bellafinhart.blogspot.com/2022/08/contoh-borang-snap-quotation.html
216.58.207.193301 Moved Permanently 214 B URL HTTP/1.1 bellafinhart.blogspot.com/2022/08/contoh-borang-snap-quotation.html
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 86c7e44412290c059d8ace2225140036
b6e956e97252f19b40d7449f169f16216b3c8d6b
f1c90f58c34cbc91e627bcc4573b6ad5559496199c645bceee7da273aab4dd60
GET /2022/08/contoh-borang-snap-quotation.html HTTP/1.1
Host: bellafinhart.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://bellafinhart.blogspot.com/2022/08/contoh-borang-snap-quotation.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 28 Jan 2023 10:41:58 GMT
Expires: Sat, 28 Jan 2023 10:41:58 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 214
Server: GSE
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10453
Expires: Sat, 28 Jan 2023 13:36:11 GMT
Date: Sat, 28 Jan 2023 10:41:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5900
Expires: Sat, 28 Jan 2023 12:20:18 GMT
Date: Sat, 28 Jan 2023 10:41:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 09:43:05 GMT
content-type: application/json
age: 3533
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19420
Expires: Sat, 28 Jan 2023 16:05:38 GMT
Date: Sat, 28 Jan 2023 10:41:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YACQ2h4k6eqpvZU6xKUB2ryvViJ0WPT7k4KOC69AX8cYvwh5tY/VRCtedgOGLfNeXoM5g/6BJcg=
x-amz-request-id: K3KB89FD33N3Z8QG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 10:20:56 GMT
age: 1262
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7aa39f6d36d5f61782ab265b425647ef
08348416e84e3c36cdb8aad9a5b72070ce00d9b5
c595e935d3b4504f9b4518d98f50d4462a99627c17fd67a15f71d3f352510001
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 10:41:58 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 10:41:40 GMT
age: 18
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7aa39f6d36d5f61782ab265b425647ef
08348416e84e3c36cdb8aad9a5b72070ce00d9b5
c595e935d3b4504f9b4518d98f50d4462a99627c17fd67a15f71d3f352510001
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bellafinhart.blogspot.com/2022/08/contoh-borang-snap-quotation.html
216.58.207.193200 OK 58 kB URL HTTP/2 bellafinhart.blogspot.com/2022/08/contoh-borang-snap-quotation.html
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (12346)
Hash 151d7931d952c55bda88f0dd83702bd8
bf168a44d3b506c781c9ea65df011b5f8a85e932
7286a52250d70260dc1d3651f1dfe841a9c71bb9a85e0c3c5f15216ba1b9477b
GET /2022/08/contoh-borang-snap-quotation.html HTTP/1.1
Host: bellafinhart.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 28 Jan 2023 10:41:58 GMT
date: Sat, 28 Jan 2023 10:41:58 GMT
cache-control: private, max-age=0
last-modified: Sat, 10 Sep 2022 19:29:03 GMT
etag: W/"8e232ebdd9728e344492586812dfdecf626328f46f516e6e8fe749e84554348a"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 58433
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65451)
Hash 391678ecd81abb89d767676563d04a0d
ca95c965bf5453f22a77969f650d82cc0495aedc
0688a8577842e3019d1880c5e32bf44ab58a93592218886291e05eb8a1907c7b
GET /ajax/libs/jquery/3.5.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:41:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 27964
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15d95"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4034489
expires: Thu, 18 Jan 2024 10:41:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWsCeGmIjqOeNBqF0fBm7DADXi9ZivQqxRxMv8o7xFK%2FXQgt5ISXWPTsK8LEYnloSlxlcQVpIU%2FcnoZUKZn8ioRIsLynS60JVxQykFV%2B%2FS0NY8zIl%2BqMGbHqSoZ1wAHLHWFyJXCt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79091e685899fac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1385208708d03b629d017160dff9c54c
153b27bbe0795f31ebe6e7a10c203e0fd1189e3f
a8303777006d708802fa327d372484c2e5d937b39dad50b578aea65f6d31d03b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3764
Expires: Sat, 28 Jan 2023 11:44:43 GMT
Date: Sat, 28 Jan 2023 10:41:59 GMT
Connection: keep-alive
apis.google.com/js/platform.js
172.217.21.174200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js
IP 172.217.21.174:0
File type ASCII text, with very long lines (1429)
Hash 2354fa28c58e16af89e7da6224aeca93
6bd3430a81730ed77c5d53f5406ddb40306ecabd
dc35ae752b7be035bd3a3bd4ae205e41afce5fa8f88e1bfe0e9524610df10f3b
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20950
date: Sat, 28 Jan 2023 10:41:59 GMT
expires: Sat, 28 Jan 2023 10:41:59 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "03884666a30c671f"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 24fb829cf6626607036d3aa12e254f2f
993cd8ca527ef8b5ac101471af4589f477bc9f42
54e2f3602c541ad1e17294295b78c571e84d62907e0797f6248c0ed73a5ba4b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.AMZ27oQJoUI.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dsXwz2g0gTMdQFEKa7ZoVvtQf4g/cb=gapi.loaded_0?le=scs
172.217.21.174200 OK 61 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.AMZ27oQJoUI.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dsXwz2g0gTMdQFEKa7ZoVvtQf4g/cb=gapi.loaded_0?le=scs
IP 172.217.21.174:0
File type ASCII text, with very long lines (1448)
Hash 62f98a42acaa85f40e228f65e5ee2361
a41c1755a6a2708340b74638f11ebdeed8e977db
54acbd2f18406888cbe8ee3fc76b512081c7c1c0102a4b1f7eef6cd11fc60f15
GET /_/scs/abc-static/_/js/k=gapi.lb.en.AMZ27oQJoUI.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dsXwz2g0gTMdQFEKa7ZoVvtQf4g/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 60741
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 02:19:01 GMT
expires: Fri, 26 Jan 2024 02:19:01 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 07 Jan 2023 15:19:07 GMT
content-type: text/javascript; charset=UTF-8
age: 202978
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 24fb829cf6626607036d3aa12e254f2f
993cd8ca527ef8b5ac101471af4589f477bc9f42
54e2f3602c541ad1e17294295b78c571e84d62907e0797f6248c0ed73a5ba4b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 24fb829cf6626607036d3aa12e254f2f
993cd8ca527ef8b5ac101471af4589f477bc9f42
54e2f3602c541ad1e17294295b78c571e84d62907e0797f6248c0ed73a5ba4b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 166bf2c6932f048996b3fe12e1cf3db9
9489d067ac8215775dda446a4c291e6db1e8ab3f
896314990eb656b725f8ec5d3753e70bf71e956c142a15b45773a77bb7d6ff24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
216.58.207.233200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (1441)
Hash f60e5037324bf7fd2256c16929886f09
aae4b1aea3737e0268e3578dd1d0e7cfe6c6d66b
71846da8d45274b77549b110389ab3dbcb8ce042051b5c39547909c1c343dfde
GET /static/v1/jsbin/3469866930-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6573
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 15:34:38 GMT
expires: Wed, 24 Jan 2024 15:34:38 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 17:56:07 GMT
content-type: text/javascript
age: 328041
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
142.250.74.66200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 142.250.74.66:0
Hash d0360ff032091f5b24fb22cdc84a6890
76140dbc7eb007f3ec7995d88e7491ebebcf159c
29ea95cbc925c4afd08a2d36d812406c2a0172e0bb2703fce7a76749667472d7
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 42
x-xss-protection: 0
date: Sat, 28 Jan 2023 10:05:41 GMT
expires: Sat, 11 Feb 2023 10:05:41 GMT
cache-control: public, max-age=1209600
age: 2178
etag: 13036835877489095579
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/1253685842-widgets.js
