTWRmEz05hCl%2BhF2rYLkDmxP0eYVSEJSWoKQEpSQoc4KyX%2B1wZX1b3eXKFpE3z%2F48N6qRzrtbdEfnXZGSreyQPD0z7t%2FVU%2BiJg9qUUhg3WacRNqNGiwdeEPlh1G5SL2pR7sPKCtKemMnckBNy%2BtZ3yOSELCz%2Fg4juwao9MHkStHgOtBy1fBd0bRS0XWyk99b0uz1ZZzoB1xWyfAH5urOlDsnpGYkO8yHY%2Fmsv%2FP7X%2BJNbZ8BMhcxUeEc%2BJOiqO6PruiTb13VpyYPlLJeJ3KDTn72R01wsfPmWWC%2B14Zcv2uG919kUmJb3bwqbX6Epl2nXkq%2FOS86FuaQNE%2BT7y3ZVRCuFXTtfmLTIrqxcuHQ5yYywVup0DCoftT4DkxPy5NXN2c4%2B%2F%2FFDSDOGKSokxT6ZB6TeA8s2YbP9c39%2FdOHz90%2B9BKsJjDqeiTIHZVGNjB8dPypJoMRxT6MKVhxbEIn9H%2F44wrbsHXSNA5rfRppU6JsKfVWBqiFscXKUZ2b%2F3C%2BNWSBSzihSxtmOlFGfHllr5UEt9ALRjtotxnkkGPdafqPdcF2f86DVEV4HuZ2w975d%2FQ8AAP%2F%2FAQAA%2F%2F845ZwIiwQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 ifknittedhurtful.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTtYc9KR4yUEZQcGAO9vd0z0%2F5hBNYiSYZJckspdcqquqZ8up7mqruqdn9%2BJqQAIKjojgsfeb3SzRIAZPHkSZzUUWhIwH2YN79iiIQQ%2BCzOzA4oOq91597%2FB9X70Pt4pD4qKgBytX9YZUii6Fdbf28qpMuS5t7drNmufW3bO1VZk2g7O1wfQy%2FVc9N6y7Z2pvCtbTS77rua7nerVL0ohYD5ZmKGR2v%2BPVO2498OteGGBg%2Ft%2FbwoGlDnj%2FkDwDySdPrP30AJKNkSbfXBS2l%2BvslTeSQtFcG%2FT57ttpL9VliuS4jI2DON2dT0PbCSFfnIBOd%2BcKoPvbUwWI5IQ4v3qI0t05TUT9nSOmkYJIEfGnUPbHEGoMScdg%2BjYkf0QAxnFtGWly95o2JV0%2FQukUnZCFx39ClhOy8NuzSJOvzys5qN3QqsilTi0GcQU5GEN2x8iKPeQbDmS5B5Z%2FAMl%2FJkuPryBNtpet0pD84MXQi1uRiMWi8FhzMWiF%2FiLlnXAx7nDB263YYzSYWSTlGDIeQ4khqHVQTI90UMQOisxBwg9qNOzErtuKo7jRaAeMsUaDsbDd5CFvBO3YRcGmGobIsyGYGoKZTWRmEz05hCl%2BhF2rYLkDmxP0eYVSEJSWoKQEpSQoc4KyX%2B1wZX1b3eXKFpE3z%2F48N6qRzrtbdEfnXZGSreyQPD0z7t%2FVU%2BiJg9qUUhg3WacRNqNGiwdeEPlh1G5SL2pR7sPKCtKemMnckBNy%2BtZ3yOSELCz%2Fg4juwao9MHkStHgOtBy1fBd0bRS0XWyk99b0uz1ZZzoB1xWyfAH5urOlDsnpGYkO8yHY%2Fmsv%2FP7X%2BJNbZ8BMhcxUeEc%2BJOiqO6PruiTb13VpyYPlLJeJ3KDTn72R01wsfPmWWC%2B14Zcv2uG919kUmJb3bwqbX6Epl2nXkq%2FOS86FuaQNE%2BT7y3ZVRCuFXTtfmLTIrqxcuHQ5yYywVup0DCoftT4DkxPy5NXN2c4%2B%2F%2FFDSDOGKSokxT6ZB6TeA8s2YbP9c39%2FdOHz90%2B9BKsJjDqeiTIHZVGNjB8dPypJoMRxT6MKVhxbEIn9H%2F44wrbsHXSNA5rfRppU6JsKfVWBqiFscXKUZ2b%2F3C%2BNWSBSzihSxtmOlFGfHllr5UEt9ALRjtotxnkkGPdafqPdcF2f86DVEV4HuZ2w975d%2FQ8AAP%2F%2FAQAA%2F%2F845ZwIiwQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSuTtYc9KR4yUEZQcGAO9vd0z0%2F5hBNYiSYZJckspdcqquqZ8up7mqruqdn9%2BJqQAIKjojgsfeb3SzRIAZPHkSZzUUWhIwH2YN79iiIQQ%2BCzOzA4oOq91597%2FB9X70Pt4pD4qKgBytX9YZUii6Fdbf28qpMuS5t7drNmufW3bO1VZk2g7O1wfQy%2FVc9N6y7Z2pvCtbTS77rua7nerVL0ohYD5ZmKGR2v%2BPVO2498OteGGBg%2Ft%2FbwoGlDnj%2FkDwDySdPrP30AJKNkSbfXBS2l%2BvslTeSQtFcG%2FT57ttpL9VliuS4jI2DON2dT0PbCSFfnIBOd%2BcKoPvbUwWI5IQ4v3qI0t05TUT9nSOmkYJIEfGnUPbHEGoMScdg%2BjYkf0QAxnFtGWly95o2JV0%2FQukUnZCFx39ClhOy8NuzSJOvzys5qN3QqsilTi0GcQU5GEN2x8iKPeQbDmS5B5Z%2FAMl%2FJkuPryBNtpet0pD84MXQi1uRiMWi8FhzMWiF%2FiLlnXAx7nDB263YYzSYWSTlGDIeQ4khqHVQTI90UMQOisxBwg9qNOzErtuKo7jRaAeMsUaDsbDd5CFvBO3YRcGmGobIsyGYGoKZTWRmEz05hCl%2BhF2rYLkDmxP0eYVSEJSWoKQEpSQoc4KyX%2B1wZX1b3eXKFpE3z%2F48N6qRzrtbdEfnXZGSreyQPD0z7t%2FVU%2BiJg9qUUhg3WacRNqNGiwdeEPlh1G5SL2pR7sPKCtKemMnckBNy%2BtZ3yOSELCz%2Fg4juwao9MHkStHgOtBy1fBd0bRS0XWyk99b0uz1ZZzoB1xWyfAH5urOlDsnpGYkO8yHY%2Fmsv%2FP7X%2BJNbZ8BMhcxUeEc%2BJOiqO6PruiTb13VpyYPlLJeJ3KDTn72R01wsfPmWWC%2B14Zcv2uG919kUmJb3bwqbX6Epl2nXkq%2FOS86FuaQNE%2BT7y3ZVRCuFXTtfmLTIrqxcuHQ5yYywVup0DCoftT4DkxPy5NXN2c4%2B%2F%2FFDSDOGKSokxT6ZB6TeA8s2YbP9c39%2FdOHz90%2B9BKsJjDqeiTIHZVGNjB8dPypJoMRxT6MKVhxbEIn9H%2F44wrbsHXSNA5rfRppU6JsKfVWBqiFscXKUZ2b%2F3C%2BNWSBSzihSxtmOlFGfHllr5UEt9ALRjtotxnkkGPdafqPdcF2f86DVEV4HuZ2w975d%2FQ8AAP%2F%2FAQAA%2F%2F845ZwIiwQAAA%3D%3D HTTP/1.1
Host: ifknittedhurtful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Cookie: u_pl=16602886; uid_id2=51f7befe-e1c6-4752-ad95-f9ded87f1ca4:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 24 Nov 2022 18:09:29 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 152fe35fbb73b7fcae55eec7ea91f0f2
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js
172.64.109.13200 OK 31 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js
IP 172.64.109.13:0
File type ASCII text, with very long lines (32025), with CRLF line terminators
Hash 7d89487ff6bf2306aacf1da86c371fe5
26fa838d5078893eaffbdc22977ed41b1229f395
fab4db48f940250cb95e5b7984de785058ccc7ce9e69867573e1f608ab2c52a4
GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:28 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 12:22:37 GMT
etag: W/"612f708d-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 792918
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BTabJuTA%2BXLibNQqTHy27JnOBZ%2Fe2Go3h5VTL3debRncIl21l2O%2B%2Bg5Zwjoq2ahn1gCbaFobhZAzT3r%2FxV5SE1MwT9nGcDfquQnn9z5UB0Dzxjk9Zua%2FX%2FUcVLbf0kXqRfInkceA8d%2FN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f41889dc06d17c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cc585f6c9356b37d414b25b86a1b7ad2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cc585f6c9356b37d414b25b86a1b7ad2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=0b86a2cc-730e-4d17-bb91-a90fae6c29bd&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=cc585f6c9356b37d414b25b86a1b7ad2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 24 Nov 2022 18:09:29 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d0c06c117182cd11ef1fac1c01b22e90
Strict-Transport-Security: max-age=0; includeSubdomains
