tmearn.com/ZFLuugfn
172.67.137.133301 Moved Permanently 0 B IP 172.67.137.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZFLuugfn HTTP/1.1
Host: tmearn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Dec 2022 13:38:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 07 Dec 2022 14:38:36 GMT
Location: https://tmearn.com/ZFLuugfn
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dG2ksy3ag%2BoaeGBY71tWGa1W%2FqDsrBKJewBMt6ja98Am5PDvrLn67jvRwifY5t5HdaKDJuGtAEGbEsjLisirMlEWChfCjuRUaE0U3A%2FJw66Q8iu804PnFYgDB8Ak"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775da9a3dddcb506-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2226
Expires: Wed, 07 Dec 2022 14:15:42 GMT
Date: Wed, 07 Dec 2022 13:38:36 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash aaee4cb7873d6f1effbadf269482e100
bd55730ac8414fb6861b03c2a97319b4063e2cb9
d724fd9c5704fb8948d575357cad0032e89cf275d57ddb86f013fa97e033487c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4595
Cache-Control: max-age=166154
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:36 GMT
Etag: "63906b73-1d7"
Expires: Fri, 09 Dec 2022 11:47:50 GMT
Last-Modified: Wed, 07 Dec 2022 10:31:15 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11666
Expires: Wed, 07 Dec 2022 16:53:02 GMT
Date: Wed, 07 Dec 2022 13:38:36 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash aaee4cb7873d6f1effbadf269482e100
bd55730ac8414fb6861b03c2a97319b4063e2cb9
d724fd9c5704fb8948d575357cad0032e89cf275d57ddb86f013fa97e033487c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4595
Cache-Control: max-age=166154
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:36 GMT
Etag: "63906b73-1d7"
Expires: Fri, 09 Dec 2022 11:47:50 GMT
Last-Modified: Wed, 07 Dec 2022 10:31:15 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZAnQP6GlVMV0YxBfd2P6y2+AKsmLe0kMiM6IpZjy2WMrwZwLnApAAzqz4yBL4H939HNMFj0u9Ac=
x-amz-request-id: NN7Z4FR5MPKQJ5H1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 12:49:22 GMT
age: 2955
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1c4c4f3f486c4dfcb25cac64d7eb2fa9
7f50d59364b592cceeb13409bafbf1fd3b3bd62e
a9352270dfd4c6d1f7abb190da716ab89e7c86c69e725ddba17feddb0b0a2e37
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5334
Cache-Control: max-age=129427
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:37 GMT
Etag: "638fd91a-116"
Expires: Fri, 09 Dec 2022 01:35:44 GMT
Last-Modified: Wed, 07 Dec 2022 00:06:50 GMT
Server: ECS (amb/6B76)
X-Cache: HIT
Content-Length: 278
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 13:38:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1c4c4f3f486c4dfcb25cac64d7eb2fa9
7f50d59364b592cceeb13409bafbf1fd3b3bd62e
a9352270dfd4c6d1f7abb190da716ab89e7c86c69e725ddba17feddb0b0a2e37
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5335
Cache-Control: max-age=129427
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:37 GMT
Etag: "638fd91a-116"
Expires: Fri, 09 Dec 2022 01:35:44 GMT
Last-Modified: Wed, 07 Dec 2022 00:06:50 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cb9bae2142b3c18e8491e62ceeb60feb
84a7f45adb3a9258849105f308031665270958d5
43a4a674e61db17b08b54c0e1dce2adfec8091f45f92e46d3001afbb95c7734c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "43A4A674E61DB17B08B54C0E1DCE2ADFEC8091F45F92E46D3001AFBB95C7734C"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16954
Expires: Wed, 07 Dec 2022 18:21:11 GMT
Date: Wed, 07 Dec 2022 13:38:37 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cb9bae2142b3c18e8491e62ceeb60feb
84a7f45adb3a9258849105f308031665270958d5
43a4a674e61db17b08b54c0e1dce2adfec8091f45f92e46d3001afbb95c7734c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "43A4A674E61DB17B08B54C0E1DCE2ADFEC8091F45F92E46D3001AFBB95C7734C"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16954
Expires: Wed, 07 Dec 2022 18:21:11 GMT
Date: Wed, 07 Dec 2022 13:38:37 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4571
Cache-Control: max-age=161064
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:37 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:23:01 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.148.190.4101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.190.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UHpxvA3Z7r+qAaCs4fR3sg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CKWTsjOVEaydMwQLgZmJ/amqlV4=
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
code.jquery.com/jquery-1.12.0.min.js
69.16.175.42200 OK 34 kB URL HTTP/2 code.jquery.com/jquery-1.12.0.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32060)
Hash e0865bea5b028ce4d913dc4d6166c751
b2df1f4068ce3040ba56512e7fa7674db72f8fcb
0dbb35dfe27885f4ab7cb2f5f3b6894d0fe03f691e4612cec613bd6a74193337
GET /jquery-1.12.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:38 GMT
content-encoding: gzip
content-length: 33820
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-17c52"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670420318.dop069.sk1.t,1670420318.cds259.sk1.hn,1670420318.cds229.sk1.c
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=loadCaptcha&render=explicit
142.250.74.164200 OK 574 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=loadCaptcha&render=explicit
IP 142.250.74.164:0
File type ASCII text, with very long lines (906), with no line terminators
Hash 35ba813b923d084f7bd4ab6cb52ba5af
0403c455a4ff965460cbf20cafbcaeee90540385
567da270e8a1ff1779fa45dd7e2ef0910b790c2f72f790bc939d818d6d331390
GET /recaptcha/api.js?onload=loadCaptcha&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 07 Dec 2022 13:38:38 GMT
date: Wed, 07 Dec 2022 13:38:38 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 574
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js
142.250.74.164200 OK 553 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 1309ff133720d219cc98090d66a051ed
b96fc5a893e42be16d687d7abdecdb13d348a019
358683c66634ea5ee3021c93111d8621d583880bcbbfadf3ec2ff87a15ea1038
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 07 Dec 2022 13:38:38 GMT
date: Wed, 07 Dec 2022 13:38:38 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-233612758-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-233612758-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash ba151b2849500d4cca5cd69ef1b872d1
af42900d4035badd90ef85b7613eb71541f676fc
8d6b2c4219795482a225c7672c9f5f72977e6210309c6b224c65b9ca7e22f236
GET /gtag/js?id=UA-233612758-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Dec 2022 13:38:38 GMT
expires: Wed, 07 Dec 2022 13:38:38 GMT
cache-control: private, max-age=900
last-modified: Wed, 07 Dec 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43633
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 2.0 kB IP 216.58.211.3:0
Hash f4696d61858740f96a82484dd31938bc
d175e9a3af6069f76d62a61700969998a9d0956b
24850612f03c49631a6a85c98c8a8819c020f7f98261b4b84d94b9c24d09968a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 1.5 kB IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6f97c38524e3dfd540444702c3595915
2238892aa70408ad4a822ed5971de92f3f2e2f91
908bc2f7bdae3495f4c31f40b27cbec3f375c43f116b5c097c8591ff8543d21a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4D5E1500B54FA09B00A07435C754BAC8137A4FCA7918EA80B84788E9A7130D6B"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9426
Expires: Wed, 07 Dec 2022 16:15:44 GMT
Date: Wed, 07 Dec 2022 13:38:38 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 4.5 kB IP 93.184.220.29:0
Hash 121dd0b33937bffe0d0429b14c277b64
55acf5b50cbe0ae42b787c6d4f7d166bae51ea16
9e6a04778b71f285fa8444ed519703b1c63e6c8184efe95b0b6b725239002970
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5115
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Last-Modified: Wed, 07 Dec 2022 12:13:23 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash d849319aade45a304f6a216658137a97
568ee01755500f858059e5461e47886be192da6d
30ec4042109dff9fd2541bca1fd9143d373a1874d7200b71fd501a16cd8c6653
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4642
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Etag: "638fa675-116"
Last-Modified: Wed, 07 Dec 2022 12:21:17 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 582 B IP 216.58.211.3:0
Hash 04018ac6adacbb5e70d3524833ad0535
d7a84b1cc52570afb9b1de7bbaf930c9528c04d4
8989db8b3490e612d54181714d360829ba9023c0fc89c3b6b9f3ba79ca5537f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
216.58.207.227200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 21224, version 1.0\012- data
Hash 13bdfb843f942ccd9f485eb6c0bc1934
2bad44362ff7569f24f2a3df2521b27a97ec1297
7a291479495fbb281655d5e870c6d118dc6b7ed18e8c235aef5974c1e9de4e6c
GET /s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21224
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 22:28:44 GMT
expires: Wed, 06 Dec 2023 22:28:44 GMT
cache-control: public, max-age=31536000
age: 54594
last-modified: Tue, 19 Apr 2022 18:04:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 33 kB IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 797b31dd11385bfc0cb924d4b151fc75
6452fe6383988b9dc5c53384876baeaedfbe10f4
828865650a16bd63c34b3b38693bff86ec2de2ae9468ee8ef2dddb163082fd10
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E0093279777FB3805551A44B8E1F2F1194D1F2BAE297DFB7DC7E3E23E990E96E"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1124
Expires: Wed, 07 Dec 2022 13:57:22 GMT
Date: Wed, 07 Dec 2022 13:38:38 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash d849319aade45a304f6a216658137a97
568ee01755500f858059e5461e47886be192da6d
30ec4042109dff9fd2541bca1fd9143d373a1874d7200b71fd501a16cd8c6653
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5115
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:38 GMT
Last-Modified: Wed, 07 Dec 2022 12:13:23 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
roucoutaivers.com/1clkn/28562
23.109.87.190200 OK 26 B URL HTTP/1.1 roucoutaivers.com/1clkn/28562
IP 23.109.87.190:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
Analyzer Verdict Alert quad9 Sinkholed
GET /1clkn/28562 HTTP/1.1
Host: roucoutaivers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 13:38:38 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Thu, 08-Dec-2022 13:38:38 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Thu, 08-Dec-2022 13:38:38 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d20d9069fb18ae417bcd33e6628c08d6
c780979ac8191594febdbd9c089077f838750e72
3bbbe2cfe333448e14c992c237c5a57cb7205fc0472596c7a640198997a16e1e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3BBBE2CFE333448E14C992C237C5A57CB7205FC0472596C7A640198997A16E1E"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5856
Expires: Wed, 07 Dec 2022 15:16:14 GMT
Date: Wed, 07 Dec 2022 13:38:38 GMT
Connection: keep-alive
plungebriefinggladly.com/7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js
173.233.139.164200 OK 21 kB URL HTTP/1.1 plungebriefinggladly.com/7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js
IP 173.233.139.164:0
File type HTML document, ASCII text, with very long lines (60173), with no line terminators
Hash 7c66269fcadccdfd33772f08f1c16ac5
891d88d6306b89e419c6375e9c2039762d4f33ce
7186cadc40ac6f059d2dd8e3b6ed6597a358e7f0debdff6e4dca9da323984203
GET /7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js HTTP/1.1
Host: plungebriefinggladly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ab3f3ebc16de7e9e95cec2960616b523
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
172.67.70.145302 Found 389 B URL HTTP/2 fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
IP 172.67.70.145:0
Hash eb5457ac9a8abd174cbdc65ac845589c
6f84fb22f9ebb65b365c4e07f0dddee3e236b866
768f6e8d75b816060f54c34ef901bf7723bf07311b3279f6016c797072642c0e
GET /r/14f9494694a9078dc2f4ae3c92e41760/service.js HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/42a80543.js?npr=ed8796ad50f34ad69b409101dffdacdf
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hHuiM9koNI7AdKQg%2Bt5VmhwvadsF2VFXkJope3a6aIk5guylJPq7ABxH4QctX6r7M1R7nF7AIacGBG5QYlkpdSkoXp86QODV5ZhLl0M7r8quiHZW9GwRSqDKpcm%2BY%2B%2F8wXYYOsic"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9adeafe0b59-OSL
X-Firefox-Spdy: h2
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317795
172.67.70.145301 Moved Permanently 20 kB URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317795
IP 172.67.70.145:0
File type Web Open Font Format, CFF, length 19996, version 1.300\012- data
Hash 07db5c04835629ee7284a0481197443d
9f56f7e1b14b89828393aef3ff581a4a22320af0
e8c2e4d6ab0ad2f055a6cc3c777d31531e665758db5ca815f2613afad72f7088
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317795 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 07 Dec 2022 13:38:38 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Wed, 07 Dec 2022 14:38:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BaqSC%2BKXdpDrsmpiad%2FABkXA%2Bu9T16h4023Vc48KEJQfbQjFtoZu0VtlYJ2eVRHTAgXxrnQem%2FPBjN7ZnUzwuyGwerEt6FB4zBZHtCQutbf75iepLNwGFeCK7G7mJ8bZJedunJOy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9acfa1e0b59-OSL
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 975d829b6c1182baa9059ef46ba71c89
4cad25f5dc5997779e9bde153551bf7fa3481938
5a23467d164713da6a0ba9cff3d114780c255f12696ad50c3efc214c8895ee64
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=89088
Date: Wed, 07 Dec 2022 13:38:38 GMT
Etag: "638f4418-1d7"
Expires: Thu, 08 Dec 2022 14:23:26 GMT
Last-Modified: Tue, 06 Dec 2022 13:31:04 GMT
Server: ECS (nyb/1D19)
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0oscWGT_b1C-4KiwFmAFflLDcfmRwSBpe51d9obMLRgcRZsEypQCQA==
Age: 3142
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash a64aa357b0f58ff47ed674824653249d
6895499488666cad08f5704ecdd4b66c932c04ec
19b82e5d9f8b288ef8941b827536306f9498fe81e7e0031f60bd5c502fe35256
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://blogmado.com
access-control-allow-credentials: true
set-cookie: uid_id2=889392be-3145-46a9-8013-16adfcbe8a70:1:1; expires=Sat, 04 Dec 2032 13:38:38 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317749
172.67.70.145301 Moved Permanently 503 B URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317749
IP 172.67.70.145:0
Hash 234992feaea450b12b7c1a10653fbb6d
43036124a1e86d1bd8098d6a646019199fc41945
1dd73a93b9e0b913117a4eaf160f3c0632329e9c1994145c916e23e1bfbd2439
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317749 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 07 Dec 2022 13:38:38 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Wed, 07 Dec 2022 14:38:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ullawSW5Wr5FUonfTUMzTkgXQA2Q6sSetIC987TWEKEk7wPpUVX2HgLixnK8jF2GPyfkLu4n2tKP62MN9VA3rP6hOrgvIWFQR4LHvdOY9%2FmJw6pkG1runfaJmrelv6LPpA7HXuM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9acda070b59-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 32 kB IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9d126bc033134c5d710182e868c3f937
744d23b45276f8693164cddbde2a3c4f35c6c1fd
b0bc60b30d4f163c9e4c6cae2e95999c54846172f767dba8686f85e01066b2f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DD73A93B9E0B913117A4EAF160F3C0632329E9C1994145C916E23E1BFBD2439"