216.58.207.233200 OK 156 kB URL HTTP/2 www.blogger.com/static/v1/widgets/1253685842-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2221)
Size 156 kB (156311 bytes)
Hash 282c3db331d4d3d06779b0b8a60ef7c2
c0450142786dc1ce0f3875608b38591ff7eaaf1b
6c3f04bab4d89e7ea271ecb6ffd98b1fb47634d30cc10aa52169c4d2bdefce77
GET /static/v1/widgets/1253685842-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 156311
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 01:57:07 GMT
expires: Tue, 23 Jan 2024 01:57:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 00:54:53 GMT
content-type: text/javascript
age: 463492
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 24fb829cf6626607036d3aa12e254f2f
993cd8ca527ef8b5ac101471af4589f477bc9f42
54e2f3602c541ad1e17294295b78c571e84d62907e0797f6248c0ed73a5ba4b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
images.template.net/wp-content/uploads/2018/11/Ecommerce-Website-Quotation.jpg
151.101.194.133200 OK 9.2 kB URL HTTP/2 images.template.net/wp-content/uploads/2018/11/Ecommerce-Website-Quotation.jpg
IP 151.101.194.133:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 440x570, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7cde4ca2c678b0c8d34e784fdf8f0c5c
d903fd4f5cf395683c1828330aee0dd49b60acd8
2c17797a59a052153ce559089f1b91df9859e1bf1c5d1ccc15208fd089807da6
GET /wp-content/uploads/2018/11/Ecommerce-Website-Quotation.jpg HTTP/1.1
Host: images.template.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "vsJP4mmwnxMaGfUBdjYZ2ooY/Kn+41580Ht09TkMih4"
expires: Thu, 09 Nov 2028 10:10:13 +0000
fastly-io-info: ifsz=63604 idim=440x570 ifmt=jpeg ofsz=9180 odim=440x570 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: S2qQgftLRAQrmr7Y1G6s9PDJnOkOnQSVe8fRzBC8+LwEaXOOG8snsznF9eY7FUr0T7nu7j9Pkq0=
x-amz-request-id: WBD076VFK93E0ENX
x-amz-version-id: 4g7JapFF_yZH2cKZ0MkEOTyFqkLqFXWS
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000, public
access-control-allow-origin: *
accept-ranges: bytes
date: Sat, 28 Jan 2023 10:41:59 GMT
age: 1036562
x-served-by: cache-lax10646-LGB, cache-bma1648-BMA
x-cache: HIT, MISS
x-cache-hits: 26, 0
x-timer: S1674902519.312000,VS0,VE149
vary: Accept
content-length: 9180
X-Firefox-Spdy: h2
images.template.net/wp-content/uploads/2016/05/Professional-Service-Quotation-Template.jpg
151.101.194.133200 OK 8.9 kB URL HTTP/2 images.template.net/wp-content/uploads/2016/05/Professional-Service-Quotation-Template.jpg
IP 151.101.194.133:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 390x505, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7eef413e487a88c9329136283c7a8062
bdf7328753c5dc05cad1ad82540c2168aec13385
5d830b2034bbe5aca6a9f15200da3e3c261cbce3513bddb73d57bf23733ac75d
GET /wp-content/uploads/2016/05/Professional-Service-Quotation-Template.jpg HTTP/1.1
Host: images.template.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "Yz6TV4cm3zao0d00VvFyXb2wlcFeU3pUj48Kju8noOY"
expires: Mon, 09 Feb 2032 07:47:34 +0000
fastly-io-info: ifsz=76499 idim=390x505 ifmt=jpeg ofsz=8872 odim=390x505 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: ZXtiIKO290d92nL9jTCZsTBrfDZEH0jyjlNp1rD6jFhivZolz8F/l8y7FKzP7vYd4B4WK8IIPLU=
x-amz-request-id: WBD6HSHCRHRTNJAZ
x-amz-version-id: obKH7kjsrrOLf9qo0p6VXIFQ9fbe0ubo
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000, public
access-control-allow-origin: *
accept-ranges: bytes
date: Sat, 28 Jan 2023 10:41:59 GMT
age: 1036561
x-served-by: cache-lax10651-LGB, cache-bma1648-BMA
x-cache: HIT, MISS
x-cache-hits: 4, 0
x-timer: S1674902519.312199,VS0,VE165
vary: Accept
content-length: 8872
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.164.184.133101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.184.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: I5PvQKSvvotq1x4kmL8few==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ofDApgWCm3aFmEhKk44V0ao3nXE=
lh3.googleusercontent.com/blogger_img_proxy/AHs97-lKKNy8gNAOtmGqQn61KqQIghXrkZqeQilBNTQ1bXlVHyQkHqsBCslwGXfBHQtvhBmXHPy0J35nTgTHrKkMkKen9E-ZG62v6PDqf-MBJxY_cItRuY-uZL3qEbXQ-zrraLEKCvLtyBYckzh4G2R9sap9VF5wLDlsqDDJzw=w72-h72-p-k-no-nu
142.250.74.97200 OK 1.6 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AHs97-lKKNy8gNAOtmGqQn61KqQIghXrkZqeQilBNTQ1bXlVHyQkHqsBCslwGXfBHQtvhBmXHPy0J35nTgTHrKkMkKen9E-ZG62v6PDqf-MBJxY_cItRuY-uZL3qEbXQ-zrraLEKCvLtyBYckzh4G2R9sap9VF5wLDlsqDDJzw=w72-h72-p-k-no-nu
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Hash 6b695e81f1a4beff204bf8765c4a2f5c
77dd4e625555cb3bdfeaa4a687922d1b4347e9a5
700780eeec87d29c9974e504d3cb4fc55b46ee11bd45714e913e7aefc9c27dc9
GET /blogger_img_proxy/AHs97-lKKNy8gNAOtmGqQn61KqQIghXrkZqeQilBNTQ1bXlVHyQkHqsBCslwGXfBHQtvhBmXHPy0J35nTgTHrKkMkKen9E-ZG62v6PDqf-MBJxY_cItRuY-uZL3qEbXQ-zrraLEKCvLtyBYckzh4G2R9sap9VF5wLDlsqDDJzw=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Sun, 29 Jan 2023 10:41:59 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 10:41:59 GMT
server: fife
content-length: 1610
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 166bf2c6932f048996b3fe12e1cf3db9
9489d067ac8215775dda446a4c291e6db1e8ab3f
896314990eb656b725f8ec5d3753e70bf71e956c142a15b45773a77bb7d6ff24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:41:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
images.template.net/wp-content/uploads/2017/06/Format-of-Quotation-Template.jpg
151.101.194.133200 OK 29 kB URL HTTP/2 images.template.net/wp-content/uploads/2017/06/Format-of-Quotation-Template.jpg
IP 151.101.194.133:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 600x730, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e8cd4a5c84ff6726f9fca440d098635d
83da295b80cdd54f7b28bd5ab3b6b280bfd07df8
caeeda775994a951e0a5c19b8fe2c8c2f2b98d159d466bff9c3ce4bebc8f21f9
GET /wp-content/uploads/2017/06/Format-of-Quotation-Template.jpg HTTP/1.1
Host: images.template.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "R3MkvPew6n/F154OhA+0Tct+LbKEsp2hSjX0fnX4lkg"
expires: Sun, 20 Jun 2027 08:19:40 +0000
fastly-io-info: ifsz=48818 idim=600x730 ifmt=jpeg ofsz=28690 odim=600x730 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: k50U7KMksvl/fn4b5hzFlAJjjc4LQNaVFeyH96TkI/Jq724Vw7OtDt4M2o7hF9MF3sXScakSSio=
x-amz-request-id: 32KGFFTJ258ERGKJ
x-amz-version-id: Y1vfANHT34vOIBnqamxiSxuKvczr1EPo
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000, public
access-control-allow-origin: *
accept-ranges: bytes
date: Sat, 28 Jan 2023 10:41:59 GMT
age: 1042372
x-served-by: cache-sna10745-LGB, cache-bma1648-BMA
x-cache: HIT, MISS
x-cache-hits: 27, 0
x-timer: S1674902519.314833,VS0,VE458
vary: Accept
content-length: 28690
X-Firefox-Spdy: h2
www.blogger.com/dyn-css/authorization.css?targetBlogID=6510422550278638615&zx=cab9cef9-25ae-4c7f-a010-8af5a6a62113
216.58.207.233200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=6510422550278638615&zx=cab9cef9-25ae-4c7f-a010-8af5a6a62113
IP 216.58.207.233:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=6510422550278638615&zx=cab9cef9-25ae-4c7f-a010-8af5a6a62113 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 10:41:59 GMT
last-modified: Sat, 28 Jan 2023 10:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.blogger.com/navbar.g?targetBlogID=6510422550278638615&blogName=BellafinHart&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://bellafinhart.blogspot.com/search&blogLocale=en&v=2&homepageUrl=https://bellafinhart.blogspot.com/&targetPostID=8610539488379878065&blogPostOrPageUrl=https://bellafinhart.blogspot.com/2022/08/contoh-borang-snap-quotation.html&vt=-556880765895330658&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.AMZ27oQJoUI.O%2Fd%3D1%2Frs%3DAHpOoo9dsXwz2g0gTMdQFEKa7ZoVvtQf4g%2Fm%3D__features__