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Nov 2022 18:09:28 GMT
date: Thu, 24 Nov 2022 18:09:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css
IP 172.64.109.13:0
GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clementebutcheall.blogspot.com
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:28 GMT
content-type: text/css
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-11aa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZNinWcDCvA6qdQaMn4oHf0Atw3NYagdgqtFHjkc8AcF3eaCMvqNnLqPoq1LLACFNpvGBFB8SF0duOegVckk%2FxCkpgnaijmr7qj2rwBSF9BZ6jE4LEX5lCz4R9yfN%2BsnTLEmKzQYBtLB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f41889abbbd17c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.blogger.com/comment/frame/4216445858628812882?po=808909024606914144&hl=en&skin=contempo&blogspotRpcToken=2097999
142.250.74.105200 OK 0 B URL HTTP/2 www.blogger.com/comment/frame/4216445858628812882?po=808909024606914144&hl=en&skin=contempo&blogspotRpcToken=2097999
IP 142.250.74.105:0
GET /comment/frame/4216445858628812882?po=808909024606914144&hl=en&skin=contempo&blogspotRpcToken=2097999 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://clementebutcheall.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 24 Nov 2022 18:09:25 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: require-trusted-types-for 'script';report-uri /_/BloggerCommentUi/cspreport, script-src 'nonce-9HxSV7KSIYb4S1i9m5Vh1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/BloggerCommentUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/BloggerCommentUi/cspreport/allowlist
cross-origin-resource-policy: same-site
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=lwohdM--pXasbb3qADrxXfjqSyDMdJWvt3A0L7BDTpSAn3npFvOt2u3_XC6rLxdRH1uwALopj6xhp57V0I_LyQw7HZXFJDZXu9pPj5Tb4MpTL6kAieoVLegjmio1EkCfGa8puA7uyJPdzSDBpXZaPefaegMuaywM-Gk4zMQ8_Gw; expires=Fri, 26-May-2023 18:09:25 GMT; path=/; domain=.blogger.com; Secure; HttpOnly
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg
IP 172.64.109.13:0
GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Nov 2022 18:09:28 GMT
content-type: image/svg+xml
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: W/"612f708f-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 792918
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BeXaQgoDBLJhBkIUdxPmFnHUFayWwrrnBsledvuxrSBoMdlKUe1R523LgtVX00E5z%2FqQINBe1WgIzbk2IHXtE0CXK2H%2BxW4Lr9KzgRnw8igkAjfXhhQu05zVJe%2FDQgJgLmfsfIRnywjJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f41889cbfed17c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2