Last-Modified: Tue, 06 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15817
Expires: Wed, 07 Dec 2022 18:02:15 GMT
Date: Wed, 07 Dec 2022 13:38:38 GMT
Connection: keep-alive
www.xadsmart.com/floating.js
185.76.9.24200 OK 31 kB URL HTTP/2 www.xadsmart.com/floating.js
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (55020)
Hash fbd3979eb43a0d73651ba711d2f2b588
8d3953fafd08249ebd152dc2d8213ef00e0a6b4a
e21dc309dad9b4ca2cf4080d8e06a6a2bcd0606a518cb373387a551a46752dda
GET /floating.js HTTP/1.1
Host: www.xadsmart.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.20:443"; ma=2592000; v="44,43,39"
expires: Mon, 12 Dec 2022 02:28:22 GMT
access-control-allow-origin: *
link: <https://xadsmart.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1670812102
server: CDN77-Turbo
x-77-nzt: AblMCRQ1s3v/GEADAA
x-77-nzt-ray: af5856306880e22b5e979063daa8892b
x-cache: HIT
x-age: 213016
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash a3c9679236e68e323a0f63bdba404745
c378193fe82679178d947e5b02a5f3c1d052313d
f09384df5ffcae048ae1a647747e51318c2ceb1caf7e418966e494d5ed358f8f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:39 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 12:04:34 GMT
Expires: Sun, 11 Dec 2022 12:04:33 GMT
Etag: "c378193fe82679178d947e5b02a5f3c1d052313d"
Cache-Control: max-age=339353,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775da9b1adc3b511-OSL
fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
172.67.70.145302 Found 296 B URL HTTP/2 fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
IP 172.67.70.145:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a42515019870f8957c08d38af4807ff4
e5f973ff75a923ddfc442ea45438798d91c4f5f6
177d316d79c2caf242b1f8f66ad46fd59e39bc8dd00ae05cf0249a099701f54f
GET /r/14f9494694a9078dc2f4ae3c92e41760/service.js HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/42a80543.js?npr=ed8796ad50f34ad69b409101dffdacdf
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u3b6fPVkjvpFa3%2FEMKz7Idr3pg5i2ytWW2g846CcmCw9bAfHEy23hMgu48gPJE%2F1%2FINAOPvv6VwkpFkIk3CfRNWWXY4l8fpA7bpGPmaYq%2FcFVK8dlKBwj1oI00CF2hglU5%2F5WyNZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9adeafd0b59-OSL
X-Firefox-Spdy: h2
6.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:39 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://blogmado.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9b24e5fb512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2815
Expires: Wed, 07 Dec 2022 14:25:34 GMT
Date: Wed, 07 Dec 2022 13:38:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 34c7ea5adb0245bd2982be787007b10f
00ae5c05e6cd23cb84975f9e3c4e8a7decdab17c
9e561c15522fbb38bbd321a4d38776cd60fe8a612f80358dc9202a1fae96d6a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9E561C15522FBB38BBD321A4D38776CD60FE8A612F80358DC9202A1FAE96D6A2"
Last-Modified: Tue, 06 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14608
Expires: Wed, 07 Dec 2022 17:42:07 GMT
Date: Wed, 07 Dec 2022 13:38:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2815
Expires: Wed, 07 Dec 2022 14:25:34 GMT
Date: Wed, 07 Dec 2022 13:38:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2815
Expires: Wed, 07 Dec 2022 14:25:34 GMT
Date: Wed, 07 Dec 2022 13:38:39 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2815
Expires: Wed, 07 Dec 2022 14:25:34 GMT
Date: Wed, 07 Dec 2022 13:38:39 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 20:49:34 GMT
age: 60545
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
172.67.70.145302 Found 14 kB URL HTTP/2 fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
IP 172.67.70.145:0
Hash be30ba946f4a6c39aa3528886811b8f4
a2e488f130374abc05e83971a1f5c1cbf88e5393
f2db1b6380f317c69d2028168ca8eeaa78873eac1e26f7c0855297cd82e4ae64
GET /r/14f9494694a9078dc2f4ae3c92e41760/service.js HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/42a80543.js?npr=ed8796ad50f34ad69b409101dffdacdf
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0qA07Q5RyJaywHxcBlT3iE0Wpy7aY98wAlr7nmhx83u6NrX489Yu4wplnrwAvJ6T8MDjRD%2FUGp%2F4JL35p24%2Fu7hbriU%2F8soH%2BdBK1FP8wFCy%2FywZKO9HccCLWJftE2O2%2ForNLPdC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9adeafc0b59-OSL
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53afd826523f4c18bf968764818d7ca7
9a26884875abb0652c568c50438b65f801779f9a
4f9dfeda67a040fef9c6987a7c334a91c993c84f694fa91771fcf7fd1d2e4937
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12293
x-amzn-requestid: 49891ceb-3f74-4e83-8064-f54fc8b30961
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyGHPOIAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-651e4e0c55257bcc553cd176;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7CSrKcHLynpqU_U0D_t1Nen9fnk5uMQYS3O8vsAzyYnnFhLyqQargA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:54:31 GMT
age: 56648
etag: "9a26884875abb0652c568c50438b65f801779f9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:32:51 GMT
age: 18348
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e95ebce9d79ba46cb96af9a45af1762f
985c6761675e6bcc0186f64d55f94cf09352f05c
5837d6bf31e57f955ba2577f112281cc33a5502b358c83192f4e396b57042ac0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8438
x-amzn-requestid: 0f5d1b0e-1193-4006-8a54-555681d9f62e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlqVGMjoAMFS6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb641-6366ea6464122d857407cdff;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nm0qQpo75zvDYWxv8V3GvOSBFenh8ocfjV9d02Mc2l-ABieIb3h2uA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:53:40 GMT
age: 56699
etag: "985c6761675e6bcc0186f64d55f94cf09352f05c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167b7461-ee08-4205-a299-12e7c883b958.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167b7461-ee08-4205-a299-12e7c883b958.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4884ce2731d3033b12e4792c1bbf453e
63b6efc98cb04228d82ac28fceb97bb1cf8d82fb
8c37704d0e1fd16239e28cbdb88c5ac6a2e9cfb70f8457bfab127202f89d3788
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167b7461-ee08-4205-a299-12e7c883b958.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14896
x-amzn-requestid: 58d94b15-dce0-44c0-96b1-917f1206a39e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnA4RFkeoAMFfGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c4834-7c1667b53795d5c11a3bfdda;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:11:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tM0WOO_Ypgj2QxJSz9GHZZTsKjzsvyD6tjpp4G0ZpuGAIGmnEe4oqQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:15:11 GMT
age: 19408
etag: "63b6efc98cb04228d82ac28fceb97bb1cf8d82fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 18bbcbf84b00d3bc602830478ff1bd7f
1f25392db4cf3693259202b24e898f21093b8bf9
cb2b44e1f74a9bb43fab48536f6146e273c728b34e4889ff3f18a411d14d2282
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5790
x-amzn-requestid: 2e409a5f-ce04-4b9b-b3a2-74e5bbd256d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvoEoUoAMFsxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64ca-72e1bb13187b18aa26c8566f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t3ePIvP9gMHEfaF0iYebQ-oM0hg5t1DXqKxb_NZJVKErwcIwATFiyA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:48:02 GMT
age: 57037
etag: "1f25392db4cf3693259202b24e898f21093b8bf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://blogmado.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash a64aa357b0f58ff47ed674824653249d
6895499488666cad08f5704ecdd4b66c932c04ec
19b82e5d9f8b288ef8941b827536306f9498fe81e7e0031f60bd5c502fe35256
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: uid_id2=889392be-3145-46a9-8013-16adfcbe8a70:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://blogmado.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d5ec94a04d79a44bd54d220a80f789ba
56296c85e756283c4d7c90d6c327bc815c105b6d
c82e514bd4836dd8f600a005575285d5938d20af9a78d108bbe746e041a35abc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C82E514BD4836DD8F600A005575285D5938D20AF9A78D108BBE746E041A35ABC"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1435
Expires: Wed, 07 Dec 2022 14:02:34 GMT
Date: Wed, 07 Dec 2022 13:38:39 GMT
Connection: keep-alive
banquetunarmedgrater.com/advertisers.js
173.233.137.52200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:39 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a33a8f01fed920e46543cd9ea529cc8d
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1deee444f677eea81bd278a3fb84eb6b
d3abfc8ae92d6725935ae27693253566b7e9ec89
9ef1f4b16e8b535772dfa51e209439e9e9128758b3736b7001874d7313560fe9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9EF1F4B16E8B535772DFA51E209439E9E9128758B3736B7001874D7313560FE9"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2158
Expires: Wed, 07 Dec 2022 14:14:37 GMT
Date: Wed, 07 Dec 2022 13:38:39 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 006bb180a40612ecb5c5d88eb741957d
a6893fed89f7a538cf8d5c6ff25f6996b60e9e02
36ac9650d965d5e8890bb973ae6ff7136bafd6aad8e0542ae5a561f3e7491271
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 006bb180a40612ecb5c5d88eb741957d
a6893fed89f7a538cf8d5c6ff25f6996b60e9e02
36ac9650d965d5e8890bb973ae6ff7136bafd6aad8e0542ae5a561f3e7491271
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8aa9320315b7fc787bfd0fd1baea8721
45328506883b22acc927b8038b73e5247b0a1679
c5827834b5ce1e49980b439410b06fca062d877abd8ca89719b589a2fe28b4b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.3200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.3:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 06:50:11 GMT
expires: Thu, 07 Dec 2023 06:50:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 24508
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 07 Dec 2022 12:46:55 GMT
expires: Wed, 07 Dec 2022 14:46:55 GMT
cache-control: public, max-age=7200
age: 3104
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.34200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (40252)
Hash 16fb2985c997f05db33523445ddf338d
edb7b7439c32a9b73fab1778167520c7bebbd792
f01526c81045ae0fc4c454b5dd8fb545f8426f2b25343da3da20b6d3ccf2271f
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27561
date: Wed, 07 Dec 2022 13:38:39 GMT
expires: Wed, 07 Dec 2022 13:38:39 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1414 / 664 of 1000 / last-modified: 1670414835"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 006bb180a40612ecb5c5d88eb741957d
a6893fed89f7a538cf8d5c6ff25f6996b60e9e02
36ac9650d965d5e8890bb973ae6ff7136bafd6aad8e0542ae5a561f3e7491271
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fmm5lbe2remi.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 fmm5lbe2remi.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: fmm5lbe2remi.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:39 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8aa9320315b7fc787bfd0fd1baea8721
45328506883b22acc927b8038b73e5247b0a1679
c5827834b5ce1e49980b439410b06fca062d877abd8ca89719b589a2fe28b4b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 28b61f989dfb465256edcbf71f2003c9
81c681728c70013da99ba764db7839b6994dd65c
4233719571005734f342ee15d085590869a119666b1cb3bb0f39848fa1968b35
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4233719571005734F342EE15D085590869A119666B1CB3BB0F39848FA1968B35"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9816
Expires: Wed, 07 Dec 2022 16:22:15 GMT
Date: Wed, 07 Dec 2022 13:38:39 GMT
Connection: keep-alive
adsco.re/p
162.252.214.5200 OK 171 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash a95607a306e3ac2bae2361dd7d124547
6f2d7e59cf3e3754c1e70f5353e3798d87ac02f4
e5e47f9cd30e3f711aac3bd3e05e0fb77f5e0e657ff152d87eaef9d18febccc1
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1873
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://blogmado.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:48:03 GMT
expires: Fri, 01 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 489037
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
entitledbalcony.com/pixel/pure
192.243.59.12204 No Content 0 B URL HTTP/1.1 entitledbalcony.com/pixel/pure
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /pixel/pure HTTP/1.1
Host: entitledbalcony.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://blogmado.com/
Origin: https://blogmado.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 13:38:40 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
entitledbalcony.com/pixel/pure
192.243.59.12204 No Content 0 B URL HTTP/1.1 entitledbalcony.com/pixel/pure
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /pixel/pure HTTP/1.1
Host: entitledbalcony.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://blogmado.com/
Origin: https://blogmado.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 13:38:40 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c845ab707b375170df060e8db33cf4a7
3dab467606cebfa110c675a17b97a74a424c591f
9a769e242bab0e2551de18d0b91babade179fa5e4dfac61a5ff7e37ed5f3153d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A769E242BAB0E2551DE18D0B91BABADE179FA5E4DFAC61A5FF7E37ED5F3153D"
Last-Modified: Mon, 05 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5998
Expires: Wed, 07 Dec 2022 15:18:38 GMT
Date: Wed, 07 Dec 2022 13:38:40 GMT
Connection: keep-alive
entitledbalcony.com/pixel/pure
192.243.59.12200 OK 0 B URL HTTP/1.1 entitledbalcony.com/pixel/pure
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /pixel/pure HTTP/1.1
Host: entitledbalcony.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 13:38:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
entitledbalcony.com/pixel/pure
192.243.59.12200 OK 0 B URL HTTP/1.1 entitledbalcony.com/pixel/pure
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /pixel/pure HTTP/1.1
Host: entitledbalcony.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 07 Dec 2022 13:38:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 02e55986236eb612c5ea283d474409be
83ea1fd44b5695a8df50b2385e4eaaf7be5ede46
038b57bab9c830d30d200e4713c19c3263036b2a2f551f5efe9582874236a9c8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 17:30:50 GMT
Expires: Sun, 11 Dec 2022 17:30:49 GMT
Etag: "83ea1fd44b5695a8df50b2385e4eaaf7be5ede46"
Cache-Control: max-age=358928,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775da9b9bfddb511-OSL
fmm5lbe2remi.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 fmm5lbe2remi.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: fmm5lbe2remi.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:40 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
xadsmart.com/ejHQ.aspx?_=BAYAY5CXXwFjkJdfgAGBAsAAIN8rHwq5MiZxcx_p9tVmQCHzCCGVUHtxepA9N_XvL3u9wQBIMEYCIQDj6lpV4pNF3btjC3AdFg7Rf0jDCnY1DQCXiSMQjj8jkQIhALwIHn7yqygPRgptKKyyVddSJaKMbucY-TAnNUtB2Ydj&v=4&ogNUaWVk=4792524&minBid=&iCIuUxzR=0,0&UXOPwGYc=&CMDHwxqt=&s=1280,1024,1,1280,1024,0
104.153.197.251200 OK 44 B URL HTTP/2 xadsmart.com/ejHQ.aspx?_=BAYAY5CXXwFjkJdfgAGBAsAAIN8rHwq5MiZxcx_p9tVmQCHzCCGVUHtxepA9N_XvL3u9wQBIMEYCIQDj6lpV4pNF3btjC3AdFg7Rf0jDCnY1DQCXiSMQjj8jkQIhALwIHn7yqygPRgptKKyyVddSJaKMbucY-TAnNUtB2Ydj&v=4&ogNUaWVk=4792524&minBid=&iCIuUxzR=0,0&UXOPwGYc=&CMDHwxqt=&s=1280,1024,1,1280,1024,0