216.58.207.233200 OK 2.6 kB URL HTTP/2 www.blogger.com/navbar.g?targetBlogID=6510422550278638615&blogName=BellafinHart&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://bellafinhart.blogspot.com/search&blogLocale=en&v=2&homepageUrl=https://bellafinhart.blogspot.com/&targetPostID=8610539488379878065&blogPostOrPageUrl=https://bellafinhart.blogspot.com/2022/08/contoh-borang-snap-quotation.html&vt=-556880765895330658&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.AMZ27oQJoUI.O%2Fd%3D1%2Frs%3DAHpOoo9dsXwz2g0gTMdQFEKa7ZoVvtQf4g%2Fm%3D__features__
IP 216.58.207.233:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3172)
Hash ffc5674c4e37c70c0ef0ac1c677670fe
61f6b3dda98fc9be665d5fb08305c6f71ec0a0b4
0b92106b950c26ae7396efe8191d856508a84399f0f128d0905aa57747db6439
GET /navbar.g?targetBlogID=6510422550278638615&blogName=BellafinHart&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=BLUE&layoutType=LAYOUTS&searchRoot=https://bellafinhart.blogspot.com/search&blogLocale=en&v=2&homepageUrl=https://bellafinhart.blogspot.com/&targetPostID=8610539488379878065&blogPostOrPageUrl=https://bellafinhart.blogspot.com/2022/08/contoh-borang-snap-quotation.html&vt=-556880765895330658&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.AMZ27oQJoUI.O%2Fd%3D1%2Frs%3DAHpOoo9dsXwz2g0gTMdQFEKa7ZoVvtQf4g%2Fm%3D__features__ HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 10:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 2642
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6306b5d103f6c08b208a66df111e7e93
315fd14a311485ef50b2a8d689f168e64328a089
126d1016533d2cd9795b0c9013c427174a87f3587e607f773a68072cc64ec148
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "126D1016533D2CD9795B0C9013C427174A87F3587E607F773A68072CC64EC148"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20029
Expires: Sat, 28 Jan 2023 16:15:49 GMT
Date: Sat, 28 Jan 2023 10:42:00 GMT
Connection: keep-alive
inflictgive.com/b5e240a04cdb715398965aa37ed6d31d/invoke.js
173.233.137.60200 OK 9.8 kB URL HTTP/1.1 inflictgive.com/b5e240a04cdb715398965aa37ed6d31d/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (26941), with no line terminators
Hash 5225857acbdcfc73326eb8e926c69e0a
db504a7d0474c8bad9f56f13f1044e734c2a0f57
7d9180066bbd850fdbdd2d9dd99f2d902df095bab511782f78cb19ce4ea7e7c9
Analyzer Verdict Alert fortinet Phishing
GET /b5e240a04cdb715398965aa37ed6d31d/invoke.js HTTP/1.1
Host: inflictgive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 10:42:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4a7125d08fec86be5c0b1405856ae123
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
inflictgive.com/032e2d77da478cc447a1aa38e5be0ec8/invoke.js
173.233.137.60200 OK 9.8 kB URL HTTP/1.1 inflictgive.com/032e2d77da478cc447a1aa38e5be0ec8/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (26974), with no line terminators
Hash cc9b1e1693512fde1895e67358f28dca
deb6ace0ca13ef073e708bd6cfefe409d84f3f49
48a9ea242213f19975087f1674da583f6a359b5d0d7d59ebd8c454e40b0ec111
Analyzer Verdict Alert fortinet Malware
GET /032e2d77da478cc447a1aa38e5be0ec8/invoke.js HTTP/1.1
Host: inflictgive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 10:42:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 70a7c9cdab346184c6e5849ae4f81788
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 0349e6d78e3182b23c8a0b92b3b0a8b3
0fc1da04b464f7b1e7ff4f56b3ee95d72417f1d1
79840bcd7e18738f712f7d87bbbfdb05269e357d388523676ce4333cc8a2f2d4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=97978
Date: Sat, 28 Jan 2023 10:42:00 GMT
Etag: "63d3d217-1d7"
Expires: Sun, 29 Jan 2023 13:54:58 GMT
Last-Modified: Fri, 27 Jan 2023 13:31:03 GMT
Server: ECS (nyb/1D0C)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: E9cloCnNEXh3EjaBgGcHPeUKLMPLgvBFOcGxzf_mAyf0c5QPZ8EyHQ==
Age: 1436
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash deb4d149f02f95cb96ba920f77a9c62a
99ae20bef144dbf7b27e1cf4e6de689ad4721702
2c31430a347ce264430e5623c03b53a864e684593dbcc9ea3f5d58984e0cb7df
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bellafinhart.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=442a5707-a352-43d2-a97f-67598664abee:1:1; expires=Tue, 25 Jan 2033 10:42:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash a4a435f39568f9127ba07440151d5abb
3bc16c4d87225b4b689774b7f317a244d9502601
7a044f192275aa9725b0809e0210c136ed9b84a0dce65e7441cd9cdec68279a3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://bellafinhart.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=24f780d6-d79d-4091-a96b-9a7ff4eec951:2:1; expires=Tue, 25 Jan 2033 10:42:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
inflictgive.com/8a72538b2e448c93a1a503886d2cfd7e/invoke.js
173.233.137.60200 OK 9.8 kB URL HTTP/1.1 inflictgive.com/8a72538b2e448c93a1a503886d2cfd7e/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (27018), with no line terminators
Hash 383842f699b71b8fa4af97905f7c7649
0d0c7e267006b6e121325442318241c930c4a89e
9a025aa3580b10030b7f21a3d2ca37b94221795585b90e5801ed6d63f00c56ce
Analyzer Verdict Alert fortinet Phishing
GET /8a72538b2e448c93a1a503886d2cfd7e/invoke.js HTTP/1.1
Host: inflictgive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 10:42:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 20e5370b4c8d592ca7bb20778992fbb4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8544
Expires: Sat, 28 Jan 2023 13:04:24 GMT
Date: Sat, 28 Jan 2023 10:42:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8544
Expires: Sat, 28 Jan 2023 13:04:24 GMT
Date: Sat, 28 Jan 2023 10:42:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 46382
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 41899
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 45914
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4ab1206-2f2c-4daf-abf7-d4cc431b79b2.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4ab1206-2f2c-4daf-abf7-d4cc431b79b2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e309628617789c29791d3e5d7dfeb19
bdcc8216d475268a7429c69a6b49a2c1febb8ff2
8810db74253ce6101c61ad97c59a3558e4ae7387593ff7ac66003a0d309d04c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4ab1206-2f2c-4daf-abf7-d4cc431b79b2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7367
x-amzn-requestid: 1e89d117-3167-4873-b596-f7f93e75d009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EWHDYIAMF1tQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b5-17fd5e5649207dff1289c699;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ppdJECiDzgoYOBafVKAzErsXswgAYG83Glj_HFY9KgTJqdC5dqZYwA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:08 GMT
age: 46372
etag: "bdcc8216d475268a7429c69a6b49a2c1febb8ff2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
age: 45923
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 42947
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
104.17.25.14200 OK 77 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 104.17.25.14:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:00 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 77160
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-12d68"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 210450
expires: Thu, 18 Jan 2024 10:42:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W4W2huj8IJxpjCR8BiL%2BzvX3cEdrAxc283jA7FTMCU9gBPlRqonMqNzOK%2FVh9msju7jz%2FUJ26Yzim5mSQySJihBNXLIdvOcvfV544ignhyPfjXo5GL7eo4NiaJbsgloVL6Fmlll1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79091e733f07fac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:42:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:42:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6e9e51f24a8de3588b98ca3fd81a38f3
f34b183127b1e50b6a0e2009046bccbc0325e399
22aefa63e156db1aee1e4b2c148292f2ebc3a60101b5df5b662b6571b8db5bbe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22AEFA63E156DB1AEE1E4B2C148292F2EBC3A60101B5DF5B662B6571B8DB5BBE"
Last-Modified: Thu, 26 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6956
Expires: Sat, 28 Jan 2023 12:37:56 GMT
Date: Sat, 28 Jan 2023 10:42:00 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:42:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.227200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 03:37:22 GMT
expires: Thu, 25 Jan 2024 03:37:22 GMT
cache-control: public, max-age=31536000
age: 284678
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
216.58.207.227200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 02:42:35 GMT
expires: Wed, 24 Jan 2024 02:42:35 GMT
cache-control: public, max-age=31536000
age: 374365
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8fc52c9a9baff7fa942523e6d1aa1867
0d533a2f9bc7fc41d15d2b0bbdcdc7d99ee96e66
784ff03f83b31a749592f684a6180ea94af535057e58c4916eb6c550fef8a186
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "784FF03F83B31A749592F684A6180EA94AF535057E58C4916EB6C550FEF8A186"
Last-Modified: Sat, 28 Jan 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12315
Expires: Sat, 28 Jan 2023 14:07:15 GMT
Date: Sat, 28 Jan 2023 10:42:00 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:42:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 622311873d3819b9911301b09bc2d43c
9f08d648e40479aa12da033da15b80a15017c739
6138674cec17da8b7bb02bf0686bf3e7aefa2bce6a5f844ebd80e10b665818b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:42:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
142.250.74.164200 OK 668 B URL HTTP/2 www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
IP 142.250.74.164:0
File type ASCII text, with very long lines (1034), with no line terminators
Hash dc0970ee345b90a14d79327dc20bf48c
ef64af0b9aa38731125da81bbd3aa5247d30da7d
37b0c4b55ed83ab6e05003db8b0c4814ea0f92100727929af3407e535d1c8a10
GET /recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 28 Jan 2023 10:42:01 GMT
date: Sat, 28 Jan 2023 10:42:01 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 668
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash df9cc0fd50ca39b958de0dd798913a87
4e8a968fe32696512dbb701284f9b41de998e9ce
d4ed7b33cfffddec99ed92ba347802bb5b29a71f7874a847a125fe78bba854e3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D4ED7B33CFFFDDEC99ED92BA347802BB5B29A71F7874A847A125FE78BBA854E3"
Last-Modified: Sat, 28 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9407
Expires: Sat, 28 Jan 2023 13:18:48 GMT
Date: Sat, 28 Jan 2023 10:42:01 GMT
Connection: keep-alive
tragicbeyond.com/watch.1338357751628.js?key=b5e240a04cdb715398965aa37ed6d31d&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=442a5707-a352-43d2-a97f-67598664abee%3A1%3A1
192.243.59.13307 Temporary Redirect 0 B URL HTTP/1.1 tragicbeyond.com/watch.1338357751628.js?key=b5e240a04cdb715398965aa37ed6d31d&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=442a5707-a352-43d2-a97f-67598664abee%3A1%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1338357751628.js?key=b5e240a04cdb715398965aa37ed6d31d&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=442a5707-a352-43d2-a97f-67598664abee%3A1%3A1 HTTP/1.1
Host: tragicbeyond.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 10:42:01 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bellafinhart.blogspot.com
Access-Control-Allow-Origin: https://bellafinhart.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://tragicbeyond.com/watch.1338357751628.js?key=b5e240a04cdb715398965aa37ed6d31d&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=442a5707-a352-43d2-a97f-67598664abee%3A1%3A1&shu=0121dffba0a254f8e932a819fa43bf4c97827fdb19249b2611053a587b8e77fd6650d44dc9817f8c41351ac23bb2b2387c8c6f9cdb324a6da6e510a73ab73bd75aa4d199cc3e786b2446434b12d4a454676aa31b&pst=1674902581&rmtc=t
Set-Cookie: u_pl=16161423; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjE2MTQyMywiayI6ImI1ZTI0MGEwNGNkYjcxNTM5ODk2NWFhMzdlZDZkMzFkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDc0NjUyLCJwaWQiOjI3MTcxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoiaWF3ajduOG00IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmVsbGFmaW5oYXJ0LmJsb2dzcG90LmNvbS8yMDIyLzA4L2NvbnRvaC1ib3Jhbmctc25hcC1xdW90YXRpb24uaHRtbCJ9fQ.ss3Qytg8iIWBUxl77JRIBgM1raG5r5ZhMDDFbfI-3z0; expires=Sat, 28 Jan 2023 10:43:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ec8cb3440a62de9059d4e8157ef0c87e
Strict-Transport-Security: max-age=0; includeSubdomains
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
216.58.207.227200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
IP 216.58.207.227:0
File type ASCII text, with very long lines (771)
Size 164 kB (163774 bytes)
Hash 57c909ab73fc27ec24f737bbf1cb1de8
89b2c02e9e7a9a764518fca545d3eec2044fd6d9
7e407e2b00bb7c238c71d96472f7ab030de4e610b1048f0f77b25cb85c2d166b
GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 17:09:34 GMT
expires: Tue, 23 Jan 2024 17:09:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/javascript
age: 408747
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
equitydefault.com/watch.1631648374072.js?key=032e2d77da478cc447a1aa38e5be0ec8&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1
192.243.59.13307 Temporary Redirect 0 B URL HTTP/1.1 equitydefault.com/watch.1631648374072.js?key=032e2d77da478cc447a1aa38e5be0ec8&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch.1631648374072.js?key=032e2d77da478cc447a1aa38e5be0ec8&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1 HTTP/1.1
Host: equitydefault.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 10:42:01 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bellafinhart.blogspot.com
Access-Control-Allow-Origin: https://bellafinhart.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://equitydefault.com/watch.1631648374072.js?key=032e2d77da478cc447a1aa38e5be0ec8&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1&shu=69f19c84e88498133854498d7402742a0288a5f2b6b4931056cd240f0f263612fe855115ac82449f1ff09aa6bbc986c905a735e5d57932a6782350b95cb6e594ba9d0f4215665741a31b3dc3c366c69c675aa189&pst=1674902581&rmtc=t
Set-Cookie: u_pl=16005839; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjAwNTgzOSwiayI6IjAzMmUyZDc3ZGE0NzhjYzQ0N2ExYWEzOGU1YmUwZWM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDc0NjUyLCJwaWQiOjI3MTcxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJlM2YyZ21lNXMiLCJjcGtzIjp7ICIyOCI6ImEyYWFjNzI1NTg1OGM2Y2I2ZTM4NzFhYjZjZmUxYzE4In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2JlbGxhZmluaGFydC5ibG9nc3BvdC5jb20vMjAyMi8wOC9jb250b2gtYm9yYW5nLXNuYXAtcXVvdGF0aW9uLmh0bWwifX0.yferGYo__V76TURiVcLlELyVDPqxuXYVtmm35gOoOtg; expires=Sat, 28 Jan 2023 10:43:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 48aa41f086c0c905ba917723f831bd33
Strict-Transport-Security: max-age=0; includeSubdomains
equitydefault.com/a2/aa/c7/a2aac7255858c6cb6e3871ab6cfe1c18.js
192.243.59.13200 OK 29 kB URL HTTP/1.1 equitydefault.com/a2/aa/c7/a2aac7255858c6cb6e3871ab6cfe1c18.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 34ce064d0bf0d8eecf5cbc34b382bf05
cdf29d3224f172d17195864d2746086d3b73fcc0