IP 104.153.197.251:0
File type ASCII text, with no line terminators
Hash d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /ejHQ.aspx?_=BAYAY5CXXwFjkJdfgAGBAsAAIN8rHwq5MiZxcx_p9tVmQCHzCCGVUHtxepA9N_XvL3u9wQBIMEYCIQDj6lpV4pNF3btjC3AdFg7Rf0jDCnY1DQCXiSMQjj8jkQIhALwIHn7yqygPRgptKKyyVddSJaKMbucY-TAnNUtB2Ydj&v=4&ogNUaWVk=4792524&minBid=&iCIuUxzR=0,0&UXOPwGYc=&CMDHwxqt=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: xadsmart.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Wed, 07 Dec 2022 13:38:40 GMT
X-Firefox-Spdy: h2
populationrind.com/sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65
173.233.139.164200 OK 4.1 kB URL HTTP/1.1 populationrind.com/sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65
IP 173.233.139.164:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5710), with no line terminators
Hash ad83be64be129cf48c0b7d759e3939c6
6a26a41116b6f6e3669eec720fea41ef40e0ed40
600d0b913aad85cc38c5f9e997225f3bef9d9302c3c9bb8fd8a09de798083fa5
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65 HTTP/1.1
Host: populationrind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:40 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://blogmado.com
Access-Control-Allow-Origin: https://blogmado.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16650200; expires=Thu, 08 Dec 2022 13:38:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 08 Dec 2022 13:38:40 GMT; secure; SameSite=None
uncs=1; expires=Thu, 08 Dec 2022 13:38:40 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 08 Dec 2022 13:38:40 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 08 Dec 2022 13:38:40 GMT; secure; SameSite=None
slec01ffd36dfbce3d569baf8d846cd7bc65=[3842224]; expires=Wed, 07 Dec 2022 13:38:45 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 789e1f0c70dec4da2c73aa32495860ff
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash d7fac9a57ed037cdf9b958219b83bf22
3daa7cd68cbc84d7965f59c1da6b1dfebd381048
4bbecdd4f688f51d764592076fa833162576f10876986aa724891760ea58ab70
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=blogmado.com
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=blogmado.com
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=blogmado.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Dec 2022 13:38:40 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=blogmado.com
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=blogmado.com
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=blogmado.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Dec 2022 13:38:40 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ea6d8022d3d0fcb1a655c111694efb3c
0565f1dae70afb9f7d231824a488de4f262218f0
198fc3e66c5d81029e6781d76d0eb5bf8a3c8ae92aa3aa6a7f0fda6d95658a76
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "198FC3E66C5D81029E6781D76D0EB5BF8A3C8AE92AA3AA6A7F0FDA6D95658A76"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15580
Expires: Wed, 07 Dec 2022 17:58:20 GMT
Date: Wed, 07 Dec 2022 13:38:40 GMT
Connection: keep-alive
populationrind.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuTiKIHiTixYPYR4Uw2z2%2FdiZBgjFGFtfdNYns1frVs%2BVWVzVV3dOze1oMSA4expMee7%2FZzWKMkpxFkFkvsiA4Hswe3D9CJUeRmR0YfVD13lffO3zfe%2FXZfnFGIhT0dOMDu6u0pkutWhS%2BsamMsKUP1%2B6GcVSLroWbyrSb18LB9HL9q3HUqkVvhu9Jvm2X6lEcRXEUh7eUk4kdLM1YqOxRN651o1qzXotbTQzc%2F7EvAngaQPTPyMtQYvLc1s9PoPgYJn18U%2Frt3GZX3k0LTXPr0BdHH5ltY0uDdFEmLkBijubdsH5CyFcXYM3R3AFs%2F2DqAExNSPB7DGaO5jLB%2BofnSpmGNGDiRZT9MaQeQ9ExuL0HJX4lABdYW4dJH6xZV9Kdc5ZO2Qm59OwvqHJCLv3xCkz63Q2tBuEdq4tcWeMxSCqowRiqN0ZWHCPfDaDKY%2FD8UyjxC1l6tgqTHqx7baFENXOv1BgqGUPLIagPUEyPClAkAYosQCpOQ9rqJlG0nLCk0eg0OeeNBuetTlu0RKPZSSIUfCpviDwbgushuNtD5vawrYZwxY%2FwWxW8CODzCQk%2B3ENfVCglQekJSkpQKoIyJyj71aHQvu6rB0L7gsXzXJ%2FnRjWyeW%2BfHtq8Jw3Zz87I5dlc%2FnnpKbblaRjFSSIabZEwLhui1e4ymnREp9nmYpnxdgteVVD%2Bwszq7nRJ315BpiaEfP83GD2G18fg6jJo8RpoOVquR6Bbo2Ynwq55mKeSOlPjNoWwFbL8EvKdYF%2BfkVdnKq5WjyH5yfU%2Fk1mAuwqZq%2FCJ%2Bomgp%2B%2BPbtuSHNy2pSdP1rNcpWqXTjd3J6e5vPjwfblTWidWbvrh12%2FzKTEtH92VPl%2BlRijT8%2BSbG0oI6W5ZxyX5YcVvSrZR%2BK0bhTNFtrrxzq2VNHPSe2XNGHRq8Pm3wNWEvFA9nf3K1%2BXnUG4MV1RIixMyDyh7DJ7twWcL%2Fd4SOL3oYVmAsqhGrs4Wj1oRaLnAlFXw%2F8FsUe%2F7%2B%2Bi5ADS%2FB5NW6LsKfV2B6iF8cXGUZ%2B7k%2Bm%2BNWYDpYMS0Cw6YdvqL8%2BF6dRrKVhIlMqpLlnRZskwj0U2aXUa7sVxmLRoj9xM%2B%2FPLjfwEAAP%2F%2FAQAA%2F%2F9JKAQZbQQAAA%3D%3D
173.233.139.164200 OK 7 B URL HTTP/1.1 populationrind.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuTiKIHiTixYPYR4Uw2z2%2FdiZBgjFGFtfdNYns1frVs%2BVWVzVV3dOze1oMSA4expMee7%2FZzWKMkpxFkFkvsiA4Hswe3D9CJUeRmR0YfVD13lffO3zfe%2FXZfnFGIhT0dOMDu6u0pkutWhS%2BsamMsKUP1%2B6GcVSLroWbyrSb18LB9HL9q3HUqkVvhu9Jvm2X6lEcRXEUh7eUk4kdLM1YqOxRN651o1qzXotbTQzc%2F7EvAngaQPTPyMtQYvLc1s9PoPgYJn18U%2Frt3GZX3k0LTXPr0BdHH5ltY0uDdFEmLkBijubdsH5CyFcXYM3R3AFs%2F2DqAExNSPB7DGaO5jLB%2BofnSpmGNGDiRZT9MaQeQ9ExuL0HJX4lABdYW4dJH6xZV9Kdc5ZO2Qm59OwvqHJCLv3xCkz63Q2tBuEdq4tcWeMxSCqowRiqN0ZWHCPfDaDKY%2FD8UyjxC1l6tgqTHqx7baFENXOv1BgqGUPLIagPUEyPClAkAYosQCpOQ9rqJlG0nLCk0eg0OeeNBuetTlu0RKPZSSIUfCpviDwbgushuNtD5vawrYZwxY%2FwWxW8CODzCQk%2B3ENfVCglQekJSkpQKoIyJyj71aHQvu6rB0L7gsXzXJ%2FnRjWyeW%2BfHtq8Jw3Zz87I5dlc%2FnnpKbblaRjFSSIabZEwLhui1e4ymnREp9nmYpnxdgteVVD%2Bwszq7nRJ315BpiaEfP83GD2G18fg6jJo8RpoOVquR6Bbo2Ynwq55mKeSOlPjNoWwFbL8EvKdYF%2BfkVdnKq5WjyH5yfU%2Fk1mAuwqZq%2FCJ%2Bomgp%2B%2BPbtuSHNy2pSdP1rNcpWqXTjd3J6e5vPjwfblTWidWbvrh12%2FzKTEtH92VPl%2BlRijT8%2BSbG0oI6W5ZxyX5YcVvSrZR%2BK0bhTNFtrrxzq2VNHPSe2XNGHRq8Pm3wNWEvFA9nf3K1%2BXnUG4MV1RIixMyDyh7DJ7twWcL%2Fd4SOL3oYVmAsqhGrs4Wj1oRaLnAlFXw%2F8FsUe%2F7%2B%2Bi5ADS%2FB5NW6LsKfV2B6iF8cXGUZ%2B7k%2Bm%2BNWYDpYMS0Cw6YdvqL8%2BF6dRrKVhIlMqpLlnRZskwj0U2aXUa7sVxmLRoj9xM%2B%2FPLjfwEAAP%2F%2FAQAA%2F%2F9JKAQZbQQAAA%3D%3D
IP 173.233.139.164:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuTiKIHiTixYPYR4Uw2z2%2FdiZBgjFGFtfdNYns1frVs%2BVWVzVV3dOze1oMSA4expMee7%2FZzWKMkpxFkFkvsiA4Hswe3D9CJUeRmR0YfVD13lffO3zfe%2FXZfnFGIhT0dOMDu6u0pkutWhS%2BsamMsKUP1%2B6GcVSLroWbyrSb18LB9HL9q3HUqkVvhu9Jvm2X6lEcRXEUh7eUk4kdLM1YqOxRN651o1qzXotbTQzc%2F7EvAngaQPTPyMtQYvLc1s9PoPgYJn18U%2Frt3GZX3k0LTXPr0BdHH5ltY0uDdFEmLkBijubdsH5CyFcXYM3R3AFs%2F2DqAExNSPB7DGaO5jLB%2BofnSpmGNGDiRZT9MaQeQ9ExuL0HJX4lABdYW4dJH6xZV9Kdc5ZO2Qm59OwvqHJCLv3xCkz63Q2tBuEdq4tcWeMxSCqowRiqN0ZWHCPfDaDKY%2FD8UyjxC1l6tgqTHqx7baFENXOv1BgqGUPLIagPUEyPClAkAYosQCpOQ9rqJlG0nLCk0eg0OeeNBuetTlu0RKPZSSIUfCpviDwbgushuNtD5vawrYZwxY%2FwWxW8CODzCQk%2B3ENfVCglQekJSkpQKoIyJyj71aHQvu6rB0L7gsXzXJ%2FnRjWyeW%2BfHtq8Jw3Zz87I5dlc%2FnnpKbblaRjFSSIabZEwLhui1e4ymnREp9nmYpnxdgteVVD%2Bwszq7nRJ315BpiaEfP83GD2G18fg6jJo8RpoOVquR6Bbo2Ynwq55mKeSOlPjNoWwFbL8EvKdYF%2BfkVdnKq5WjyH5yfU%2Fk1mAuwqZq%2FCJ%2Bomgp%2B%2BPbtuSHNy2pSdP1rNcpWqXTjd3J6e5vPjwfblTWidWbvrh12%2FzKTEtH92VPl%2BlRijT8%2BSbG0oI6W5ZxyX5YcVvSrZR%2BK0bhTNFtrrxzq2VNHPSe2XNGHRq8Pm3wNWEvFA9nf3K1%2BXnUG4MV1RIixMyDyh7DJ7twWcL%2Fd4SOL3oYVmAsqhGrs4Wj1oRaLnAlFXw%2F8FsUe%2F7%2B%2Bi5ADS%2FB5NW6LsKfV2B6iF8cXGUZ%2B7k%2Bm%2BNWYDpYMS0Cw6YdvqL8%2BF6dRrKVhIlMqpLlnRZskwj0U2aXUa7sVxmLRoj9xM%2B%2FPLjfwEAAP%2F%2FAQAA%2F%2F9JKAQZbQQAAA%3D%3D HTTP/1.1
Host: populationrind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3842224]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a1f382428ca334107a58ede88b54689c
Strict-Transport-Security: max-age=0; includeSubdomains
6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
142.250.74.97200 OK 2.7 kB URL HTTP/2 6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html?n=1 HTTP/1.1
Host: 6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Wed, 07 Dec 2022 13:38:40 GMT
expires: Thu, 07 Dec 2023 13:38:40 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e2b76117e448228305ba7e8618948bef
800100603fcc24f32d8a5e8e323e8415afeab545
afcefd68e69b1d09a9cb50beacacbedab49263fc14dd08040c850451a6444830
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AFCEFD68E69B1D09A9CB50BEACACBEDAB49263FC14DD08040C850451A6444830"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1452
Expires: Wed, 07 Dec 2022 14:02:52 GMT
Date: Wed, 07 Dec 2022 13:38:40 GMT
Connection: keep-alive
populationrind.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=121
173.233.139.164200 OK 0 B URL HTTP/1.1 populationrind.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=121
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=121 HTTP/1.1
Host: populationrind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3842224]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/img/close.png
172.64.108.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/img/close.png
IP 172.64.108.13:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/ssp/utility/live-message/3-2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: image/png
content-length: 5982
last-modified: Thu, 28 Apr 2022 08:29:14 GMT
etag: "626a505a-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1900040
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MozqRzRn8cOHWPuL8xAtf9KO7k9I2S3%2Bya370NAkD8ReOQphuk7Kx4%2FEq8%2FpE0PkcaBWb4ZeBXoqOSI0izhDD6Um3EbddNoR9F2VsnglIoNgC934eGiN8IUi7qCyXvDXzWOfOlAwwgeJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9be684506f1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f371fd6cbe04abe5f0d8679af1f2a998
ac95c5a39304a338b963d591a374bd667c836143
bb563352d50a6732df1045dcf54d5242f7609753538c26735456fef24a4692e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB563352D50A6732DF1045DCF54D5242F7609753538C26735456FEF24A4692E9"
Last-Modified: Tue, 06 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1211
Expires: Wed, 07 Dec 2022 13:58:52 GMT
Date: Wed, 07 Dec 2022 13:38:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f371fd6cbe04abe5f0d8679af1f2a998
ac95c5a39304a338b963d591a374bd667c836143
bb563352d50a6732df1045dcf54d5242f7609753538c26735456fef24a4692e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB563352D50A6732DF1045DCF54D5242F7609753538C26735456FEF24A4692E9"
Last-Modified: Tue, 06 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1211
Expires: Wed, 07 Dec 2022 13:58:52 GMT
Date: Wed, 07 Dec 2022 13:38:41 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js
172.64.108.13200 OK 32 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js
IP 172.64.108.13:0
File type ASCII text, with very long lines (65451)
Hash ff857f02f95afdd363403aea67b00e66
0a30c2b71a5af447bdc7f0c75a267ff66fe93d88
e5e45c663c448a28c911a351ab17fe7b5a738422bd5246ade4e5e94fb02e3919
GET /sb/ssp/utility/live-message/3-2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: application/javascript
last-modified: Thu, 28 Apr 2022 08:29:17 GMT
etag: W/"626a505d-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1900040
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbvODIMjsJnuSxVAMD2ZOqAb61W8kjJm2AnDmBYUCo5Q%2BLihFNjsIxAUDKAE%2BUUIE9MOZgrgRPT58u7k8K2X15MqT7KLEpIn5PlQJAe0gyoPb6Xvnt1AE%2Bz1EB5E3ejuBQugRTTv9pKg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9be684706f1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/7f/85/7f/7f857f52ec0313ee26f4aa5b075a3b20/1670417315.png
45.133.44.10200 OK 68 kB URL HTTP/2 cdn.cloudimagesb.com/si/7f/85/7f/7f857f52ec0313ee26f4aa5b075a3b20/1670417315.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash cee9d197f40adc6e2a7302cc42f740f2
824b0a24ac21233a3d7343b204136a3137f60fa2
bd058c2e010ebc52cda3116b5363f61c063485ad1ae3045ffb2ead63172d8f16
GET /si/7f/85/7f/7f857f52ec0313ee26f4aa5b075a3b20/1670417315.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: image/png
content-length: 67928
server: nginx/1.17.6
last-modified: Wed, 07 Dec 2022 12:48:44 GMT
etag: "63908bac-10958"
expires: Fri, 09 Dec 2022 13:38:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=blogmado.com
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=blogmado.com
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=blogmado.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Dec 2022 13:38:41 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/f1/d0/83/f1d083b8e7c37a3c2076057db054ab5d/1670417365.png
45.133.44.10200 OK 79 kB URL HTTP/2 cdn.cloudimagesb.com/si/f1/d0/83/f1d083b8e7c37a3c2076057db054ab5d/1670417365.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 906656d46a04025c62332a469592b141
d49734500d4944e6a094f8dd4c867d1a65e05aa6
6a99946eef7f4578626ba03218d1a3a37abb6824e21bd3a263e36c5814540e40
GET /si/f1/d0/83/f1d083b8e7c37a3c2076057db054ab5d/1670417365.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: image/png
content-length: 78590
server: nginx/1.17.6
last-modified: Wed, 07 Dec 2022 12:49:34 GMT
etag: "63908bde-132fe"
expires: Fri, 09 Dec 2022 13:38:41 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
px.netpub.media/iab?t=1670420320787&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&xx=f89e668722348d1b1d1ea79f6e599d31&n=100&m=898&x=netpub&zz=4428ee9635aefb04a92b240a898298e6fdbc4346cd9e4d53c1932d78caf26b07&z=6e84323ed0548bf8dad44a041d62ae14&h=0&k=4&yy=234f3fd5f395a12d9a72baaa86622449&g=0&j=0&aa=7a01f33f1e7cd08c5cd31a08a5602a025de4f7d31258ace280b8371f5619b072&r=200&y=%2F112081842%2C22620349674%2Fblogmado.com_300x250_banner2_marco2&p=1524.5&c=FR&e=0&a=true&l=1268&i=1&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&f=dfp&b=embed&o=877.5&q=200&s=complete
172.67.70.145200 OK 48 kB URL HTTP/2 px.netpub.media/iab?t=1670420320787&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&xx=f89e668722348d1b1d1ea79f6e599d31&n=100&m=898&x=netpub&zz=4428ee9635aefb04a92b240a898298e6fdbc4346cd9e4d53c1932d78caf26b07&z=6e84323ed0548bf8dad44a041d62ae14&h=0&k=4&yy=234f3fd5f395a12d9a72baaa86622449&g=0&j=0&aa=7a01f33f1e7cd08c5cd31a08a5602a025de4f7d31258ace280b8371f5619b072&r=200&y=%2F112081842%2C22620349674%2Fblogmado.com_300x250_banner2_marco2&p=1524.5&c=FR&e=0&a=true&l=1268&i=1&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&f=dfp&b=embed&o=877.5&q=200&s=complete
IP 172.67.70.145:0
Hash bef423e1f93079e88628f693a4defc48
35ce16c6191b2f5f7bf1387d494924a3dac2e0e4
b70929dea96590f69e20adb32614b257e1af74c8510e236005b9a4aaea172cc6
GET /iab?t=1670420320787&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&xx=f89e668722348d1b1d1ea79f6e599d31&n=100&m=898&x=netpub&zz=4428ee9635aefb04a92b240a898298e6fdbc4346cd9e4d53c1932d78caf26b07&z=6e84323ed0548bf8dad44a041d62ae14&h=0&k=4&yy=234f3fd5f395a12d9a72baaa86622449&g=0&j=0&aa=7a01f33f1e7cd08c5cd31a08a5602a025de4f7d31258ace280b8371f5619b072&r=200&y=%2F112081842%2C22620349674%2Fblogmado.com_300x250_banner2_marco2&p=1524.5&c=FR&e=0&a=true&l=1268&i=1&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&f=dfp&b=embed&o=877.5&q=200&s=complete HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMXY1KhFUwn22Tp9C9vs9EG%2FeQ3JDZX3uclNIA5KP10HHSumnUO914tS3%2B%2F%2BhZMjA6zit4T4wcrw4tNymKtptkLGSjNRK8IvZ%2F857ELpv6GfV0Hhtym7vDMhxXJryktM%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9bf6ccd0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
populationrind.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=387
173.233.139.164200 OK 0 B URL HTTP/1.1 populationrind.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=387
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=79249&fd=387 HTTP/1.1
Host: populationrind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3842224]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash b218837598d632ac2441c7b16dfdb86c