9231f6f2cacf7bb095e7980c1eb87c91c1a5687ca4de0791991443f934ce1106
GET /a2/aa/c7/a2aac7255858c6cb6e3871ab6cfe1c18.js HTTP/1.1
Host: equitydefault.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 10:42:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a6f38f1f90226f4fe3161d4e6508615a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tragicbeyond.com/watch.1338357751628.js?key=b5e240a04cdb715398965aa37ed6d31d&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=442a5707-a352-43d2-a97f-67598664abee%3A1%3A1&shu=0121dffba0a254f8e932a819fa43bf4c97827fdb19249b2611053a587b8e77fd6650d44dc9817f8c41351ac23bb2b2387c8c6f9cdb324a6da6e510a73ab73bd75aa4d199cc3e786b2446434b12d4a454676aa31b&pst=1674902581&rmtc=t
192.243.59.13200 OK 2.1 kB URL HTTP/1.1 tragicbeyond.com/watch.1338357751628.js?key=b5e240a04cdb715398965aa37ed6d31d&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=442a5707-a352-43d2-a97f-67598664abee%3A1%3A1&shu=0121dffba0a254f8e932a819fa43bf4c97827fdb19249b2611053a587b8e77fd6650d44dc9817f8c41351ac23bb2b2387c8c6f9cdb324a6da6e510a73ab73bd75aa4d199cc3e786b2446434b12d4a454676aa31b&pst=1674902581&rmtc=t
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (2640)
Hash 7ccc01f1a3f074805566fac07653b407
45cada460bba7a88cbc678b3e254577f9eadca87
b33d513b879b0fe4424af0a8f83200a86eaed0e4e57cb46f325bca872cea3245
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1338357751628.js?key=b5e240a04cdb715398965aa37ed6d31d&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=442a5707-a352-43d2-a97f-67598664abee%3A1%3A1&shu=0121dffba0a254f8e932a819fa43bf4c97827fdb19249b2611053a587b8e77fd6650d44dc9817f8c41351ac23bb2b2387c8c6f9cdb324a6da6e510a73ab73bd75aa4d199cc3e786b2446434b12d4a454676aa31b&pst=1674902581&rmtc=t HTTP/1.1
Host: tragicbeyond.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Referer: https://bellafinhart.blogspot.com/
Connection: keep-alive
Cookie: u_pl=16161423; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjE2MTQyMywiayI6ImI1ZTI0MGEwNGNkYjcxNTM5ODk2NWFhMzdlZDZkMzFkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDc0NjUyLCJwaWQiOjI3MTcxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoiaWF3ajduOG00IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmVsbGFmaW5oYXJ0LmJsb2dzcG90LmNvbS8yMDIyLzA4L2NvbnRvaC1ib3Jhbmctc25hcC1xdW90YXRpb24uaHRtbCJ9fQ.ss3Qytg8iIWBUxl77JRIBgM1raG5r5ZhMDDFbfI-3z0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 10:42:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bellafinhart.blogspot.com
Access-Control-Allow-Origin: https://bellafinhart.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=442a5707-a352-43d2-a97f-67598664abee:1:1; expires=Sat, 04 Feb 2023 10:42:01 GMT; secure; SameSite=None
iprcbc253cc2ef4613cc4225d027e366d341=3569808; expires=Sat, 28 Jan 2023 14:42:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
uncs=1; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
uncs23=1; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 04b512fbb0820cdf726322629666bf7b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
prototypewailrubber.com/watch.695421360551.js?key=8a72538b2e448c93a1a503886d2cfd7e&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1
192.243.59.20307 Temporary Redirect 0 B URL HTTP/1.1 prototypewailrubber.com/watch.695421360551.js?key=8a72538b2e448c93a1a503886d2cfd7e&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.695421360551.js?key=8a72538b2e448c93a1a503886d2cfd7e&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1 HTTP/1.1
Host: prototypewailrubber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 10:42:01 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bellafinhart.blogspot.com
Access-Control-Allow-Origin: https://bellafinhart.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://prototypewailrubber.com/watch.695421360551.js?key=8a72538b2e448c93a1a503886d2cfd7e&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1&shu=e6df78298b2dfd73adaeb1d7c5ebe5019dc766d1b485101ea12c94e3c6c64e5dc242a6a1b5f8e35030ed5a0af15b9a150b698d16f3d3183bbddc5a77340e015fee4cf7747ce722ab3c3a3d5057d83f619c731423&pst=1674902581&rmtc=t
Set-Cookie: u_pl=16006291; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjAwNjI5MSwiayI6IjhhNzI1MzhiMmU0NDhjOTNhMWE1MDM4ODZkMmNmZDdlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDc0NjUyLCJwaWQiOjI3MTcxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjozMiwicHQiOjQsInBrIjoiZXJqa2p2NHBjIiwiY3BrcyI6eyAiMjkiOiI1Yzg5MDlhNDYxNTYwZDEyMTM0ZmYyN2FjMmNjNjU1ZSIsIjI4IjoiNTFjOThkMDgxOTdiNDI5MjdmMTY2Y2UzNGYwMGVhNTMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmVsbGFmaW5oYXJ0LmJsb2dzcG90LmNvbS8yMDIyLzA4L2NvbnRvaC1ib3Jhbmctc25hcC1xdW90YXRpb24uaHRtbCJ9fQ.ir5Uat1Jzjfn2VEuOnU-jTcfhDCznxIQcSB4KEaqv84; expires=Sat, 28 Jan 2023 10:43:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 12fe990aba0b9a99914e57161832ca41
Strict-Transport-Security: max-age=0; includeSubdomains
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css
216.58.207.227200 OK 25 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css
IP 216.58.207.227:0
File type ASCII text, with very long lines (56403), with no line terminators
Hash a42c6333a13e5376af95f46fd9c7b627
57a98e519a44915e39a0cb6f23812adfa6611e67
62bff9dd0379da44f9d7f739af671bb6b243c016b49c7146b431ae9e6b9cb41b
GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24605
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 17:12:49 GMT
expires: Tue, 23 Jan 2024 17:12:49 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/css
age: 408552
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
equitydefault.com/watch.1631648374072.js?key=032e2d77da478cc447a1aa38e5be0ec8&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1&shu=69f19c84e88498133854498d7402742a0288a5f2b6b4931056cd240f0f263612fe855115ac82449f1ff09aa6bbc986c905a735e5d57932a6782350b95cb6e594ba9d0f4215665741a31b3dc3c366c69c675aa189&pst=1674902581&rmtc=t
192.243.59.13200 OK 2.1 kB URL HTTP/1.1 equitydefault.com/watch.1631648374072.js?key=032e2d77da478cc447a1aa38e5be0ec8&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1&shu=69f19c84e88498133854498d7402742a0288a5f2b6b4931056cd240f0f263612fe855115ac82449f1ff09aa6bbc986c905a735e5d57932a6782350b95cb6e594ba9d0f4215665741a31b3dc3c366c69c675aa189&pst=1674902581&rmtc=t
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (2631)
Hash 01903c72b4100708b431f7bca7765633
f1f14752d1444a1e588698afb38b6265ff9f874d
edb79201408e299cd467fc4b25efb9356a43b443b2745c2c8fa541034cda3e06
GET /watch.1631648374072.js?key=032e2d77da478cc447a1aa38e5be0ec8&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1&shu=69f19c84e88498133854498d7402742a0288a5f2b6b4931056cd240f0f263612fe855115ac82449f1ff09aa6bbc986c905a735e5d57932a6782350b95cb6e594ba9d0f4215665741a31b3dc3c366c69c675aa189&pst=1674902581&rmtc=t HTTP/1.1
Host: equitydefault.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Referer: https://bellafinhart.blogspot.com/
Connection: keep-alive
Cookie: u_pl=16005839; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjAwNTgzOSwiayI6IjAzMmUyZDc3ZGE0NzhjYzQ0N2ExYWEzOGU1YmUwZWM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDc0NjUyLCJwaWQiOjI3MTcxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJlM2YyZ21lNXMiLCJjcGtzIjp7ICIyOCI6ImEyYWFjNzI1NTg1OGM2Y2I2ZTM4NzFhYjZjZmUxYzE4In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2JlbGxhZmluaGFydC5ibG9nc3BvdC5jb20vMjAyMi8wOC9jb250b2gtYm9yYW5nLXNuYXAtcXVvdGF0aW9uLmh0bWwifX0.yferGYo__V76TURiVcLlELyVDPqxuXYVtmm35gOoOtg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 10:42:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bellafinhart.blogspot.com