27c7aea0185cf6dafc8df7f701f56d7ef3d9c336
d2c3e31ab147455ca2b7f94249e880572a5ea592c38ca847b8def2d293975680
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash b218837598d632ac2441c7b16dfdb86c
27c7aea0185cf6dafc8df7f701f56d7ef3d9c336
d2c3e31ab147455ca2b7f94249e880572a5ea592c38ca847b8def2d293975680
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 1e181f9ed09fb72bf80535f26ad7b91a
df966a15abb5b870e71527d73592f7d977011eb2
741e73d12b0fa5e76d9b4a78e8e70dbe307e059a0018aca245da0db44c5a5958
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fb0a75755412f968ea0063b5eb7e3f2e
4922169cbe72c746a109079dea5625b7ff3270e8
cb95c64f511e6665a9e7ed3a918c4ad1c65942ae7883604a8689b0c6f01a1d1a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB95C64F511E6665A9E7ED3A918C4AD1C65942AE7883604A8689B0C6F01A1D1A"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=937
Expires: Wed, 07 Dec 2022 13:54:18 GMT
Date: Wed, 07 Dec 2022 13:38:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fb0a75755412f968ea0063b5eb7e3f2e
4922169cbe72c746a109079dea5625b7ff3270e8
cb95c64f511e6665a9e7ed3a918c4ad1c65942ae7883604a8689b0c6f01a1d1a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB95C64F511E6665A9E7ED3A918C4AD1C65942AE7883604A8689B0C6F01A1D1A"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=937
Expires: Wed, 07 Dec 2022 13:54:18 GMT
Date: Wed, 07 Dec 2022 13:38:41 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 140c9874db28b6e2e6a52482f855c377
446fe052b9453df610b78f8faa8a79926d9a0d42
67b5305346dce15bca13f7659dea297ee92bc69bb6efec02fba55f2c29fd8705
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/style.css
172.64.108.13200 OK 1.6 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/style.css
IP 172.64.108.13:0
Hash 1383ff77a305cbbde6dd2f35a747ef33
f3b341dcdbf56dd56e19348bf352370265bbfd30
ee44277ebc4dc007956e8d709ad10b2d9f897a6a88b58c0d0f23c405bae73d6a
GET /sb/ssp/utility/live-message/3-2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: text/css
last-modified: Thu, 28 Apr 2022 08:29:13 GMT
etag: W/"626a5059-22dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2f8eGrE9Yar3cqNcj6Hk1VtQtYKe4yPuuGIvdlg8TKOZ54TVaWnInq%2BQD%2F7KSZ%2F%2FGA1eQ1yrdRSVHHyXvUb2B3sD%2ByeAW3mF5LTfcXIX92OH0gP5uLr2Oyl2D4GPVOO85%2BRDORRPofss"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9be280706f1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 140c9874db28b6e2e6a52482f855c377
446fe052b9453df610b78f8faa8a79926d9a0d42
67b5305346dce15bca13f7659dea297ee92bc69bb6efec02fba55f2c29fd8705
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 3.0 kB IP 216.58.211.3:0
Hash 7782b79a5030f85b1b86d091fd5cc653
67107fba1700612d05c83c066ea60c6e88af5330
271416e2a8e9b41dccd00e97a355d0ac8a7857256536b2887880d2970e28923e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 140c9874db28b6e2e6a52482f855c377
446fe052b9453df610b78f8faa8a79926d9a0d42
67b5305346dce15bca13f7659dea297ee92bc69bb6efec02fba55f2c29fd8705
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=blogmado.com
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=blogmado.com
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=blogmado.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Dec 2022 13:38:41 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 140c9874db28b6e2e6a52482f855c377
446fe052b9453df610b78f8faa8a79926d9a0d42
67b5305346dce15bca13f7659dea297ee92bc69bb6efec02fba55f2c29fd8705
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
172.217.21.161200 OK 62 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
IP 172.217.21.161:0
File type Unicode text, UTF-8 text, with very long lines (65008)
Hash 190bcb4c44fd9e0e93baa80c9b2535b8
97bda56ddc8d6a00d19e1747d63325051f3fd144
b7677f820f06329e357561f570729fe4110af4ac5fb741b97567e20a0f533301
GET /rtv/012211060024000/amp4ads-v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 61592
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:08:55 GMT
expires: Tue, 05 Dec 2023 18:08:55 GMT
cache-control: public, max-age=31536000
age: 156586
etag: "a2fca7132416d151"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
172.217.21.161200 OK 5.2 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
IP 172.217.21.161:0
File type ASCII text, with very long lines (14697)
Hash ae1a9f090984c448deb0629cc2304ee3
e601825ccec746695f370ed68fa33325152e0d9f
6a947bfcdeea64faa6c795caea11ee09dbe00f5d4003b7b9d47e4945c05ac1e4
GET /rtv/012211060024000/v0/amp-ad-exit-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 5218
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 10:51:50 GMT
expires: Wed, 06 Dec 2023 10:51:50 GMT
cache-control: public, max-age=31536000
age: 96411
etag: "abd4378f71571d78"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs
172.217.21.161200 OK 29 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs
IP 172.217.21.161:0
File type ASCII text, with very long lines (65534)
Hash c88b4e73b12307e42222d337bdd646a2
621233bf4e777b2d44b1bc143187111aca2fe718
ef6935537cd5a603b79bc98d4274b70ee5608955792523fc58e818c8ddbb7b48
GET /rtv/012211060024000/v0/amp-analytics-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 28809
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:08:55 GMT
expires: Tue, 05 Dec 2023 18:08:55 GMT
cache-control: public, max-age=31536000
age: 156586
etag: "dd6615029de85e23"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs
172.217.21.161200 OK 1.9 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs
IP 172.217.21.161:0
File type ASCII text, with very long lines (5046)
Hash 669c8592ef8f63e7404e45dd6ca56b71
3f6753966361bb86594193009c9097612c361064
d174ae2c0722ab8d4bf736f0200dc5b15d288f9500a706bb161b64f5a3b74f01
GET /rtv/012211060024000/v0/amp-fit-text-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 1913
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:08:55 GMT
expires: Tue, 05 Dec 2023 18:08:55 GMT
cache-control: public, max-age=31536000
age: 156586
etag: "403438c4d550ee88"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
172.217.21.161200 OK 13 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
IP 172.217.21.161:0
File type Unicode text, UTF-8 text, with very long lines (41057)
Hash 2f873064835eed23708bde2a16830216
7559437b82b9b761e02549d8d51f9e3571e5ed2c
0f5d00ac674cc34652997f2e0dd7fb6eb1a5b22010989c35a81cd7a388c84fdd
GET /rtv/012211060024000/v0/amp-form-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 12946
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:08:55 GMT
expires: Tue, 05 Dec 2023 18:08:55 GMT
cache-control: public, max-age=31536000
age: 156586
etag: "0bacd3f1ce38a7db"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 140c9874db28b6e2e6a52482f855c377
446fe052b9453df610b78f8faa8a79926d9a0d42
67b5305346dce15bca13f7659dea297ee92bc69bb6efec02fba55f2c29fd8705
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 13:38:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unseenreport.com/pxf.gif?uuid=889392be-3145-46a9-8013-16adfcbe8a70&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=13
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=889392be-3145-46a9-8013-16adfcbe8a70&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=13
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=889392be-3145-46a9-8013-16adfcbe8a70&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d1867a7bba529d28b7ae987f32d602cd
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=889392be-3145-46a9-8013-16adfcbe8a70&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=13
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=889392be-3145-46a9-8013-16adfcbe8a70&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=13
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=889392be-3145-46a9-8013-16adfcbe8a70&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:41 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7a5cea55df9ce6318b856eee22b85538
Strict-Transport-Security: max-age=0; includeSubdomains
populationrind.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=268
173.233.139.164200 OK 0 B URL HTTP/1.1 populationrind.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=268
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=268 HTTP/1.1
Host: populationrind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3842224]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
adservice.google.no/adsid/integrator.js?domain=blogmado.com
142.250.74.2200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=blogmado.com
IP 142.250.74.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=blogmado.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 07 Dec 2022 13:38:41 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.netpub.media/iab?e=0&i=1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_6&aa=880c2261b3059e1fb8f14aadec5d080320ab47787b8e7364a0630a7959b0385b&l=1268&w=14f9494694a9078dc2f4ae3c92e41760&b=string&q=320&f=dfp&c=FR&n=100&g=0&xx=15663b3c58a43d9a93f21c260527a47a&k=5&zz=21ca8bf4dac452731ef4c3282c91bd8af0667b1622e5f8f80e557bc5e429b30b&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&p=798.5&m=898&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&s=complete&v=1.6.0&r=100&z=6e84323ed0548bf8dad44a041d62ae14&t=1670420321315&h=0&x=netpub&j=0&yy=f34f336f7278c146e753e83ab53009ee&o=474&a=true
172.67.70.145200 OK 182 B URL HTTP/2 px.netpub.media/iab?e=0&i=1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_6&aa=880c2261b3059e1fb8f14aadec5d080320ab47787b8e7364a0630a7959b0385b&l=1268&w=14f9494694a9078dc2f4ae3c92e41760&b=string&q=320&f=dfp&c=FR&n=100&g=0&xx=15663b3c58a43d9a93f21c260527a47a&k=5&zz=21ca8bf4dac452731ef4c3282c91bd8af0667b1622e5f8f80e557bc5e429b30b&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&p=798.5&m=898&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&s=complete&v=1.6.0&r=100&z=6e84323ed0548bf8dad44a041d62ae14&t=1670420321315&h=0&x=netpub&j=0&yy=f34f336f7278c146e753e83ab53009ee&o=474&a=true
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 68afddc5fc6dff20732a10e111220622
eff6f5a1bc6cea1bdcb4b62b02d5c345a638c811
e2d9f74c1dc050a2bcd7d6b7a8803b1ec8387e4e4c3b85978742dc182d0b5383
GET /iab?e=0&i=1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_6&aa=880c2261b3059e1fb8f14aadec5d080320ab47787b8e7364a0630a7959b0385b&l=1268&w=14f9494694a9078dc2f4ae3c92e41760&b=string&q=320&f=dfp&c=FR&n=100&g=0&xx=15663b3c58a43d9a93f21c260527a47a&k=5&zz=21ca8bf4dac452731ef4c3282c91bd8af0667b1622e5f8f80e557bc5e429b30b&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&p=798.5&m=898&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&s=complete&v=1.6.0&r=100&z=6e84323ed0548bf8dad44a041d62ae14&t=1670420321315&h=0&x=netpub&j=0&yy=f34f336f7278c146e753e83ab53009ee&o=474&a=true HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=owoj58gA5vCaHjVicj4Cfy6LkAqtm%2FFPXsejgnFwPwnJEsnri1jDDulu5U%2FlWC8tIxhcUKpYpfoi7pwLSvV6XCPpgx7mW2NbZZDlr65TUNqcpYxJ%2BufJwJ8dFRNDgpT2lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c288060b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?p=808&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&m=898&k=-1&j=1&s=complete&c=FR&h=0&i=1&x=netpub&t=1670420321348&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&g=1&r=90&n=100&zz=ef33f03adc20059840eaef7ee261acd9d99c687034b79ed766ede2f0d1fa2271&e=1&xx=b103e6a025422713ccb90c8e14aba948&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner2_marco2&b=string&aa=4dc6be22444e3dd0c721a812380edd9d39ee5fefc2fa118690224f3099e09eeb&w=14f9494694a9078dc2f4ae3c92e41760&yy=982fdaf3264edf3ccf1ccd8bffa6f325&o=270&f=dfp&q=728&v=1.6.0&a=true&l=1268&z=6e84323ed0548bf8dad44a041d62ae14
172.67.70.145200 OK 11 kB URL HTTP/2 px.netpub.media/iab?p=808&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&m=898&k=-1&j=1&s=complete&c=FR&h=0&i=1&x=netpub&t=1670420321348&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&g=1&r=90&n=100&zz=ef33f03adc20059840eaef7ee261acd9d99c687034b79ed766ede2f0d1fa2271&e=1&xx=b103e6a025422713ccb90c8e14aba948&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner2_marco2&b=string&aa=4dc6be22444e3dd0c721a812380edd9d39ee5fefc2fa118690224f3099e09eeb&w=14f9494694a9078dc2f4ae3c92e41760&yy=982fdaf3264edf3ccf1ccd8bffa6f325&o=270&f=dfp&q=728&v=1.6.0&a=true&l=1268&z=6e84323ed0548bf8dad44a041d62ae14
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash eb8864617a79b8f186cfa2800694b020
6155fb0231b982ed7d6c9c31b967a8d83ec05453
c0b8966882eca7e4ff01ba412fe97cc7b51449a0ed020abc81108509a0001969
GET /iab?p=808&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&m=898&k=-1&j=1&s=complete&c=FR&h=0&i=1&x=netpub&t=1670420321348&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&g=1&r=90&n=100&zz=ef33f03adc20059840eaef7ee261acd9d99c687034b79ed766ede2f0d1fa2271&e=1&xx=b103e6a025422713ccb90c8e14aba948&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner2_marco2&b=string&aa=4dc6be22444e3dd0c721a812380edd9d39ee5fefc2fa118690224f3099e09eeb&w=14f9494694a9078dc2f4ae3c92e41760&yy=982fdaf3264edf3ccf1ccd8bffa6f325&o=270&f=dfp&q=728&v=1.6.0&a=true&l=1268&z=6e84323ed0548bf8dad44a041d62ae14 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCpirbo0jtI7k5CKqxajA4zS4duEM53dRas%2BPXjMwcWmL5q%2B%2BnToPx0DD%2BKNC3nin0a83xA2v%2BlNdlssDTmkSd98%2FFxDmkDZQXIN1evR8fN%2B%2Fzh87WLdNqEpA1Fe7g5w3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c2c8870b59-OSL
X-Firefox-Spdy: h2
adserve.mahimeta.com/networks/passback/?domain=blogmado.com&pathname=%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&query=%3Fn%3D1¤tPage=https%3A%2F%2F6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&size=336x280&placement=inline&adId=mMTag_336x280_3558925&screenWidth=336&campaign=569
104.21.13.2200 OK 7.4 kB URL HTTP/2 adserve.mahimeta.com/networks/passback/?domain=blogmado.com&pathname=%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&query=%3Fn%3D1¤tPage=https%3A%2F%2F6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&size=336x280&placement=inline&adId=mMTag_336x280_3558925&screenWidth=336&campaign=569
IP 104.21.13.2:0
Hash 6a00751675101eeba3ef3aceb5991c28
1e181bc80c988c411d81e843ae4d72caa6a170c2
1027385cfb0a64788f88e0007367c247ce114c003129949128ac88375f3be3a7
POST /networks/passback/?domain=blogmado.com&pathname=%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&query=%3Fn%3D1¤tPage=https%3A%2F%2F6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&size=336x280&placement=inline&adId=mMTag_336x280_3558925&screenWidth=336&campaign=569 HTTP/1.1
Host: adserve.mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 439
Origin: https://6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token
cache-control: no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=04qBXFhQSNHb3zSI9SmG1fUuosGhrCN%2FypUWnYTDjHoppS5YA8zWlsFBsTtq9bDj%2BNJVkmAax7apz4K%2BivNt0wReqgKB8FXiyMDNgU4fwQa2%2B62FS4IPqGgGlLYS3xS1ZfMuFlvP5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c2ea21b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
populationrind.com/pixel/sbs?c=1