Access-Control-Allow-Origin: https://bellafinhart.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=24f780d6-d79d-4091-a96b-9a7ff4eec951:2:1; expires=Sat, 04 Feb 2023 10:42:01 GMT; secure; SameSite=None
iprcd0c485d9a26143ba28247ae2443c2a54=3569806; expires=Sat, 28 Jan 2023 14:42:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
uncs=1; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
uncs5=1; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e36413191d722f0bba5247bbb1b64c7a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
216.58.207.227200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
IP 216.58.207.227:0
File type ASCII text, with very long lines (771)
Size 164 kB (163774 bytes)
Hash 57c909ab73fc27ec24f737bbf1cb1de8
89b2c02e9e7a9a764518fca545d3eec2044fd6d9
7e407e2b00bb7c238c71d96472f7ab030de4e610b1048f0f77b25cb85c2d166b
GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 17:09:34 GMT
expires: Tue, 23 Jan 2024 17:09:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/javascript
age: 408747
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prototypewailrubber.com/5c/89/09/5c8909a461560d12134ff27ac2cc655e.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 prototypewailrubber.com/5c/89/09/5c8909a461560d12134ff27ac2cc655e.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37114), with no line terminators
Hash b9f33821d798956be8c0a3b22c5ebd6a
52e39c5018e1bd947a53289a0c2e54e37d2462ea
f48b64b217c000c0d655e02b675fd05d558246a90acc5f153bda48cafc5086a3
Analyzer Verdict Alert quad9 Sinkholed
GET /5c/89/09/5c8909a461560d12134ff27ac2cc655e.js HTTP/1.1
Host: prototypewailrubber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 10:42:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1eae3a9517ccf837deba9539c3ec08a0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:42:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
prototypewailrubber.com/watch.695421360551.js?key=8a72538b2e448c93a1a503886d2cfd7e&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1&shu=e6df78298b2dfd73adaeb1d7c5ebe5019dc766d1b485101ea12c94e3c6c64e5dc242a6a1b5f8e35030ed5a0af15b9a150b698d16f3d3183bbddc5a77340e015fee4cf7747ce722ab3c3a3d5057d83f619c731423&pst=1674902581&rmtc=t
192.243.59.20200 OK 2.1 kB URL HTTP/1.1 prototypewailrubber.com/watch.695421360551.js?key=8a72538b2e448c93a1a503886d2cfd7e&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1&shu=e6df78298b2dfd73adaeb1d7c5ebe5019dc766d1b485101ea12c94e3c6c64e5dc242a6a1b5f8e35030ed5a0af15b9a150b698d16f3d3183bbddc5a77340e015fee4cf7747ce722ab3c3a3d5057d83f619c731423&pst=1674902581&rmtc=t
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2559)
Hash 9ad46e3140e54f9698dcbffd5aab100b
62152dc408e7cd02fe903b113b956b4a53ff9d24
3df834a3a693ee093d80a0be9f94391a50fffe435d153542825122f95eb08157
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.695421360551.js?key=8a72538b2e448c93a1a503886d2cfd7e&kw=%5B%22contoh%22%2C%22borang%22%2C%22snap%22%2C%22quotation%22%2C%22-%22%2C%22bellafinhart%22%5D&refer=https%3A%2F%2Fbellafinhart.blogspot.com%2F2022%2F08%2Fcontoh-borang-snap-quotation.html&tz=0&dev=e&res=12.1055&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1&shu=e6df78298b2dfd73adaeb1d7c5ebe5019dc766d1b485101ea12c94e3c6c64e5dc242a6a1b5f8e35030ed5a0af15b9a150b698d16f3d3183bbddc5a77340e015fee4cf7747ce722ab3c3a3d5057d83f619c731423&pst=1674902581&rmtc=t HTTP/1.1
Host: prototypewailrubber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Referer: https://bellafinhart.blogspot.com/
Connection: keep-alive
Cookie: u_pl=16006291; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjAwNjI5MSwiayI6IjhhNzI1MzhiMmU0NDhjOTNhMWE1MDM4ODZkMmNmZDdlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNDc0NjUyLCJwaWQiOjI3MTcxNiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjozMiwicHQiOjQsInBrIjoiZXJqa2p2NHBjIiwiY3BrcyI6eyAiMjkiOiI1Yzg5MDlhNDYxNTYwZDEyMTM0ZmYyN2FjMmNjNjU1ZSIsIjI4IjoiNTFjOThkMDgxOTdiNDI5MjdmMTY2Y2UzNGYwMGVhNTMifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYmVsbGFmaW5oYXJ0LmJsb2dzcG90LmNvbS8yMDIyLzA4L2NvbnRvaC1ib3Jhbmctc25hcC1xdW90YXRpb24uaHRtbCJ9fQ.ir5Uat1Jzjfn2VEuOnU-jTcfhDCznxIQcSB4KEaqv84
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 10:42:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bellafinhart.blogspot.com
Access-Control-Allow-Origin: https://bellafinhart.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=24f780d6-d79d-4091-a96b-9a7ff4eec951:2:1; expires=Sat, 04 Feb 2023 10:42:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
uncs=1; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
pdhtkv32=true; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
uncs32=1; expires=Sun, 29 Jan 2023 10:42:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9310a18c362d3e4938475d4776dad31
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:42:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3.bp.blogspot.com/-ltyYh4ysBHI/U04MKlHc6pI/AAAAAAAADQo/PFxXaGZu9PQ/w255-h170-c/no-image.png
142.250.74.161200 OK 5.3 kB URL HTTP/2 3.bp.blogspot.com/-ltyYh4ysBHI/U04MKlHc6pI/AAAAAAAADQo/PFxXaGZu9PQ/w255-h170-c/no-image.png
IP 142.250.74.161:0
File type PNG image data, 255 x 170, 8-bit/color RGB, non-interlaced\012- data
Hash 246a0a519d47654fbb1583549eaecb27
4b0018eec9e01694351a8f8ceb1d2435c14f09f8
f514b4ccce88a591883ee450f7e6815e7694ca991620b601887bd4e57610c3c8
GET /-ltyYh4ysBHI/U04MKlHc6pI/AAAAAAAADQo/PFxXaGZu9PQ/w255-h170-c/no-image.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="no-image.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 5274
x-xss-protection: 0
date: Sat, 28 Jan 2023 07:20:44 GMT
expires: Thu, 26 Jan 2023 09:57:34 GMT
cache-control: public, max-age=86400, no-transform
age: 12077
etag: "vd0b"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
play.google.com/log?format=json&hasfast=true&authuser=0
142.250.74.78200 OK 0 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 142.250.74.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Sat, 28 Jan 2023 10:42:01 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+988; expires=Mon, 27-Jan-2025 10:42:01 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 28 Jan 2023 10:42:01 GMT
cache-control: private
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5cd7ac06762c5b5bc439fd1062868530
3af7e8b87f978014c54109bb9e110f59e451667f
504a12085b8a694d3d534ae167780edf6642bff909042b0a0d33095d7925c8d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "504A12085B8A694D3D534AE167780EDF6642BFF909042B0A0D33095D7925C8D3"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20487
Expires: Sat, 28 Jan 2023 16:23:28 GMT
Date: Sat, 28 Jan 2023 10:42:01 GMT
Connection: keep-alive
play.google.com/log?format=json&hasfast=true&authuser=0
142.250.74.78200 OK 131 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 142.250.74.78:0
File type JSON data\012- , ASCII text, with no line terminators
Hash babb6f090aeebc6f421624475b4aefff
06079b7547949822c118224e51604f4c5ebf80c8
b2fe8b91f31edc7284cc9690e90dd4a38d985598374df68967d917590beb55dd
POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
X-Goog-AuthUser: 0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 2975
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Sat, 28 Jan 2023 10:42:01 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+398; expires=Mon, 27-Jan-2025 10:42:01 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 28 Jan 2023 10:42:01 GMT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fe9f043829a5e5d593356b06e2ccd32d