173.233.139.164200 OK 0 B URL HTTP/1.1 populationrind.com/pixel/sbs?c=1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: populationrind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3842224]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 13:38:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
adserve.mahimeta.com/networks/passback/?domain=blogmado.com&pathname=%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&query=%3Fn%3D1¤tPage=https%3A%2F%2F6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&size=728x90&placement=inline&adId=mMTag_728x90_3558925&screenWidth=728&campaign=569
104.21.13.2200 OK 1.0 kB URL HTTP/2 adserve.mahimeta.com/networks/passback/?domain=blogmado.com&pathname=%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&query=%3Fn%3D1¤tPage=https%3A%2F%2F6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&size=728x90&placement=inline&adId=mMTag_728x90_3558925&screenWidth=728&campaign=569
IP 104.21.13.2:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (329)
Hash 7e118c896fd1ffbdc950fd8b9757a81e
eff5459a538ca0cb1ebe99f9b83b70f579621b3e
c8f07f3e7190c40fb8e136bef7dbd347acec5d2e841910910c6293ed929422fc
POST /networks/passback/?domain=blogmado.com&pathname=%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&query=%3Fn%3D1¤tPage=https%3A%2F%2F6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&size=728x90&placement=inline&adId=mMTag_728x90_3558925&screenWidth=728&campaign=569 HTTP/1.1
Host: adserve.mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 439
Origin: https://6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token
cache-control: no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KBYR7AkldfmwCKWCPAQoeS5O%2FX2woQ35lkEHRY2YRl6gChP%2F1vr3DgF5J141PzwLqFqDHH%2F6k9j%2BGPtNNtxG3tYt1LXB%2FPPe4XzBi%2BrIzPr%2F6pvddsJjmS5UlIlIlaVtiASA3hI%2B5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c2ea2fb512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/script.js
172.64.108.13200 OK 20 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/js/script.js
IP 172.64.108.13:0
Hash 387a622e9c269bfd6cfb5ba2dfbd3d78
b65894775c11c74a3963cef813863002bb22d7e9
c74b9156b4c52272656c2556e4942e25fcde703ed61ce6ac593ac04ce89dd464
GET /sb/ssp/utility/live-message/3-2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: application/javascript
last-modified: Thu, 28 Apr 2022 08:29:16 GMT
etag: W/"626a505c-495"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CocEZWwS2Ne58MSYg7PWo1kJANIH1%2FR4vwfYdDU%2FtRKLgCfFztfYo2VG70LPTBkdF8ZfmmyL4nbAnyM0sEQqU%2B0NA7XN4tUqVnDIG8RH5uSX%2Bpm5DVqOIdGWtteYOIecCv%2FQhOIUn1jU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9bfa93606f1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
px.netpub.media/iab?c=FR&a=true&r=280&l=1268&q=336&e=0&s=complete&b=static&g=1&n=100&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_2&k=2&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&j=0&xx=ddd2f09014d68a254357be908a6d89fd&i=1&f=dfp&x=netpub&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&w=14f9494694a9078dc2f4ae3c92e41760&h=0&z=6e84323ed0548bf8dad44a041d62ae14&p=1201.5&t=1670420321840&yy=353f1b1dcac29ba94659eee3f8734a9e&v=1.6.0&aa=e2887ef341f9f93742bc44af49c65d44fce4ba0521472ff755cf9f8fb5ed6f35&o=466&zz=89e1cf93fa4dd22ce7f274491795b24d8856a0c0af90a5068df725a7a2119f9f&m=898
172.67.70.145200 OK 16 kB URL HTTP/2 px.netpub.media/iab?c=FR&a=true&r=280&l=1268&q=336&e=0&s=complete&b=static&g=1&n=100&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_2&k=2&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&j=0&xx=ddd2f09014d68a254357be908a6d89fd&i=1&f=dfp&x=netpub&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&w=14f9494694a9078dc2f4ae3c92e41760&h=0&z=6e84323ed0548bf8dad44a041d62ae14&p=1201.5&t=1670420321840&yy=353f1b1dcac29ba94659eee3f8734a9e&v=1.6.0&aa=e2887ef341f9f93742bc44af49c65d44fce4ba0521472ff755cf9f8fb5ed6f35&o=466&zz=89e1cf93fa4dd22ce7f274491795b24d8856a0c0af90a5068df725a7a2119f9f&m=898
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 3adb3efa72ce3039d49efd2d77065f61
4e88fd2cf684a8812d463555267760b41e1133ed
5ea082e69c57fccf41596eb177771511fd0e9e8a29cd7d4cac63cc89b33076ec
GET /iab?c=FR&a=true&r=280&l=1268&q=336&e=0&s=complete&b=static&g=1&n=100&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_2&k=2&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&j=0&xx=ddd2f09014d68a254357be908a6d89fd&i=1&f=dfp&x=netpub&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&w=14f9494694a9078dc2f4ae3c92e41760&h=0&z=6e84323ed0548bf8dad44a041d62ae14&p=1201.5&t=1670420321840&yy=353f1b1dcac29ba94659eee3f8734a9e&v=1.6.0&aa=e2887ef341f9f93742bc44af49c65d44fce4ba0521472ff755cf9f8fb5ed6f35&o=466&zz=89e1cf93fa4dd22ce7f274491795b24d8856a0c0af90a5068df725a7a2119f9f&m=898 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:42 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T61%2Bt4KcWdAfG%2Bg7q8UeGi6UDkXlLU0nqvc796Py6K6JNcZ%2B8qCVTled9vca9LwyUUiTyfnY3ofis292cs1OyJvv27uYTzQJ03XmiDe08MRi4V8qXox%2FmhUq7kUfrL7mEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c5dbdd0b59-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 118edf25c40fce1dee0b9f0498ba1f85
79c896716db646c722eb824c8a404a64f3f656e3
ff998e9568166570e5e46b8ede299560c88e7b8e317aa61ae59b3781f03e0b58
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF998E9568166570E5E46B8EDE299560C88E7B8E317AA61AE59B3781F03E0B58"
Last-Modified: Mon, 05 Dec 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6593
Expires: Wed, 07 Dec 2022 15:28:35 GMT
Date: Wed, 07 Dec 2022 13:38:42 GMT
Connection: keep-alive
hal9000.redintelligence.net/zone/mq1e9wqsk7c5?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8XZNYZeQY72vFprqZc3yuvgDybminGncsM3O1Q_wLhABIOPgvCNgw4SAgJgYyAEJqQKRetrWd5OxPqgDAaoEgAJP0EphQyWFNXh4yTtvbb3i6sHGfuNN0eQTP0sxKvMcKCgTQoCb75Oo0vGH3Ar-L_K-7Dj9CddH3WE23SyaHvFyJvXBZSxtmN7U1KYyfT39pKx_FcyEqVOQU_7kIIh0RbJfWt4gB6WFsuS0ZXG4s-ohcWkIRapGxAvWrPaMkuo6qw4IeFEHQytNUspCkuBJfyfaVDPbe3IPLMgzXIvhkk0fheaiGsFo3QyCqzXqK8ZrkxH9G74vcrDAVtFWIWzrbdTOzFrhIX2fTk6eylTuHYbTclkTzR-tIZFqoFXTZlpITj8Wedq7L0g4VeDVXpE7vJW9gTksXRt47N4EbNyYKgt0wATBvZT88wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Mi9VR2LoY8Lp9kHKALZ-6As460cLQqGwsdH5NbIZrxcsWjdhyWbjS70kXE_fBnrC7HkL6eq45Jt-5Qcy5iGowjTlFa4GhRgBIBM%26sig%3DAOD64_1W0Iig0DZkUkYIJDLoB3CcBufhDg%26client%3Dca-pub-3379969116950199%26dbm_c%3DAKAmf-BA92VwUNwpG-MaOPITccsL83nwgmIlGFfCYxMhUEORlWUgKl1pYAjQ-0kdV-ogGVeGhFhK9XgpmaeuHJgJ8_TrtgFKJwjCBCckvOpM1fdv53c0qRtu7IPJm39glKpQcR_xKjCbXZ37_9eG9rMoplu7swwpXdqBKoA2X56aHtwGi1NKeXk%26cry%3D1%26dbm_d%3DAKAmf-CEi02km2sBGW9dDh9cjctRRUSjiWRM0UUyGnb95Dc28Ngn30uYn4zILrCZwGu3d6gRkjNVYlLmG2eHQiLLfob8jp62yhsi2UhrxvUWJdbK660efOrbHbSAHg_Mt8CIgE3In1-NJhpfVJAFWOD2W8E4mL5Il7ekD---UGPWLSGoKCmOdPKwp3eEuIYo6wUEoy5Ns42o41s-zlucd4g4o1YSZYbDPuXz0Lnqd8zT8Bff9Yn2VdsuBtED45p5-gwufbJAybYxgDRAY85qN998IwipXFSfOyrietGTCfgljMasLUFHvYTWBqo5h70o7YByKV8JW8JXob4JG3zDek6if2uXHeT6f0H2HUEEbiA3bZ9478B57oKeTy5XZfrT8EoaXlQs5bCZqJtMn7RQbI3_L33gYFDh_5yf3b8iMBj_xPZy6f_Mzew3Mvz38vtoDqFiEoFCm1xRa7zGzfoE6sARIM9LM_gQfmZxs8nMhc_dt4C0DHM3Tjpefs0txChrGcYQFd8C5T5hV4XmBuzYp18rqwrfpBYv1Bm-lBHaYNIoNW4DtL-cXPUqfxFgS6nm9QRPlz0zsVYk%26adurl%3D
176.9.26.250200 OK 4.1 kB URL HTTP/1.1 hal9000.redintelligence.net/zone/mq1e9wqsk7c5?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8XZNYZeQY72vFprqZc3yuvgDybminGncsM3O1Q_wLhABIOPgvCNgw4SAgJgYyAEJqQKRetrWd5OxPqgDAaoEgAJP0EphQyWFNXh4yTtvbb3i6sHGfuNN0eQTP0sxKvMcKCgTQoCb75Oo0vGH3Ar-L_K-7Dj9CddH3WE23SyaHvFyJvXBZSxtmN7U1KYyfT39pKx_FcyEqVOQU_7kIIh0RbJfWt4gB6WFsuS0ZXG4s-ohcWkIRapGxAvWrPaMkuo6qw4IeFEHQytNUspCkuBJfyfaVDPbe3IPLMgzXIvhkk0fheaiGsFo3QyCqzXqK8ZrkxH9G74vcrDAVtFWIWzrbdTOzFrhIX2fTk6eylTuHYbTclkTzR-tIZFqoFXTZlpITj8Wedq7L0g4VeDVXpE7vJW9gTksXRt47N4EbNyYKgt0wATBvZT88wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Mi9VR2LoY8Lp9kHKALZ-6As460cLQqGwsdH5NbIZrxcsWjdhyWbjS70kXE_fBnrC7HkL6eq45Jt-5Qcy5iGowjTlFa4GhRgBIBM%26sig%3DAOD64_1W0Iig0DZkUkYIJDLoB3CcBufhDg%26client%3Dca-pub-3379969116950199%26dbm_c%3DAKAmf-BA92VwUNwpG-MaOPITccsL83nwgmIlGFfCYxMhUEORlWUgKl1pYAjQ-0kdV-ogGVeGhFhK9XgpmaeuHJgJ8_TrtgFKJwjCBCckvOpM1fdv53c0qRtu7IPJm39glKpQcR_xKjCbXZ37_9eG9rMoplu7swwpXdqBKoA2X56aHtwGi1NKeXk%26cry%3D1%26dbm_d%3DAKAmf-CEi02km2sBGW9dDh9cjctRRUSjiWRM0UUyGnb95Dc28Ngn30uYn4zILrCZwGu3d6gRkjNVYlLmG2eHQiLLfob8jp62yhsi2UhrxvUWJdbK660efOrbHbSAHg_Mt8CIgE3In1-NJhpfVJAFWOD2W8E4mL5Il7ekD---UGPWLSGoKCmOdPKwp3eEuIYo6wUEoy5Ns42o41s-zlucd4g4o1YSZYbDPuXz0Lnqd8zT8Bff9Yn2VdsuBtED45p5-gwufbJAybYxgDRAY85qN998IwipXFSfOyrietGTCfgljMasLUFHvYTWBqo5h70o7YByKV8JW8JXob4JG3zDek6if2uXHeT6f0H2HUEEbiA3bZ9478B57oKeTy5XZfrT8EoaXlQs5bCZqJtMn7RQbI3_L33gYFDh_5yf3b8iMBj_xPZy6f_Mzew3Mvz38vtoDqFiEoFCm1xRa7zGzfoE6sARIM9LM_gQfmZxs8nMhc_dt4C0DHM3Tjpefs0txChrGcYQFd8C5T5hV4XmBuzYp18rqwrfpBYv1Bm-lBHaYNIoNW4DtL-cXPUqfxFgS6nm9QRPlz0zsVYk%26adurl%3D
IP 176.9.26.250:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (1716), with CRLF line terminators
Hash 9511f03f4c3dfcb96fb8ae3fb5bdcea7
4384cdde16fb5e7a5484060aca90a3cdb9ce826d
f3bc86801a3564e0971904fb3e7b24eb15354d1b87797949a695b0be85210a72
GET /zone/mq1e9wqsk7c5?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8XZNYZeQY72vFprqZc3yuvgDybminGncsM3O1Q_wLhABIOPgvCNgw4SAgJgYyAEJqQKRetrWd5OxPqgDAaoEgAJP0EphQyWFNXh4yTtvbb3i6sHGfuNN0eQTP0sxKvMcKCgTQoCb75Oo0vGH3Ar-L_K-7Dj9CddH3WE23SyaHvFyJvXBZSxtmN7U1KYyfT39pKx_FcyEqVOQU_7kIIh0RbJfWt4gB6WFsuS0ZXG4s-ohcWkIRapGxAvWrPaMkuo6qw4IeFEHQytNUspCkuBJfyfaVDPbe3IPLMgzXIvhkk0fheaiGsFo3QyCqzXqK8ZrkxH9G74vcrDAVtFWIWzrbdTOzFrhIX2fTk6eylTuHYbTclkTzR-tIZFqoFXTZlpITj8Wedq7L0g4VeDVXpE7vJW9gTksXRt47N4EbNyYKgt0wATBvZT88wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Mi9VR2LoY8Lp9kHKALZ-6As460cLQqGwsdH5NbIZrxcsWjdhyWbjS70kXE_fBnrC7HkL6eq45Jt-5Qcy5iGowjTlFa4GhRgBIBM%26sig%3DAOD64_1W0Iig0DZkUkYIJDLoB3CcBufhDg%26client%3Dca-pub-3379969116950199%26dbm_c%3DAKAmf-BA92VwUNwpG-MaOPITccsL83nwgmIlGFfCYxMhUEORlWUgKl1pYAjQ-0kdV-ogGVeGhFhK9XgpmaeuHJgJ8_TrtgFKJwjCBCckvOpM1fdv53c0qRtu7IPJm39glKpQcR_xKjCbXZ37_9eG9rMoplu7swwpXdqBKoA2X56aHtwGi1NKeXk%26cry%3D1%26dbm_d%3DAKAmf-CEi02km2sBGW9dDh9cjctRRUSjiWRM0UUyGnb95Dc28Ngn30uYn4zILrCZwGu3d6gRkjNVYlLmG2eHQiLLfob8jp62yhsi2UhrxvUWJdbK660efOrbHbSAHg_Mt8CIgE3In1-NJhpfVJAFWOD2W8E4mL5Il7ekD---UGPWLSGoKCmOdPKwp3eEuIYo6wUEoy5Ns42o41s-zlucd4g4o1YSZYbDPuXz0Lnqd8zT8Bff9Yn2VdsuBtED45p5-gwufbJAybYxgDRAY85qN998IwipXFSfOyrietGTCfgljMasLUFHvYTWBqo5h70o7YByKV8JW8JXob4JG3zDek6if2uXHeT6f0H2HUEEbiA3bZ9478B57oKeTy5XZfrT8EoaXlQs5bCZqJtMn7RQbI3_L33gYFDh_5yf3b8iMBj_xPZy6f_Mzew3Mvz38vtoDqFiEoFCm1xRa7zGzfoE6sARIM9LM_gQfmZxs8nMhc_dt4C0DHM3Tjpefs0txChrGcYQFd8C5T5hV4XmBuzYp18rqwrfpBYv1Bm-lBHaYNIoNW4DtL-cXPUqfxFgS6nm9QRPlz0zsVYk%26adurl%3D HTTP/1.1
Host: hal9000.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:42 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4129
Connection: close
Content-Type: text/html; charset=UTF-8
px.netpub.media/iab?z=6e84323ed0548bf8dad44a041d62ae14&q=320&xx=b103e6a025422713ccb90c8e14aba948&l=1268&j=0&aa=1b12ba0c148a75f9d97532fde438fd0bda8fb8703442ec580e8ef07239f65d8f&a=true&b=object&t=1670420322004&h=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&o=474&r=50&g=0&x=netpub&i=1&zz=22147ea4596e99cda9e673cd561f0da5010d8d25748cbb107b67b695e32735a0&yy=4d2cacda8fa9f15335864b9cb7afdf85&v=1.6.0&n=100&p=848&s=complete&e=0&k=-1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_4&m=898&c=FR&f=dfp
172.67.70.145200 OK 9.1 kB URL HTTP/2 px.netpub.media/iab?z=6e84323ed0548bf8dad44a041d62ae14&q=320&xx=b103e6a025422713ccb90c8e14aba948&l=1268&j=0&aa=1b12ba0c148a75f9d97532fde438fd0bda8fb8703442ec580e8ef07239f65d8f&a=true&b=object&t=1670420322004&h=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&o=474&r=50&g=0&x=netpub&i=1&zz=22147ea4596e99cda9e673cd561f0da5010d8d25748cbb107b67b695e32735a0&yy=4d2cacda8fa9f15335864b9cb7afdf85&v=1.6.0&n=100&p=848&s=complete&e=0&k=-1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_4&m=898&c=FR&f=dfp
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash f0685766d143b094e6eba638cf114eb8
32745d9ec273697ff7aa3078051a5b992c732c99
f1c6464fbf2f31f6956171f18a826af471ef47b71ae246fddada50b8d2c41cc2
GET /iab?z=6e84323ed0548bf8dad44a041d62ae14&q=320&xx=b103e6a025422713ccb90c8e14aba948&l=1268&j=0&aa=1b12ba0c148a75f9d97532fde438fd0bda8fb8703442ec580e8ef07239f65d8f&a=true&b=object&t=1670420322004&h=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&o=474&r=50&g=0&x=netpub&i=1&zz=22147ea4596e99cda9e673cd561f0da5010d8d25748cbb107b67b695e32735a0&yy=4d2cacda8fa9f15335864b9cb7afdf85&v=1.6.0&n=100&p=848&s=complete&e=0&k=-1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_4&m=898&c=FR&f=dfp HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:42 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ki%2FXwx4Iy9N%2FkukF%2BuuhzVKeUPw0CXhpNVVxybJNr2N9XA4Z27MxLxsKfZdfB0JO9hEjd%2FdcT%2FB6ejAoDkifnPzQDdm78%2FnjmLDRPf1ARYS4cJkKaVhAMR1NbA9r3bI0cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c6ece10b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?c=FR&yy=1664726d9fa4060b660f7b682c21cd9e&s=complete&a=true&x=netpub&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&n=100&aa=f5e6a44076bef7e9b6a4c970497b31fe4afaacf3f36b76b2676106cbf91f5b1a&i=1&t=1670420322055&g=1&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&m=898&h=0&j=0&q=728&r=100&p=287&zz=822f4bc53d582bb5cd99aa24366ad18d70b880fae6af737f360b5e716d36e305&l=1268&z=6e84323ed0548bf8dad44a041d62ae14&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&o=270&e=0&f=dfp&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&w=14f9494694a9078dc2f4ae3c92e41760&b=static&k=3
172.67.70.145200 OK 182 B URL HTTP/2 px.netpub.media/iab?c=FR&yy=1664726d9fa4060b660f7b682c21cd9e&s=complete&a=true&x=netpub&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&n=100&aa=f5e6a44076bef7e9b6a4c970497b31fe4afaacf3f36b76b2676106cbf91f5b1a&i=1&t=1670420322055&g=1&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&m=898&h=0&j=0&q=728&r=100&p=287&zz=822f4bc53d582bb5cd99aa24366ad18d70b880fae6af737f360b5e716d36e305&l=1268&z=6e84323ed0548bf8dad44a041d62ae14&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&o=270&e=0&f=dfp&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&w=14f9494694a9078dc2f4ae3c92e41760&b=static&k=3
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 68afddc5fc6dff20732a10e111220622
eff6f5a1bc6cea1bdcb4b62b02d5c345a638c811
e2d9f74c1dc050a2bcd7d6b7a8803b1ec8387e4e4c3b85978742dc182d0b5383
GET /iab?c=FR&yy=1664726d9fa4060b660f7b682c21cd9e&s=complete&a=true&x=netpub&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&n=100&aa=f5e6a44076bef7e9b6a4c970497b31fe4afaacf3f36b76b2676106cbf91f5b1a&i=1&t=1670420322055&g=1&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&m=898&h=0&j=0&q=728&r=100&p=287&zz=822f4bc53d582bb5cd99aa24366ad18d70b880fae6af737f360b5e716d36e305&l=1268&z=6e84323ed0548bf8dad44a041d62ae14&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&o=270&e=0&f=dfp&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&w=14f9494694a9078dc2f4ae3c92e41760&b=static&k=3 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:42 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P78IMejxrpie16mtaqzqMwuwm%2B0953cunD01lkNxcd5NI%2FNbQmymegPVZ8K%2FCaX7zQGcLtCKRj85Q0TQ1PVf6lIo3TmaKMd%2BqWTfSwVYkG%2B7lg%2B%2BfhoOIv%2Bs9p4gL2HlXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c72d240b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&yy=93128458af866be388b4299e2276aa3f&l=1268&q=300&n=100&h=0&b=string&r=250&a=true&aa=3ad630807c362b233f667f101699a286832ec51faf8fb7332576ea8937b9055f&m=898&xx=f89e668722348d1b1d1ea79f6e599d31&k=4&p=2249&o=827.5&s=complete&j=0&g=0&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_5&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&x=netpub&i=1&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&zz=66a3f9ba77168e6dfe97e8d099f294cb5a64e28b7874679093f96e967478a84a&z=6e84323ed0548bf8dad44a041d62ae14&c=FR&t=1670420322198&e=0
172.67.70.145200 OK 34 kB URL HTTP/2 px.netpub.media/iab?d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&yy=93128458af866be388b4299e2276aa3f&l=1268&q=300&n=100&h=0&b=string&r=250&a=true&aa=3ad630807c362b233f667f101699a286832ec51faf8fb7332576ea8937b9055f&m=898&xx=f89e668722348d1b1d1ea79f6e599d31&k=4&p=2249&o=827.5&s=complete&j=0&g=0&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_5&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&x=netpub&i=1&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&zz=66a3f9ba77168e6dfe97e8d099f294cb5a64e28b7874679093f96e967478a84a&z=6e84323ed0548bf8dad44a041d62ae14&c=FR&t=1670420322198&e=0
IP 172.67.70.145:0
File type gzip compressed data, max compression\012- data
Hash ed3613812d7b96820230b66ecc7e4f8e
98e2616cfe68d60b7d3846bb533122fcb2a345c7
e0fa81296fa9819f8ff38bf85a345c1f08c9f00fa2ef3fa507697d6322382669
GET /iab?d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&yy=93128458af866be388b4299e2276aa3f&l=1268&q=300&n=100&h=0&b=string&r=250&a=true&aa=3ad630807c362b233f667f101699a286832ec51faf8fb7332576ea8937b9055f&m=898&xx=f89e668722348d1b1d1ea79f6e599d31&k=4&p=2249&o=827.5&s=complete&j=0&g=0&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_5&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&x=netpub&i=1&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&zz=66a3f9ba77168e6dfe97e8d099f294cb5a64e28b7874679093f96e967478a84a&z=6e84323ed0548bf8dad44a041d62ae14&c=FR&t=1670420322198&e=0 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:42 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MIzymnh1UztFxlAfHs4QtHT895mhCE1jNyR8J6S7rKpbOzRqccwu756%2BUmK2HmYM8uingFrJKVQgqMpi%2BhOoDfrByeb4j8z8kM874gK8lPBXCrvJ81aO6P%2BEpx3%2FpB2JRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c80e860b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&yy=93128458af866be388b4299e2276aa3f&l=1268&q=300&n=100&h=0&b=string&r=250&a=true&aa=3ad630807c362b233f667f101699a286832ec51faf8fb7332576ea8937b9055f&m=898&xx=f89e668722348d1b1d1ea79f6e599d31&k=4&p=2249&o=827.5&s=complete&j=0&g=1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_5&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&x=netpub&i=1&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&zz=66a3f9ba77168e6dfe97e8d099f294cb5a64e28b7874679093f96e967478a84a&z=6e84323ed0548bf8dad44a041d62ae14&c=FR&t=1670420322199&e=0
172.67.70.145200 OK 61 kB URL HTTP/2 px.netpub.media/iab?d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&yy=93128458af866be388b4299e2276aa3f&l=1268&q=300&n=100&h=0&b=string&r=250&a=true&aa=3ad630807c362b233f667f101699a286832ec51faf8fb7332576ea8937b9055f&m=898&xx=f89e668722348d1b1d1ea79f6e599d31&k=4&p=2249&o=827.5&s=complete&j=0&g=1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_5&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&x=netpub&i=1&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&zz=66a3f9ba77168e6dfe97e8d099f294cb5a64e28b7874679093f96e967478a84a&z=6e84323ed0548bf8dad44a041d62ae14&c=FR&t=1670420322199&e=0
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e53540519e799119c929d962934b2336
a9779941f89ee44248663ae3795cd5df2c8326c3
d5812ad114148a762ed13002769143458be51e3f40d5a9da3b29f35dcae36e3f
GET /iab?d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&yy=93128458af866be388b4299e2276aa3f&l=1268&q=300&n=100&h=0&b=string&r=250&a=true&aa=3ad630807c362b233f667f101699a286832ec51faf8fb7332576ea8937b9055f&m=898&xx=f89e668722348d1b1d1ea79f6e599d31&k=4&p=2249&o=827.5&s=complete&j=0&g=1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_5&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&x=netpub&i=1&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&zz=66a3f9ba77168e6dfe97e8d099f294cb5a64e28b7874679093f96e967478a84a&z=6e84323ed0548bf8dad44a041d62ae14&c=FR&t=1670420322199&e=0 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:42 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gXPFHMTLlGl0LMDj%2Fxtxyfv%2BvcKSJ9uumQMct8cbtLA7iBoaIYYSrQdxJKreQNIZPD3omCa5FT3b%2FxTKwDE3sZ0VpjJnfNUlpj%2BtM%2F%2FPA5J%2Fv65aibgtTGOERKBq1nX56Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c80e900b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?z=6e84323ed0548bf8dad44a041d62ae14&q=320&xx=b103e6a025422713ccb90c8e14aba948&l=1268&j=0&aa=1b12ba0c148a75f9d97532fde438fd0bda8fb8703442ec580e8ef07239f65d8f&a=true&b=object&t=1670420322005&h=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&o=474&r=50&g=1&x=netpub&i=1&zz=22147ea4596e99cda9e673cd561f0da5010d8d25748cbb107b67b695e32735a0&yy=4d2cacda8fa9f15335864b9cb7afdf85&v=1.6.0&n=100&p=848&s=complete&e=0&k=-1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_4&m=898&c=FR&f=dfp
172.67.70.145200 OK 182 B URL HTTP/2 px.netpub.media/iab?z=6e84323ed0548bf8dad44a041d62ae14&q=320&xx=b103e6a025422713ccb90c8e14aba948&l=1268&j=0&aa=1b12ba0c148a75f9d97532fde438fd0bda8fb8703442ec580e8ef07239f65d8f&a=true&b=object&t=1670420322005&h=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&o=474&r=50&g=1&x=netpub&i=1&zz=22147ea4596e99cda9e673cd561f0da5010d8d25748cbb107b67b695e32735a0&yy=4d2cacda8fa9f15335864b9cb7afdf85&v=1.6.0&n=100&p=848&s=complete&e=0&k=-1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_4&m=898&c=FR&f=dfp
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 68afddc5fc6dff20732a10e111220622
eff6f5a1bc6cea1bdcb4b62b02d5c345a638c811
e2d9f74c1dc050a2bcd7d6b7a8803b1ec8387e4e4c3b85978742dc182d0b5383
GET /iab?z=6e84323ed0548bf8dad44a041d62ae14&q=320&xx=b103e6a025422713ccb90c8e14aba948&l=1268&j=0&aa=1b12ba0c148a75f9d97532fde438fd0bda8fb8703442ec580e8ef07239f65d8f&a=true&b=object&t=1670420322005&h=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&o=474&r=50&g=1&x=netpub&i=1&zz=22147ea4596e99cda9e673cd561f0da5010d8d25748cbb107b67b695e32735a0&yy=4d2cacda8fa9f15335864b9cb7afdf85&v=1.6.0&n=100&p=848&s=complete&e=0&k=-1&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_4&m=898&c=FR&f=dfp HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:42 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TENaU80KdMpPS2HSZNhhVUUjsE9sSqKgKeVMLU2teB1mLsJx7LiRb8YPeMx1%2FPm431wWRM7WLbfnzk4cdfWjz1yvCNZOamkr2LjINwUpHZM567YzVszk0xNlgcBxfnbl3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c6ece30b59-OSL
X-Firefox-Spdy: h2
hal900025.redintelligence.net/request.php?zone=mq1e9wqsk7c5&nw=20&renderingType=javascript&namespace=dfaba95e74&subid=&uid=f325bb1df27667eb&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8XZNYZeQY72vFprqZc3yuvgDybminGncsM3O1Q_wLhABIOPgvCNgw4SAgJgYyAEJqQKRetrWd5OxPqgDAaoEgAJP0EphQyWFNXh4yTtvbb3i6sHGfuNN0eQTP0sxKvMcKCgTQoCb75Oo0vGH3Ar-L_K-7Dj9CddH3WE23SyaHvFyJvXBZSxtmN7U1KYyfT39pKx_FcyEqVOQU_7kIIh0RbJfWt4gB6WFsuS0ZXG4s-ohcWkIRapGxAvWrPaMkuo6qw4IeFEHQytNUspCkuBJfyfaVDPbe3IPLMgzXIvhkk0fheaiGsFo3QyCqzXqK8ZrkxH9G74vcrDAVtFWIWzrbdTOzFrhIX2fTk6eylTuHYbTclkTzR-tIZFqoFXTZlpITj8Wedq7L0g4VeDVXpE7vJW9gTksXRt47N4EbNyYKgt0wATBvZT88wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Mi9VR2LoY8Lp9kHKALZ-6As460cLQqGwsdH5NbIZrxcsWjdhyWbjS70kXE_fBnrC7HkL6eq45Jt-5Qcy5iGowjTlFa4GhRgBIBM%26sig%3DAOD64_1W0Iig0DZkUkYIJDLoB3CcBufhDg%26client%3Dca-pub-3379969116950199%26dbm_c%3DAKAmf-BA92VwUNwpG-MaOPITccsL83nwgmIlGFfCYxMhUEORlWUgKl1pYAjQ-0kdV-ogGVeGhFhK9XgpmaeuHJgJ8_TrtgFKJwjCBCckvOpM1fdv53c0qRtu7IPJm39glKpQcR_xKjCbXZ37_9eG9rMoplu7swwpXdqBKoA2X56aHtwGi1NKeXk%26cry%3D1%26dbm_d%3DAKAmf-CEi02km2sBGW9dDh9cjctRRUSjiWRM0UUyGnb95Dc28Ngn30uYn4zILrCZwGu3d6gRkjNVYlLmG2eHQiLLfob8jp62yhsi2UhrxvUWJdbK660efOrbHbSAHg_Mt8CIgE3In1-NJhpfVJAFWOD2W8E4mL5Il7ekD---UGPWLSGoKCmOdPKwp3eEuIYo6wUEoy5Ns42o41s-zlucd4g4o1YSZYbDPuXz0Lnqd8zT8Bff9Yn2VdsuBtED45p5-gwufbJAybYxgDRAY85qN998IwipXFSfOyrietGTCfgljMasLUFHvYTWBqo5h70o7YByKV8JW8JXob4JG3zDek6if2uXHeT6f0H2HUEEbiA3bZ9478B57oKeTy5XZfrT8EoaXlQs5bCZqJtMn7RQbI3_L33gYFDh_5yf3b8iMBj_xPZy6f_Mzew3Mvz38vtoDqFiEoFCm1xRa7zGzfoE6sARIM9LM_gQfmZxs8nMhc_dt4C0DHM3Tjpefs0txChrGcYQFd8C5T5hV4XmBuzYp18rqwrfpBYv1Bm-lBHaYNIoNW4DtL-cXPUqfxFgS6nm9QRPlz0zsVYk%26adurl%3D&documentReferer=https%3A%2F%2Fblogmado.com%2F&ancestorOrigins=null&random=5016098564327&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
138.201.84.245200 OK 513 B URL HTTP/1.1 hal900025.redintelligence.net/request.php?zone=mq1e9wqsk7c5&nw=20&renderingType=javascript&namespace=dfaba95e74&subid=&uid=f325bb1df27667eb&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8XZNYZeQY72vFprqZc3yuvgDybminGncsM3O1Q_wLhABIOPgvCNgw4SAgJgYyAEJqQKRetrWd5OxPqgDAaoEgAJP0EphQyWFNXh4yTtvbb3i6sHGfuNN0eQTP0sxKvMcKCgTQoCb75Oo0vGH3Ar-L_K-7Dj9CddH3WE23SyaHvFyJvXBZSxtmN7U1KYyfT39pKx_FcyEqVOQU_7kIIh0RbJfWt4gB6WFsuS0ZXG4s-ohcWkIRapGxAvWrPaMkuo6qw4IeFEHQytNUspCkuBJfyfaVDPbe3IPLMgzXIvhkk0fheaiGsFo3QyCqzXqK8ZrkxH9G74vcrDAVtFWIWzrbdTOzFrhIX2fTk6eylTuHYbTclkTzR-tIZFqoFXTZlpITj8Wedq7L0g4VeDVXpE7vJW9gTksXRt47N4EbNyYKgt0wATBvZT88wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Mi9VR2LoY8Lp9kHKALZ-6As460cLQqGwsdH5NbIZrxcsWjdhyWbjS70kXE_fBnrC7HkL6eq45Jt-5Qcy5iGowjTlFa4GhRgBIBM%26sig%3DAOD64_1W0Iig0DZkUkYIJDLoB3CcBufhDg%26client%3Dca-pub-3379969116950199%26dbm_c%3DAKAmf-BA92VwUNwpG-MaOPITccsL83nwgmIlGFfCYxMhUEORlWUgKl1pYAjQ-0kdV-ogGVeGhFhK9XgpmaeuHJgJ8_TrtgFKJwjCBCckvOpM1fdv53c0qRtu7IPJm39glKpQcR_xKjCbXZ37_9eG9rMoplu7swwpXdqBKoA2X56aHtwGi1NKeXk%26cry%3D1%26dbm_d%3DAKAmf-CEi02km2sBGW9dDh9cjctRRUSjiWRM0UUyGnb95Dc28Ngn30uYn4zILrCZwGu3d6gRkjNVYlLmG2eHQiLLfob8jp62yhsi2UhrxvUWJdbK660efOrbHbSAHg_Mt8CIgE3In1-NJhpfVJAFWOD2W8E4mL5Il7ekD---UGPWLSGoKCmOdPKwp3eEuIYo6wUEoy5Ns42o41s-zlucd4g4o1YSZYbDPuXz0Lnqd8zT8Bff9Yn2VdsuBtED45p5-gwufbJAybYxgDRAY85qN998IwipXFSfOyrietGTCfgljMasLUFHvYTWBqo5h70o7YByKV8JW8JXob4JG3zDek6if2uXHeT6f0H2HUEEbiA3bZ9478B57oKeTy5XZfrT8EoaXlQs5bCZqJtMn7RQbI3_L33gYFDh_5yf3b8iMBj_xPZy6f_Mzew3Mvz38vtoDqFiEoFCm1xRa7zGzfoE6sARIM9LM_gQfmZxs8nMhc_dt4C0DHM3Tjpefs0txChrGcYQFd8C5T5hV4XmBuzYp18rqwrfpBYv1Bm-lBHaYNIoNW4DtL-cXPUqfxFgS6nm9QRPlz0zsVYk%26adurl%3D&documentReferer=https%3A%2F%2Fblogmado.com%2F&ancestorOrigins=null&random=5016098564327&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
IP 138.201.84.245:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 62538f3769199a48934369837cfa812e
2b9f556749d76dbaeef50e6e138e4e6830590348
ea207ece5031fd5259d9328ea946c513692ed86ef13fc4bfafe0b86934013f5c
GET /request.php?zone=mq1e9wqsk7c5&nw=20&renderingType=javascript&namespace=dfaba95e74&subid=&uid=f325bb1df27667eb&screenSize=1280x1024&screenSizeAvail=1280x1002&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8XZNYZeQY72vFprqZc3yuvgDybminGncsM3O1Q_wLhABIOPgvCNgw4SAgJgYyAEJqQKRetrWd5OxPqgDAaoEgAJP0EphQyWFNXh4yTtvbb3i6sHGfuNN0eQTP0sxKvMcKCgTQoCb75Oo0vGH3Ar-L_K-7Dj9CddH3WE23SyaHvFyJvXBZSxtmN7U1KYyfT39pKx_FcyEqVOQU_7kIIh0RbJfWt4gB6WFsuS0ZXG4s-ohcWkIRapGxAvWrPaMkuo6qw4IeFEHQytNUspCkuBJfyfaVDPbe3IPLMgzXIvhkk0fheaiGsFo3QyCqzXqK8ZrkxH9G74vcrDAVtFWIWzrbdTOzFrhIX2fTk6eylTuHYbTclkTzR-tIZFqoFXTZlpITj8Wedq7L0g4VeDVXpE7vJW9gTksXRt47N4EbNyYKgt0wATBvZT88wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOcos0O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSSwDq26N9Mi9VR2LoY8Lp9kHKALZ-6As460cLQqGwsdH5NbIZrxcsWjdhyWbjS70kXE_fBnrC7HkL6eq45Jt-5Qcy5iGowjTlFa4GhRgBIBM%26sig%3DAOD64_1W0Iig0DZkUkYIJDLoB3CcBufhDg%26client%3Dca-pub-3379969116950199%26dbm_c%3DAKAmf-BA92VwUNwpG-MaOPITccsL83nwgmIlGFfCYxMhUEORlWUgKl1pYAjQ-0kdV-ogGVeGhFhK9XgpmaeuHJgJ8_TrtgFKJwjCBCckvOpM1fdv53c0qRtu7IPJm39glKpQcR_xKjCbXZ37_9eG9rMoplu7swwpXdqBKoA2X56aHtwGi1NKeXk%26cry%3D1%26dbm_d%3DAKAmf-CEi02km2sBGW9dDh9cjctRRUSjiWRM0UUyGnb95Dc28Ngn30uYn4zILrCZwGu3d6gRkjNVYlLmG2eHQiLLfob8jp62yhsi2UhrxvUWJdbK660efOrbHbSAHg_Mt8CIgE3In1-NJhpfVJAFWOD2W8E4mL5Il7ekD---UGPWLSGoKCmOdPKwp3eEuIYo6wUEoy5Ns42o41s-zlucd4g4o1YSZYbDPuXz0Lnqd8zT8Bff9Yn2VdsuBtED45p5-gwufbJAybYxgDRAY85qN998IwipXFSfOyrietGTCfgljMasLUFHvYTWBqo5h70o7YByKV8JW8JXob4JG3zDek6if2uXHeT6f0H2HUEEbiA3bZ9478B57oKeTy5XZfrT8EoaXlQs5bCZqJtMn7RQbI3_L33gYFDh_5yf3b8iMBj_xPZy6f_Mzew3Mvz38vtoDqFiEoFCm1xRa7zGzfoE6sARIM9LM_gQfmZxs8nMhc_dt4C0DHM3Tjpefs0txChrGcYQFd8C5T5hV4XmBuzYp18rqwrfpBYv1Bm-lBHaYNIoNW4DtL-cXPUqfxFgS6nm9QRPlz0zsVYk%26adurl%3D&documentReferer=https%3A%2F%2Fblogmado.com%2F&ancestorOrigins=null&random=5016098564327&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1 HTTP/1.1
Host: hal900025.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com/
Connection: keep-alive
Cookie: 8lcfmzhxc8d6_uid=6b06c86f2bb4b0a2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:43 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 07 Dec 2022 13:38:43 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8lcfmzhxc8d6_uid=6b06c86f2bb4b0a2; expires=Tue, 07-Mar-2023 13:38:43 GMT; Max-Age=7776000; path=/; domain=.redintelligence.net; secure; SameSite=None
X-NEORY-SubId: 25122700073093704439916012166025
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 513
Connection: close
Content-Type: application/x-javascript; charset=utf-8
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsstq7cO6ddF02PIyJ1KrJK-KqG7UQ52NRwMK7cILTqsHcOeBvrV7TjqV6H20xfh_XPPMrALmKfCbraD0-UUlZjMrnnzJgXWywmNPBvE8K7WEFwzsGob&sig=Cg0ArKJSzDYEfZGnUuZfEAE&id=lidar2&mcvt=1164&p=91,414,181,1142&mtos=1164,1164,1164,1164,1164&tos=1164,0,0,0,0&v=20221205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3264533705&rs=4&la=0&cr=0&vs=4&r=v&rst=1670420320897&rpt=546&isd=0&lsd=0&met=ce&wmsd=0&pbe=0
142.250.74.98200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsstq7cO6ddF02PIyJ1KrJK-KqG7UQ52NRwMK7cILTqsHcOeBvrV7TjqV6H20xfh_XPPMrALmKfCbraD0-UUlZjMrnnzJgXWywmNPBvE8K7WEFwzsGob&sig=Cg0ArKJSzDYEfZGnUuZfEAE&id=lidar2&mcvt=1164&p=91,414,181,1142&mtos=1164,1164,1164,1164,1164&tos=1164,0,0,0,0&v=20221205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3264533705&rs=4&la=0&cr=0&vs=4&r=v&rst=1670420320897&rpt=546&isd=0&lsd=0&met=ce&wmsd=0&pbe=0
IP 142.250.74.98:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjsstq7cO6ddF02PIyJ1KrJK-KqG7UQ52NRwMK7cILTqsHcOeBvrV7TjqV6H20xfh_XPPMrALmKfCbraD0-UUlZjMrnnzJgXWywmNPBvE8K7WEFwzsGob&sig=Cg0ArKJSzDYEfZGnUuZfEAE&id=lidar2&mcvt=1164&p=91,414,181,1142&mtos=1164,1164,1164,1164,1164&tos=1164,0,0,0,0&v=20221205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3264533705&rs=4&la=0&cr=0&vs=4&r=v&rst=1670420320897&rpt=546&isd=0&lsd=0&met=ce&wmsd=0&pbe=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Wed, 07 Dec 2022 13:38:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hal900025.redintelligence.net/request_content.php?s=25122700073093704439916012166025&a=187c42b9
138.201.84.245200 OK 1.5 kB URL HTTP/1.1 hal900025.redintelligence.net/request_content.php?s=25122700073093704439916012166025&a=187c42b9
IP 138.201.84.245:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 58f6de0628eec23c36c90c13f9894c4f
9bac8639618b90f5627d2a40a20d1147cc763cc1