5e77c92839918ba4506feedc700daf144976d62e
d68aa5c4b46df86722d0cb059c7379b7ee7bf7a34d97351959032444d6830446
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D68AA5C4B46DF86722D0CB059C7379B7EE7BF7A34D97351959032444D6830446"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20518
Expires: Sat, 28 Jan 2023 16:23:59 GMT
Date: Sat, 28 Jan 2023 10:42:01 GMT
Connection: keep-alive
www.gstatic.com/recaptcha/api2/logo_48.png
216.58.207.227200 OK 2.2 kB URL HTTP/2 www.gstatic.com/recaptcha/api2/logo_48.png
IP 216.58.207.227:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 18:48:55 GMT
expires: Tue, 31 Jan 2023 18:48:55 GMT
cache-control: public, max-age=604800
age: 316386
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 21:48:03 GMT
expires: Fri, 26 Jan 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 132838
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 16:40:43 GMT
expires: Fri, 26 Jan 2024 16:40:43 GMT
cache-control: public, max-age=31536000
age: 151278
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
45.133.44.9200 OK 106 kB URL HTTP/2 cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size 106 kB (105910 bytes)
Hash a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e
GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:01 GMT
content-type: image/png
content-length: 105910
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Mon, 30 Jan 2023 10:42:01 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
45.133.44.9200 OK 144 kB URL HTTP/2 cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 144 kB (144379 bytes)
Hash 33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:01 GMT
content-type: image/png
content-length: 144379
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Mon, 30 Jan 2023 10:42:01 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6e23e324a9523212b4970ff4a609495f
1ec2ac75119005f8fe3ded626938567210eda20c
64c0242a094842df55694780cc2d348211bdbed14faebe75c5dde62c901b34a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64C0242A094842DF55694780CC2D348211BDBED14FAEBE75C5DDE62C901B34A9"
Last-Modified: Thu, 26 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14451
Expires: Sat, 28 Jan 2023 14:42:52 GMT
Date: Sat, 28 Jan 2023 10:42:01 GMT
Connection: keep-alive
friendshipmale.com/sfp.js
104.21.234.92200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 104.21.234.92:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash adbaab3599dd4a7ed7b878192a14a54a
816e972d8e3be027e17fe56e8dd136679cd1e015
452b7384d75b69fd6f7b080b8fa67f950600c54ccd240bf3078c06111ff2c595
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:01 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 2aa4e6ea0097ee2de65a6989513ce108
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 28 Jan 2023 10:42:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3azEznLDvG%2FihELJmBHsUo2exclGcXeKNcjpLhejDajePkrT9CA8bz2nyE0Q5u5waMbj%2BeJmecNIMC482rL%2B3F0cWzE9LrBezoUm50mTRx7y8YPEnK%2Bh8N7aem5HpR2wffP5%2BCs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79091e782d22775b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shaggyselectmast.com/pixel/purst?dl=0&th=0&sc=0&rs=3197&rd=3197&fd=772&bv=22.10.v.10&tmpl=136
173.233.137.52200 OK 0 B URL HTTP/1.1 shaggyselectmast.com/pixel/purst?dl=0&th=0&sc=0&rs=3197&rd=3197&fd=772&bv=22.10.v.10&tmpl=136
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3197&rd=3197&fd=772&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 10:42:01 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
i.pinimg.com/736x/cb/2a/14/cb2a147e6cc9ae680bb44cfe4c9a2252.jpg
151.101.84.84200 OK 55 kB URL HTTP/2 i.pinimg.com/736x/cb/2a/14/cb2a147e6cc9ae680bb44cfe4c9a2252.jpg
IP 151.101.84.84:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 736x598, components 3\012- data
Hash fcb890f68ed4dc5dbd5589b45b868c3f
4a003271ef891fc362d9905336f00b2babe36be3
5a913a374e12ef7ca3bc4a0a8ad8bbeab61eae16e916d315e6c54d39b08ab95d
GET /736x/cb/2a/14/cb2a147e6cc9ae680bb44cfe4c9a2252.jpg HTTP/1.1
Host: i.pinimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "fcb890f68ed4dc5dbd5589b45b868c3f"
content-type: image/jpeg
cache-control: max-age=31536000, immutable
accept-ranges: bytes
vary: Origin
x-cdn: fastly
alt-svc: h3=":443";ma=600,h3-29=":443";ma=600,h3-27=":443";ma=600
date: Sat, 28 Jan 2023 10:42:01 GMT
content-length: 54687
X-Firefox-Spdy: h2
i.pinimg.com/564x/2b/72/80/2b7280b9204da5e4a80c28629dcc99a9.jpg
151.101.84.84200 OK 57 kB URL HTTP/2 i.pinimg.com/564x/2b/72/80/2b7280b9204da5e4a80c28629dcc99a9.jpg
IP 151.101.84.84:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 564x1002, components 3\012- data
Hash 2195d4abf109089011a9f768a7d30ce9
02ca0bd83f324dd6021f8831e8b7cb9eebbca875
88d55c10992a3197a64e30f609deb0db83746d0587f52bf1b9b57b6d45dd1f44
GET /564x/2b/72/80/2b7280b9204da5e4a80c28629dcc99a9.jpg HTTP/1.1
Host: i.pinimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-replication-status: COMPLETED
etag: "2195d4abf109089011a9f768a7d30ce9"
content-type: image/jpeg
cache-control: max-age=31536000, immutable
accept-ranges: bytes
vary: Origin
x-cdn: fastly
alt-svc: h3=":443";ma=600,h3-29=":443";ma=600,h3-27=":443";ma=600
date: Sat, 28 Jan 2023 10:42:01 GMT
content-length: 56782
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/bi/c4/58/fe/c458fe951052255fe2284d65b01dd904/1674208433.jpg
45.133.44.9200 OK 9.0 kB URL HTTP/2 cdn.cloudimagesb.com/bi/c4/58/fe/c458fe951052255fe2284d65b01dd904/1674208433.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 320x50, components 3\012- data
Hash edd24ce8ebee5ed9f4fe0c1335e61dee
b091e1dc5dd165e0025281b6c3e3294988557c68
46386bd20e33deb8454352773c70df5cb66b924f681e169e50a2afaa9d2eab08
GET /bi/c4/58/fe/c458fe951052255fe2284d65b01dd904/1674208433.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:01 GMT
content-type: image/jpeg
content-length: 9017
server: nginx/1.17.6
last-modified: Fri, 20 Jan 2023 09:54:01 GMT
etag: "63ca64b9-2339"
expires: Mon, 30 Jan 2023 10:42:01 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 87222b2f290c2ec0319c549a93513650
12616771fdea970117afcd23e0dba47f01d555b1
6b6c541a68539be5adb9e7bb962205ac9402a484635da73002dbaaae82d6f595
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1599
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:42:01 GMT
Last-Modified: Sat, 28 Jan 2023 10:15:22 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b2aafdafa11867a6d8cdb983186b122e
a5271d7ffd840a1a85c92f57a4afb2679546d420
f2b57d3bfecd984e2b90744a287788533ea75ef9e5b87b1c80526f6ef50a968f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2B57D3BFECD984E2B90744A287788533EA75EF9E5B87B1C80526F6EF50A968F"
Last-Modified: Thu, 26 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16168
Expires: Sat, 28 Jan 2023 15:11:30 GMT
Date: Sat, 28 Jan 2023 10:42:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9bd61cf79957a5ae8e567bf24ed68fa3
cc62f201621265479cfc77dd5744d6a43593e365
928cfe0f9f3dd3dd5715482a42a47c36effc34b9f0e7146a1c934a5fd4dd0e0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "928CFE0F9F3DD3DD5715482A42A47C36EFFC34B9F0E7146A1C934A5FD4DD0E0F"
Last-Modified: Thu, 26 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12203
Expires: Sat, 28 Jan 2023 14:05:25 GMT
Date: Sat, 28 Jan 2023 10:42:02 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2aac7255858c6cb6e3871ab6cfe1c18&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2aac7255858c6cb6e3871ab6cfe1c18&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=a2aac7255858c6cb6e3871ab6cfe1c18&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 10:42:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c6efca2f5f6d1f5fc2480d49d633299