f4609e39af0b1d9b2d359c467b73703fa79a9ee99d90fddea1dd17f8ecbc1678
GET /request_content.php?s=25122700073093704439916012166025&a=187c42b9 HTTP/1.1
Host: hal900025.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6c811678ec23e072707928a3d199302f.safeframe.googlesyndication.com/
Cookie: 8lcfmzhxc8d6_uid=6b06c86f2bb4b0a2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:43 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 07 Dec 2022 13:38:43 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1499
Connection: close
Content-Type: text/html; charset=utf-8
hal900025.redintelligence.net/viewability?s=25122700073093704439916012166025&a=553ec928&vb=m
138.201.84.245200 OK 0 B URL HTTP/1.1 hal900025.redintelligence.net/viewability?s=25122700073093704439916012166025&a=553ec928&vb=m
IP 138.201.84.245:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /viewability?s=25122700073093704439916012166025&a=553ec928&vb=m HTTP/1.1
Host: hal900025.redintelligence.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900025.redintelligence.net/request_content.php?s=25122700073093704439916012166025&a=187c42b9
Cookie: 8lcfmzhxc8d6_uid=6b06c86f2bb4b0a2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 13:38:43 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
cdn.contentspread.net/24i/content/soberfb/EN/S-320x100.gif
88.99.70.21200 OK 18 kB URL HTTP/1.1 cdn.contentspread.net/24i/content/soberfb/EN/S-320x100.gif
IP 88.99.70.21:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 320 x 100\012- data
Hash afb8ed32f3069f5403c977242d3d06af
421b67b8ba0338f23361fc079a4ca2aed54c8d15
c933b803d23dd223840fcc4e13acde710b267913775e9d49f64a88d3d26f45ff
GET /24i/content/soberfb/EN/S-320x100.gif HTTP/1.1
Host: cdn.contentspread.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hal900025.redintelligence.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 13:38:43 GMT
Content-Type: image/gif
Content-Length: 18086
Last-Modified: Mon, 23 Jul 2018 15:20:14 GMT
Connection: close
ETag: "5b55f22e-46a6"
Accept-Ranges: bytes
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvQUP7VDCyA3gZqT6mrWRcx-v8u1Tz8MJSiQdJ_rDBPBaUpQ0UHzqH5yq8EhLXKqZNYDGHhDJ41JSbq8pi-40Q68HHuLqRCpoLucuovbcUgE9UDjtmC&sig=Cg0ArKJSzCduLGpNwnk8EAE&id=lidar2&mcvt=1001&p=848,474,898,794&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20221205&bin=7&avms=nio&bs=1268,898&mc=1&vu=1&app=0&itpl=3&adk=3108416854&rs=4&la=0&cr=0&vs=4&r=v&rst=1670420321986&rpt=631&isd=0&lsd=0&met=mue&wmsd=0&pbe=0
142.250.74.98200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvQUP7VDCyA3gZqT6mrWRcx-v8u1Tz8MJSiQdJ_rDBPBaUpQ0UHzqH5yq8EhLXKqZNYDGHhDJ41JSbq8pi-40Q68HHuLqRCpoLucuovbcUgE9UDjtmC&sig=Cg0ArKJSzCduLGpNwnk8EAE&id=lidar2&mcvt=1001&p=848,474,898,794&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20221205&bin=7&avms=nio&bs=1268,898&mc=1&vu=1&app=0&itpl=3&adk=3108416854&rs=4&la=0&cr=0&vs=4&r=v&rst=1670420321986&rpt=631&isd=0&lsd=0&met=mue&wmsd=0&pbe=0
IP 142.250.74.98:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjsvQUP7VDCyA3gZqT6mrWRcx-v8u1Tz8MJSiQdJ_rDBPBaUpQ0UHzqH5yq8EhLXKqZNYDGHhDJ41JSbq8pi-40Q68HHuLqRCpoLucuovbcUgE9UDjtmC&sig=Cg0ArKJSzCduLGpNwnk8EAE&id=lidar2&mcvt=1001&p=848,474,898,794&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20221205&bin=7&avms=nio&bs=1268,898&mc=1&vu=1&app=0&itpl=3&adk=3108416854&rs=4&la=0&cr=0&vs=4&r=v&rst=1670420321986&rpt=631&isd=0&lsd=0&met=mue&wmsd=0&pbe=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Wed, 07 Dec 2022 13:38:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tmearn.com/ZFLuugfn
104.21.78.210301 Moved Permanently 0 B IP 104.21.78.210:0
GET /ZFLuugfn HTTP/1.1
Host: tmearn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Wed, 07 Dec 2022 13:38:37 GMT
content-type: text/html; charset=UTF-8
location: https://blogmado.com/ZFLuugfn
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RWkvrH62q5M8P12tsqyeU6UA%2FdQpTqU4fc5qDovMH0Mqa9Xw7ohCoOFOcbeDfM8Y%2BZmCwnhdDlrkXA5E%2BtVa7xQRhU5wt%2FgAD80SwgpOJd4vtznfZNt3zsn8aGo9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9a58884b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
px.netpub.media/iab?f=dfp&xx=ddd2f09014d68a254357be908a6d89fd&o=509&zz=3f5f434b4648b0ba70c53b8d0ed9c251e2cf66c64191d491cea84d73142c34b7&e=1&m=898&n=100&k=2&z=6e84323ed0548bf8dad44a041d62ae14&q=250&i=1&l=1268&a=true&x=netpub&h=0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&b=embed&v=1.6.0&r=250&g=1&s=complete&p=1118.5&t=1670420321094&c=FR&j=1&yy=e57d0178b8e46c2d872be9636dc62597&aa=b0b0535f8b089ecb278afda98b98a0be894354648f0efda61b7c3c4fe91b4ad7&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?f=dfp&xx=ddd2f09014d68a254357be908a6d89fd&o=509&zz=3f5f434b4648b0ba70c53b8d0ed9c251e2cf66c64191d491cea84d73142c34b7&e=1&m=898&n=100&k=2&z=6e84323ed0548bf8dad44a041d62ae14&q=250&i=1&l=1268&a=true&x=netpub&h=0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&b=embed&v=1.6.0&r=250&g=1&s=complete&p=1118.5&t=1670420321094&c=FR&j=1&yy=e57d0178b8e46c2d872be9636dc62597&aa=b0b0535f8b089ecb278afda98b98a0be894354648f0efda61b7c3c4fe91b4ad7&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0
IP 172.67.70.145:0
GET /iab?f=dfp&xx=ddd2f09014d68a254357be908a6d89fd&o=509&zz=3f5f434b4648b0ba70c53b8d0ed9c251e2cf66c64191d491cea84d73142c34b7&e=1&m=898&n=100&k=2&z=6e84323ed0548bf8dad44a041d62ae14&q=250&i=1&l=1268&a=true&x=netpub&h=0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&b=embed&v=1.6.0&r=250&g=1&s=complete&p=1118.5&t=1670420321094&c=FR&j=1&yy=e57d0178b8e46c2d872be9636dc62597&aa=b0b0535f8b089ecb278afda98b98a0be894354648f0efda61b7c3c4fe91b4ad7&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFcPsY%2FL7ijYgt0wuVwz6d8EFy0PurSp9NlsIffkyDLfZ%2FOiposUsIFcamF82m0%2Bc2DfaMiJv4WHGWDSKLFtIyuYbM4fZVn5wUjC43hucdY6T75vGhwYagdNCkKBgGbAXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c14eb60b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
px.netpub.media/iab?c=FR&yy=1664726d9fa4060b660f7b682c21cd9e&s=complete&a=true&x=netpub&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&n=100&aa=f5e6a44076bef7e9b6a4c970497b31fe4afaacf3f36b76b2676106cbf91f5b1a&i=1&t=1670420322054&g=0&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&m=898&h=0&j=0&q=728&r=100&p=287&zz=822f4bc53d582bb5cd99aa24366ad18d70b880fae6af737f360b5e716d36e305&l=1268&z=6e84323ed0548bf8dad44a041d62ae14&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&o=270&e=0&f=dfp&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&w=14f9494694a9078dc2f4ae3c92e41760&b=static&k=3
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?c=FR&yy=1664726d9fa4060b660f7b682c21cd9e&s=complete&a=true&x=netpub&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&n=100&aa=f5e6a44076bef7e9b6a4c970497b31fe4afaacf3f36b76b2676106cbf91f5b1a&i=1&t=1670420322054&g=0&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&m=898&h=0&j=0&q=728&r=100&p=287&zz=822f4bc53d582bb5cd99aa24366ad18d70b880fae6af737f360b5e716d36e305&l=1268&z=6e84323ed0548bf8dad44a041d62ae14&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&o=270&e=0&f=dfp&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&w=14f9494694a9078dc2f4ae3c92e41760&b=static&k=3
IP 172.67.70.145:0
GET /iab?c=FR&yy=1664726d9fa4060b660f7b682c21cd9e&s=complete&a=true&x=netpub&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&n=100&aa=f5e6a44076bef7e9b6a4c970497b31fe4afaacf3f36b76b2676106cbf91f5b1a&i=1&t=1670420322054&g=0&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&m=898&h=0&j=0&q=728&r=100&p=287&zz=822f4bc53d582bb5cd99aa24366ad18d70b880fae6af737f360b5e716d36e305&l=1268&z=6e84323ed0548bf8dad44a041d62ae14&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&o=270&e=0&f=dfp&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&w=14f9494694a9078dc2f4ae3c92e41760&b=static&k=3 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:42 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oM48lxd7zFdJubaAmYj%2FFxP%2FnsZJFI3tBs32ICqlv8CMp9Sx1hHJzUpGCkH52crwZi6pPllz%2F4GGrQA6cGEPL057nfrP7FYMjue7KNkGeuD7Y31SHmd2H87E9TC5ud1U5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c72d210b59-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700
IP 142.250.74.106:0
GET /css?family=Droid+Sans%3Aregular%2C700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 13:38:38 GMT
date: Wed, 07 Dec 2022 13:38:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
GET /sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:40 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-616"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 07 Dec 2022 14:38:40 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
adserve2.mahimeta.com/networks/time/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Finsurance-companies%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&screenWidth=1280&screenHeight=939&landed=true&ping=false
104.21.13.2200 OK 0 B URL HTTP/2 adserve2.mahimeta.com/networks/time/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Finsurance-companies%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&screenWidth=1280&screenHeight=939&landed=true&ping=false
IP 104.21.13.2:0
POST /networks/time/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Finsurance-companies%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&screenWidth=1280&screenHeight=939&landed=true&ping=false HTTP/1.1
Host: adserve2.mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3610
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:38 GMT
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token
cache-control: no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g2E%2FrxXliFusLjatTRu41p2%2BINJAOP%2B9t2c%2Fau1JLLZUJeBEFtg97TdOrOpst1JQdvOPWI7ifAbKX3wyy4t5pzZNbDjPkjOmgoRVd3mlMusQ78UfNFlqZgHYQrr8OLIkkUtKTqHK3fU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9b0fcc3b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
px.netpub.media/iab?f=dfp&s=complete&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&x=netpub&t=1670420321058&a=true&yy=441caf19b459c0357a9f96d60b566e6c&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&p=352.5&g=1&b=object&r=300&zz=5a291b81a123a91bc7b61b4b477c3d90b6e6bc7fa9f9d15681c515d4f01be9be&w=14f9494694a9078dc2f4ae3c92e41760&e=0&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&h=0&c=FR&aa=83e5358e44d8a42448a8fd603c8fe8e5cb555ecd874a16098e3a41206c7853db&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&i=1&z=6e84323ed0548bf8dad44a041d62ae14&n=100&o=454&l=1268&q=360&m=898
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?f=dfp&s=complete&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&x=netpub&t=1670420321058&a=true&yy=441caf19b459c0357a9f96d60b566e6c&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&p=352.5&g=1&b=object&r=300&zz=5a291b81a123a91bc7b61b4b477c3d90b6e6bc7fa9f9d15681c515d4f01be9be&w=14f9494694a9078dc2f4ae3c92e41760&e=0&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&h=0&c=FR&aa=83e5358e44d8a42448a8fd603c8fe8e5cb555ecd874a16098e3a41206c7853db&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&i=1&z=6e84323ed0548bf8dad44a041d62ae14&n=100&o=454&l=1268&q=360&m=898
IP 172.67.70.145:0
GET /iab?f=dfp&s=complete&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&x=netpub&t=1670420321058&a=true&yy=441caf19b459c0357a9f96d60b566e6c&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&p=352.5&g=1&b=object&r=300&zz=5a291b81a123a91bc7b61b4b477c3d90b6e6bc7fa9f9d15681c515d4f01be9be&w=14f9494694a9078dc2f4ae3c92e41760&e=0&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&h=0&c=FR&aa=83e5358e44d8a42448a8fd603c8fe8e5cb555ecd874a16098e3a41206c7853db&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&i=1&z=6e84323ed0548bf8dad44a041d62ae14&n=100&o=454&l=1268&q=360&m=898 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aulgxsqYrJXqbl05tftB%2FlZp42h0HGYzKX%2FmCIflB9Z6DRaDv%2FX0giyS%2BUJG5dLFJX9OdCawPHkIVEdzPlfUv7r3MVf5oKQHycVnqXNsxiugOHet8ECxwl4ib8AcmM027A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c10e6d0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317796
172.67.70.145301 Moved Permanently 0 B URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317796
IP 172.67.70.145:0
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317796 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 07 Dec 2022 13:38:38 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Wed, 07 Dec 2022 14:38:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cLDfitV%2B82Y0ICj8daAVY5b9ChhMDqdVr9KfXsqKL5j9OyfWHBxHh1NVG1%2FkgIKuD5s0f9jwjltDWCPDlpMnT3DXYHusK06H0w2ZfdEjPKqBZWXWr2q86LcyG7snG9PDWMaNgl2s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9acea110b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?t=1670420320788&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&xx=f89e668722348d1b1d1ea79f6e599d31&n=100&m=898&x=netpub&zz=4428ee9635aefb04a92b240a898298e6fdbc4346cd9e4d53c1932d78caf26b07&z=6e84323ed0548bf8dad44a041d62ae14&h=0&k=4&yy=234f3fd5f395a12d9a72baaa86622449&g=1&j=1&aa=7a01f33f1e7cd08c5cd31a08a5602a025de4f7d31258ace280b8371f5619b072&r=200&y=%2F112081842%2C22620349674%2Fblogmado.com_300x250_banner2_marco2&p=1524.5&c=FR&e=1&a=true&l=1268&i=1&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&f=dfp&b=embed&o=877.5&q=200&s=complete
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?t=1670420320788&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&xx=f89e668722348d1b1d1ea79f6e599d31&n=100&m=898&x=netpub&zz=4428ee9635aefb04a92b240a898298e6fdbc4346cd9e4d53c1932d78caf26b07&z=6e84323ed0548bf8dad44a041d62ae14&h=0&k=4&yy=234f3fd5f395a12d9a72baaa86622449&g=1&j=1&aa=7a01f33f1e7cd08c5cd31a08a5602a025de4f7d31258ace280b8371f5619b072&r=200&y=%2F112081842%2C22620349674%2Fblogmado.com_300x250_banner2_marco2&p=1524.5&c=FR&e=1&a=true&l=1268&i=1&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&f=dfp&b=embed&o=877.5&q=200&s=complete
IP 172.67.70.145:0
GET /iab?t=1670420320788&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&v=1.6.0&xx=f89e668722348d1b1d1ea79f6e599d31&n=100&m=898&x=netpub&zz=4428ee9635aefb04a92b240a898298e6fdbc4346cd9e4d53c1932d78caf26b07&z=6e84323ed0548bf8dad44a041d62ae14&h=0&k=4&yy=234f3fd5f395a12d9a72baaa86622449&g=1&j=1&aa=7a01f33f1e7cd08c5cd31a08a5602a025de4f7d31258ace280b8371f5619b072&r=200&y=%2F112081842%2C22620349674%2Fblogmado.com_300x250_banner2_marco2&p=1524.5&c=FR&e=1&a=true&l=1268&i=1&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&f=dfp&b=embed&o=877.5&q=200&s=complete HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fiaQ0WrX36lnqMAgjyTj1TKJZ0%2B0EjbzEW7FYhpxW%2BzOXsTyYL%2B3hYbioX2PTkVKzBFeLMMBEr8YfwHtwCEbmD%2BaM0EmQfRDFdkNG1bP9B0wRc4XtyAdjFP8vIHRijswFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9bf6cce0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
adserve.mahimeta.com/networks/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Finsurance-companies%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&size=Responsive&placement=inline&adId=mMTag_Responsive_86548769&screenWidth=1280&screenHeight=939&keywordViolation=false&blockedKeywords=&autoBlock=false&timezone=0&currTime=13:38&desktop=336x280&tablet=336x280&mobile=336x280&time_exceeded=false&page_categories=&thin_content_count=100
104.21.13.2200 OK 0 B URL HTTP/2 adserve.mahimeta.com/networks/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Finsurance-companies%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&size=Responsive&placement=inline&adId=mMTag_Responsive_86548769&screenWidth=1280&screenHeight=939&keywordViolation=false&blockedKeywords=&autoBlock=false&timezone=0&currTime=13:38&desktop=336x280&tablet=336x280&mobile=336x280&time_exceeded=false&page_categories=&thin_content_count=100
IP 104.21.13.2:0
POST /networks/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Finsurance-companies%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&size=Responsive&placement=inline&adId=mMTag_Responsive_86548769&screenWidth=1280&screenHeight=939&keywordViolation=false&blockedKeywords=&autoBlock=false&timezone=0&currTime=13:38&desktop=336x280&tablet=336x280&mobile=336x280&time_exceeded=false&page_categories=&thin_content_count=100 HTTP/1.1
Host: adserve.mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3610
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:38 GMT
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token
cache-control: no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVvdD92IXvcgXVOL3Bs2fNFJ1vUX%2BA7df%2F%2F3jpwsrTn1xruLeb440iYX663MCx7mmGcAzXep9K2iSvA2el7fNkGkUJMcpVVK4wlXbflP55bNJ8h%2BrS8QAWjzj%2B4nS7wXge1z1AQ%2BMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9b0ecb7b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mahimeta.com/networks/tag.js?cache=1670420318
188.114.96.1200 OK 0 B URL HTTP/2 mahimeta.com/networks/tag.js?cache=1670420318
IP 188.114.96.1:0
GET /networks/tag.js?cache=1670420318 HTTP/1.1
Host: mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 26 Aug 2022 12:40:56 GMT
etag: W/"6308bf58-271a6"
expires: Fri, 06 Jan 2023 13:38:38 GMT
cache-control: public, max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ti9BP2FLwN%2Bd4Xfa1lT4xOlyq082v9XqGtuQkdNZq%2BrXC2UVbwBBQNNzewZ3uyPh7ExtyUyJlIy2fkHf6uP9RgRD46AqDFsTUaW2WfWihwLh%2BbnelL4C9%2FGniCNAo8Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9acedc20af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420318243
172.67.70.145301 Moved Permanently 0 B URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420318243
IP 172.67.70.145:0
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420318243 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 07 Dec 2022 13:38:38 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Wed, 07 Dec 2022 14:38:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2BjBg4DRNfMGdJBZJbyPVBhs4g2jUW2KMGML3ayH5UQEVBjQLUkAB2gjW3hS9CGtxaYNslqjLGjKoTN4DxSrHvw%2B5oZ9jD8wtUy1QhZ785hmftpdAJu51KCyNxN%2FIlWFQfgtytDG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9af4c550b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?p=808&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&m=898&k=-1&j=0&s=complete&c=FR&h=0&i=1&x=netpub&t=1670420321348&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&g=0&r=90&n=100&zz=ef33f03adc20059840eaef7ee261acd9d99c687034b79ed766ede2f0d1fa2271&e=0&xx=b103e6a025422713ccb90c8e14aba948&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner2_marco2&b=string&aa=4dc6be22444e3dd0c721a812380edd9d39ee5fefc2fa118690224f3099e09eeb&w=14f9494694a9078dc2f4ae3c92e41760&yy=982fdaf3264edf3ccf1ccd8bffa6f325&o=270&f=dfp&q=728&v=1.6.0&a=true&l=1268&z=6e84323ed0548bf8dad44a041d62ae14
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?p=808&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&m=898&k=-1&j=0&s=complete&c=FR&h=0&i=1&x=netpub&t=1670420321348&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&g=0&r=90&n=100&zz=ef33f03adc20059840eaef7ee261acd9d99c687034b79ed766ede2f0d1fa2271&e=0&xx=b103e6a025422713ccb90c8e14aba948&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner2_marco2&b=string&aa=4dc6be22444e3dd0c721a812380edd9d39ee5fefc2fa118690224f3099e09eeb&w=14f9494694a9078dc2f4ae3c92e41760&yy=982fdaf3264edf3ccf1ccd8bffa6f325&o=270&f=dfp&q=728&v=1.6.0&a=true&l=1268&z=6e84323ed0548bf8dad44a041d62ae14
IP 172.67.70.145:0
GET /iab?p=808&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&m=898&k=-1&j=0&s=complete&c=FR&h=0&i=1&x=netpub&t=1670420321348&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&g=0&r=90&n=100&zz=ef33f03adc20059840eaef7ee261acd9d99c687034b79ed766ede2f0d1fa2271&e=0&xx=b103e6a025422713ccb90c8e14aba948&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner2_marco2&b=string&aa=4dc6be22444e3dd0c721a812380edd9d39ee5fefc2fa118690224f3099e09eeb&w=14f9494694a9078dc2f4ae3c92e41760&yy=982fdaf3264edf3ccf1ccd8bffa6f325&o=270&f=dfp&q=728&v=1.6.0&a=true&l=1268&z=6e84323ed0548bf8dad44a041d62ae14 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g68z1oWLqcF7LImoHTq7q1ao%2FIU66uua7FFWZYIAXpIB0ETLN0As1I5bnpc%2B8z%2FPatyrN195IMUYOtb4eH%2BZa11JbkkMS4DpMamq0mdNwDLUwv5k8M29LT5w0v%2FFcwwgJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c2c8830b59-OSL
X-Firefox-Spdy: h2
adserve2.mahimeta.com/ip/
104.21.13.2200 OK 0 B URL HTTP/2 adserve2.mahimeta.com/ip/
IP 104.21.13.2:0
GET /ip/ HTTP/1.1
Host: adserve2.mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token
cache-control: no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A1USgt%2FQELtRhtV96MFZM3IW0Zr%2BVQE0DxC%2FnM03SLvLLiHsJwviLUCZ%2F7LO6%2Bm%2Fc9hjKKoa%2BvtMYGGlCH08UzM212x%2FS1H4%2BdGavDDAb%2FVBAs1OgNTBB8%2FZ1lVcglzYpd5EhOpsRCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9b10ccab512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
172.67.70.145302 Found 0 B URL HTTP/2 fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
IP 172.67.70.145:0
GET /r/14f9494694a9078dc2f4ae3c92e41760/service.js HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/42a80543.js?npr=ed8796ad50f34ad69b409101dffdacdf
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z7EzzeBRvfZTuHdShgW7GJgbgkTQmzhr%2B6xyIv0UnHcdg1YHNBAvvlNrtgvAI2g1jquQIkA2EQHtBX9XVzJlvmBh1vho9Kttve4ndJ%2Bd6h8tCPkOB2hgIVsRazksTjTkFyf1KdN9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9ad1a360b59-OSL
X-Firefox-Spdy: h2
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317794
172.67.70.145301 Moved Permanently 0 B URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317794
IP 172.67.70.145:0
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1670420317794 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 07 Dec 2022 13:38:38 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Wed, 07 Dec 2022 14:38:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdyi29Y76YHK251BKmffCEGAtxwWn8mmJy9kO8kcIebGaDux%2B9A4aCZJOJEKD2Sxa9TwoDdaFGJxFZ6y%2BKBCJdkCQ16rY0g8fABq2rP8SngM8G0BCZo1YcUh5Pk2l6yCK8mAfi7c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9acfa230b59-OSL
X-Firefox-Spdy: h2
fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
172.67.70.145302 Found 0 B URL HTTP/2 fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
IP 172.67.70.145:0
GET /r/14f9494694a9078dc2f4ae3c92e41760/service.js HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/42a80543.js?npr=ed8796ad50f34ad69b409101dffdacdf
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eAGtoEhb1NWXDfm39%2B8b%2BkQ%2FQLWLufLs1UD21C%2FxIEdrqARIlrNp%2B3MgESH1OmJBxLf6xtsgHj%2FhtaSD6444etKPvaPBYtyo1pMbmv3taF0r9pc5ToOr%2Ffqp3IvA9eDK5nn%2FcZOI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9b03d3c0b59-OSL
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.163.31200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.163.31:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:39 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 410a7f5a5a39c304de6a0afd29fb9593
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 07 Dec 2022 13:38:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkkhyLIV8hZwXvyEeoGUtnAIJm2UJu1Z2Qb9yLhqXOnkG8me7KtSQaVU5sqhhC7WEO8J33%2B46v9Vuirgo8uPDr5ZY%2B%2FgsJQopHGUUynLffPi7OtqqoIdcVkduuWJiiTdWCPVSWE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9b3f81323fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
px.netpub.media/iab?f=dfp&xx=ddd2f09014d68a254357be908a6d89fd&o=509&zz=3f5f434b4648b0ba70c53b8d0ed9c251e2cf66c64191d491cea84d73142c34b7&e=0&m=898&n=100&k=2&z=6e84323ed0548bf8dad44a041d62ae14&q=250&i=1&l=1268&a=true&x=netpub&h=0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&b=embed&v=1.6.0&r=250&g=0&s=complete&p=1118.5&t=1670420321094&c=FR&j=0&yy=e57d0178b8e46c2d872be9636dc62597&aa=b0b0535f8b089ecb278afda98b98a0be894354648f0efda61b7c3c4fe91b4ad7&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?f=dfp&xx=ddd2f09014d68a254357be908a6d89fd&o=509&zz=3f5f434b4648b0ba70c53b8d0ed9c251e2cf66c64191d491cea84d73142c34b7&e=0&m=898&n=100&k=2&z=6e84323ed0548bf8dad44a041d62ae14&q=250&i=1&l=1268&a=true&x=netpub&h=0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&b=embed&v=1.6.0&r=250&g=0&s=complete&p=1118.5&t=1670420321094&c=FR&j=0&yy=e57d0178b8e46c2d872be9636dc62597&aa=b0b0535f8b089ecb278afda98b98a0be894354648f0efda61b7c3c4fe91b4ad7&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0
IP 172.67.70.145:0
GET /iab?f=dfp&xx=ddd2f09014d68a254357be908a6d89fd&o=509&zz=3f5f434b4648b0ba70c53b8d0ed9c251e2cf66c64191d491cea84d73142c34b7&e=0&m=898&n=100&k=2&z=6e84323ed0548bf8dad44a041d62ae14&q=250&i=1&l=1268&a=true&x=netpub&h=0&w=14f9494694a9078dc2f4ae3c92e41760&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&b=embed&v=1.6.0&r=250&g=0&s=complete&p=1118.5&t=1670420321094&c=FR&j=0&yy=e57d0178b8e46c2d872be9636dc62597&aa=b0b0535f8b089ecb278afda98b98a0be894354648f0efda61b7c3c4fe91b4ad7&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7XgbDCpYgyj6PVhP4hdZY2eUvttKtnRZYfkz2G43DNDojNnSIue5cqN9VZCL9dNvPuwD0Fs%2BkTQzrYTXrKvWCZUUQus3ISO8a90crtGOvP0bsmDbxxq%2Ffz3N48f6XwSDSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c13eb10b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
c.adsco.re/
104.17.166.186200 OK 0 B IP 104.17.166.186:0
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:38 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Sat, 07 Jan 2023 13:38:38 GMT
etag: W/"xkCBFtC0Wl/JiS60JFipuQ=="
cf-cache-status: HIT
age: 243832
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9b17d67b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/animate.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/utility/live-message/3-2/css/animate.css
IP 172.64.108.13:0
GET /sb/ssp/utility/live-message/3-2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: text/css
last-modified: Thu, 28 Apr 2022 08:29:13 GMT
etag: W/"626a5059-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nAwIuGSFDBCSLcak2%2BDJRn4EYlXfPMHh6X5iOfAfp7u%2B9nnDC2I75hCV%2BjE9qpeDbFdwR7NphHu6pwWI9a0YdKWgtJOq4QKSzGEP%2Fs68%2F%2FFyenzZYUCClCRhNB0dT3Do%2FGErFNceGh1D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775da9be280a06f1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
px.netpub.media/iab?f=dfp&s=complete&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&x=netpub&t=1670420321057&a=true&yy=441caf19b459c0357a9f96d60b566e6c&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&p=352.5&g=0&b=object&r=300&zz=5a291b81a123a91bc7b61b4b477c3d90b6e6bc7fa9f9d15681c515d4f01be9be&w=14f9494694a9078dc2f4ae3c92e41760&e=0&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&h=0&c=FR&aa=83e5358e44d8a42448a8fd603c8fe8e5cb555ecd874a16098e3a41206c7853db&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&i=1&z=6e84323ed0548bf8dad44a041d62ae14&n=100&o=454&l=1268&q=360&m=898
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?f=dfp&s=complete&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&x=netpub&t=1670420321057&a=true&yy=441caf19b459c0357a9f96d60b566e6c&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&p=352.5&g=0&b=object&r=300&zz=5a291b81a123a91bc7b61b4b477c3d90b6e6bc7fa9f9d15681c515d4f01be9be&w=14f9494694a9078dc2f4ae3c92e41760&e=0&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&h=0&c=FR&aa=83e5358e44d8a42448a8fd603c8fe8e5cb555ecd874a16098e3a41206c7853db&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&i=1&z=6e84323ed0548bf8dad44a041d62ae14&n=100&o=454&l=1268&q=360&m=898
IP 172.67.70.145:0
GET /iab?f=dfp&s=complete&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&v=1.6.0&x=netpub&t=1670420321057&a=true&yy=441caf19b459c0357a9f96d60b566e6c&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&p=352.5&g=0&b=object&r=300&zz=5a291b81a123a91bc7b61b4b477c3d90b6e6bc7fa9f9d15681c515d4f01be9be&w=14f9494694a9078dc2f4ae3c92e41760&e=0&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&h=0&c=FR&aa=83e5358e44d8a42448a8fd603c8fe8e5cb555ecd874a16098e3a41206c7853db&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&i=1&z=6e84323ed0548bf8dad44a041d62ae14&n=100&o=454&l=1268&q=360&m=898 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e31gQmpwVrmXpUID37JVQRje5o1USWyh0hpKEzS2KvZPjHz1h9ST2f6mxcpUXz%2FNlgREUd4i5N7SLXWXyPUoTA7mu1qA3UabpQJikMuColqr5XfW2TIcC1TltthQ2jWNpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c0fe5c0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
px.netpub.media/iab?c=FR&a=true&r=280&l=1268&q=336&e=0&s=complete&b=static&g=0&n=100&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_2&k=2&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&j=0&xx=ddd2f09014d68a254357be908a6d89fd&i=1&f=dfp&x=netpub&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&w=14f9494694a9078dc2f4ae3c92e41760&h=0&z=6e84323ed0548bf8dad44a041d62ae14&p=1201.5&t=1670420321839&yy=353f1b1dcac29ba94659eee3f8734a9e&v=1.6.0&aa=e2887ef341f9f93742bc44af49c65d44fce4ba0521472ff755cf9f8fb5ed6f35&o=466&zz=89e1cf93fa4dd22ce7f274491795b24d8856a0c0af90a5068df725a7a2119f9f&m=898
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?c=FR&a=true&r=280&l=1268&q=336&e=0&s=complete&b=static&g=0&n=100&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_2&k=2&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&j=0&xx=ddd2f09014d68a254357be908a6d89fd&i=1&f=dfp&x=netpub&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&w=14f9494694a9078dc2f4ae3c92e41760&h=0&z=6e84323ed0548bf8dad44a041d62ae14&p=1201.5&t=1670420321839&yy=353f1b1dcac29ba94659eee3f8734a9e&v=1.6.0&aa=e2887ef341f9f93742bc44af49c65d44fce4ba0521472ff755cf9f8fb5ed6f35&o=466&zz=89e1cf93fa4dd22ce7f274491795b24d8856a0c0af90a5068df725a7a2119f9f&m=898
IP 172.67.70.145:0
GET /iab?c=FR&a=true&r=280&l=1268&q=336&e=0&s=complete&b=static&g=0&n=100&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_2&k=2&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&j=0&xx=ddd2f09014d68a254357be908a6d89fd&i=1&f=dfp&x=netpub&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Finsurance-companies%2F&w=14f9494694a9078dc2f4ae3c92e41760&h=0&z=6e84323ed0548bf8dad44a041d62ae14&p=1201.5&t=1670420321839&yy=353f1b1dcac29ba94659eee3f8734a9e&v=1.6.0&aa=e2887ef341f9f93742bc44af49c65d44fce4ba0521472ff755cf9f8fb5ed6f35&o=466&zz=89e1cf93fa4dd22ce7f274491795b24d8856a0c0af90a5068df725a7a2119f9f&m=898 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 13:38:42 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FPCP0CvvYSFzZNEY%2FMh68zoYE4YRe5oc3O6CaHuZV84r4epBz2tYh1UIcPIV6kkbbLGvIKM9t2NLsgmSSCmfWHvgczMcm7SqKQoqnRU0%2BMmQUvUJWVcj%2BP2iYf9r7bQCnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775da9c5cbda0b59-OSL
X-Firefox-Spdy: h2