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=5c8909a461560d12134ff27ac2cc655e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=5c8909a461560d12134ff27ac2cc655e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=5c8909a461560d12134ff27ac2cc655e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 10:42:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dde22eb6d9ceaaf42c6d8ebdce6df625
Strict-Transport-Security: max-age=0; includeSubdomains
solemnvine.com/sbar.json?key=5c8909a461560d12134ff27ac2cc655e&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1
173.233.137.60200 OK 3.6 kB URL HTTP/1.1 solemnvine.com/sbar.json?key=5c8909a461560d12134ff27ac2cc655e&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1
IP 173.233.137.60:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6370), with no line terminators
Hash bbb3caf1d6b5c275c398dc128d3a2587
a3a16a4892928c0ce2d7dd77d681599381b01409
6b812fef792ec81af9ac3b41d8beca60e24c3ac188efbc27655986aa5205a687
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=5c8909a461560d12134ff27ac2cc655e&uuid=24f780d6-d79d-4091-a96b-9a7ff4eec951%3A2%3A1 HTTP/1.1
Host: solemnvine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 10:42:02 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://bellafinhart.blogspot.com
Access-Control-Allow-Origin: https://bellafinhart.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16460898; expires=Sun, 29 Jan 2023 10:42:02 GMT; secure; SameSite=None
uid_id2=24f780d6-d79d-4091-a96b-9a7ff4eec951:2:1; expires=Sat, 04 Feb 2023 10:42:02 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 29 Jan 2023 10:42:02 GMT; secure; SameSite=None
uncs=1; expires=Sun, 29 Jan 2023 10:42:02 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 29 Jan 2023 10:42:02 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 29 Jan 2023 10:42:02 GMT; secure; SameSite=None
slec5c8909a461560d12134ff27ac2cc655e=[3952979]; expires=Sat, 28 Jan 2023 10:42:07 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: accf2bec8079293def3f3d8a9ed30f99
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 624455426bc39a71e6ecc07d117db455
29bc3eb6a780dc32bf30f6ba37e54c545e79e0e9
d8bc68bf6b6847b28df7fb541964cc4d9306a32c0fc57becd38e680cdcd817f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8BC68BF6B6847B28DF7FB541964CC4D9306A32C0FC57BECD38E680CDCD817F3"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13209
Expires: Sat, 28 Jan 2023 14:22:11 GMT
Date: Sat, 28 Jan 2023 10:42:02 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
45.133.44.4200 OK 955 B URL HTTP/2 cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 3311b451b6e90781dab5ae61a1e4f65d
940e4700d9c5fbf74f8c15dcf10c28661e34cf2c
3def788280ca0f9ba09e050e3f3bfba82e5268fe2104f1c02a8f265c12774023
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:03 GMT
content-type: text/html; charset=utf-8
content-length: 955
server: nginx/1.17.6
last-modified: Wed, 18 May 2022 11:09:59 GMT
etag: "6284d407-3bb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Sat, 28 Jan 2023 11:42:03 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
solemnvine.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwYscxRfHq5P9nXL6SRAEhT4oKGQn3TPdM9NGCMaYEIzJJhtZEC%2FVVdWz5VZ3NVXd07OD4GpAchHGkx57v7ObRQ2LAa%2BizHqRPTkKYQ%2Bu%2BB8IggdzkZkdWHyHfu%2F15x2%2B71vvk%2B3ymHgo6dHK23oolaIXw4bnvrwmM64r69665%2Fpew7vkrsmsHVxyB7OP6b%2Fqe2HDe8W9LtiGvtj0fM%2FzPd%2B9Jo1I9ODinELmjyK%2FEXmNoNnwwwAD89%2Felg4sdcD7x%2BQZSD793%2FpPjyHZBFn6zVVhNwqdX3gzLRUttEGf772TbWS6ypCelolxkGR7i2loOyXkizPQ2d5iA%2Bj%2BzmwDxHJKnCc%2B4mxvIRNxf%2FdEaawgMsT8HKr%2BBEJNIOkETN%2BH5D8TgHHcuo0sfXhLm4punlA6o1Oy9PdfkNWULP12Hlm6f0XJgbuqVVlInVkMkhpyMIHsTZCXByiGDmR1AFZ8DMkJsrSG5EcvNoOk0%2FV4e5l3Ir4ceJG%2FTKN2vBzRTpIEQrAo9OfWSDmBTCZQYgRqz6C0DkrpoEwclLmDlB%2B5NIwSz%2BskcdJqdQPGWKvFWNht85C3gm7ioWQz7SMU%2BQhMjcDMFnKzhQ05gil%2FgF2vYflZ2GJKnDsfos9rVIKgsgQVJagkQVUQVP16lyvbtPVDrmwZ%2B4vcXORWPdZFb5vu6qInMrKdH5P%2Fz017eiHGhjhyQ9aNvIgGbT9se9xv%2Bq0gSZodypqMtcNQwMoa0p4BtQ6Gckqe3XoPuZySpZc4YnoAqw7A5POg5Qug1bjT9EDXx0HXwzD7NqWKbsa0oTMjMi5Mg%2BkUXNfIiyUUm862OibPzfW8dmcVgh1efrJ%2FfvjH9X0wUyM3Nd6XPxL01IPxXV2Rnbu6suTx7byQqRzS2QOvFrQQS1%2B9JTYrbfiNq3b05etsBmblo3vCFjdpxmXWs%2BTrK5JzYa5pwwT57oZdE%2FFKadevlCYr85srb1y7keZGWCt1NgGVU0I%2B%2BgBMTsk5J5sfrzs4hjQTmLJGWh6SRUDqA7B8CzY%2FvPz5p7d%2Fv8TfhdUERp3OxLmDqqzHphmf%2FlSSQInTnsY1rDg1IRaH3%2F95wrbtA%2FSMA1rcn59s39ToqxpUjWDLs%2BMiN4eXf2nNA7FyxrEyzk6sjPrsxFwrj1wRJl4ivKaIkyhOOtTjURJEMY180YlD6qOwU%2Fbr03%2F%2BBQAA%2F%2F8BAAD%2F%2F3f8K4WUBAAA
173.233.137.60200 OK 7 B URL HTTP/1.1 solemnvine.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwYscxRfHq5P9nXL6SRAEhT4oKGQn3TPdM9NGCMaYEIzJJhtZEC%2FVVdWz5VZ3NVXd07OD4GpAchHGkx57v7ObRQ2LAa%2BizHqRPTkKYQ%2Bu%2BB8IggdzkZkdWHyHfu%2F15x2%2B71vvk%2B3ymHgo6dHK23oolaIXw4bnvrwmM64r69665%2Fpew7vkrsmsHVxyB7OP6b%2Fqe2HDe8W9LtiGvtj0fM%2FzPd%2B9Jo1I9ODinELmjyK%2FEXmNoNnwwwAD89%2Felg4sdcD7x%2BQZSD793%2FpPjyHZBFn6zVVhNwqdX3gzLRUttEGf772TbWS6ypCelolxkGR7i2loOyXkizPQ2d5iA%2Bj%2BzmwDxHJKnCc%2B4mxvIRNxf%2FdEaawgMsT8HKr%2BBEJNIOkETN%2BH5D8TgHHcuo0sfXhLm4punlA6o1Oy9PdfkNWULP12Hlm6f0XJgbuqVVlInVkMkhpyMIHsTZCXByiGDmR1AFZ8DMkJsrSG5EcvNoOk0%2FV4e5l3Ir4ceJG%2FTKN2vBzRTpIEQrAo9OfWSDmBTCZQYgRqz6C0DkrpoEwclLmDlB%2B5NIwSz%2BskcdJqdQPGWKvFWNht85C3gm7ioWQz7SMU%2BQhMjcDMFnKzhQ05gil%2FgF2vYflZ2GJKnDsfos9rVIKgsgQVJagkQVUQVP16lyvbtPVDrmwZ%2B4vcXORWPdZFb5vu6qInMrKdH5P%2Fz017eiHGhjhyQ9aNvIgGbT9se9xv%2Bq0gSZodypqMtcNQwMoa0p4BtQ6Gckqe3XoPuZySpZc4YnoAqw7A5POg5Qug1bjT9EDXx0HXwzD7NqWKbsa0oTMjMi5Mg%2BkUXNfIiyUUm862OibPzfW8dmcVgh1efrJ%2FfvjH9X0wUyM3Nd6XPxL01IPxXV2Rnbu6suTx7byQqRzS2QOvFrQQS1%2B9JTYrbfiNq3b05etsBmblo3vCFjdpxmXWs%2BTrK5JzYa5pwwT57oZdE%2FFKadevlCYr85srb1y7keZGWCt1NgGVU0I%2B%2BgBMTsk5J5sfrzs4hjQTmLJGWh6SRUDqA7B8CzY%2FvPz5p7d%2Fv8TfhdUERp3OxLmDqqzHphmf%2FlSSQInTnsY1rDg1IRaH3%2F95wrbtA%2FSMA1rcn59s39ToqxpUjWDLs%2BMiN4eXf2nNA7FyxrEyzk6sjPrsxFwrj1wRJl4ivKaIkyhOOtTjURJEMY180YlD6qOwU%2Fbr03%2F%2BBQAA%2F%2F8BAAD%2F%2F3f8K4WUBAAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSwYscxRfHq5P9nXL6SRAEhT4oKGQn3TPdM9NGCMaYEIzJJhtZEC%2FVVdWz5VZ3NVXd07OD4GpAchHGkx57v7ObRQ2LAa%2BizHqRPTkKYQ%2Bu%2BB8IggdzkZkdWHyHfu%2F15x2%2B71vvk%2B3ymHgo6dHK23oolaIXw4bnvrwmM64r69665%2Fpew7vkrsmsHVxyB7OP6b%2Fqe2HDe8W9LtiGvtj0fM%2FzPd%2B9Jo1I9ODinELmjyK%2FEXmNoNnwwwAD89%2Felg4sdcD7x%2BQZSD793%2FpPjyHZBFn6zVVhNwqdX3gzLRUttEGf772TbWS6ypCelolxkGR7i2loOyXkizPQ2d5iA%2Bj%2BzmwDxHJKnCc%2B4mxvIRNxf%2FdEaawgMsT8HKr%2BBEJNIOkETN%2BH5D8TgHHcuo0sfXhLm4punlA6o1Oy9PdfkNWULP12Hlm6f0XJgbuqVVlInVkMkhpyMIHsTZCXByiGDmR1AFZ8DMkJsrSG5EcvNoOk0%2FV4e5l3Ir4ceJG%2FTKN2vBzRTpIEQrAo9OfWSDmBTCZQYgRqz6C0DkrpoEwclLmDlB%2B5NIwSz%2BskcdJqdQPGWKvFWNht85C3gm7ioWQz7SMU%2BQhMjcDMFnKzhQ05gil%2FgF2vYflZ2GJKnDsfos9rVIKgsgQVJagkQVUQVP16lyvbtPVDrmwZ%2B4vcXORWPdZFb5vu6qInMrKdH5P%2Fz017eiHGhjhyQ9aNvIgGbT9se9xv%2Bq0gSZodypqMtcNQwMoa0p4BtQ6Gckqe3XoPuZySpZc4YnoAqw7A5POg5Qug1bjT9EDXx0HXwzD7NqWKbsa0oTMjMi5Mg%2BkUXNfIiyUUm862OibPzfW8dmcVgh1efrJ%2FfvjH9X0wUyM3Nd6XPxL01IPxXV2Rnbu6suTx7byQqRzS2QOvFrQQS1%2B9JTYrbfiNq3b05etsBmblo3vCFjdpxmXWs%2BTrK5JzYa5pwwT57oZdE%2FFKadevlCYr85srb1y7keZGWCt1NgGVU0I%2B%2BgBMTsk5J5sfrzs4hjQTmLJGWh6SRUDqA7B8CzY%2FvPz5p7d%2Fv8TfhdUERp3OxLmDqqzHphmf%2FlSSQInTnsY1rDg1IRaH3%2F95wrbtA%2FSMA1rcn59s39ToqxpUjWDLs%2BMiN4eXf2nNA7FyxrEyzk6sjPrsxFwrj1wRJl4ivKaIkyhOOtTjURJEMY180YlD6qOwU%2Fbr03%2F%2BBQAA%2F%2F8BAAD%2F%2F3f8K4WUBAAA HTTP/1.1
Host: solemnvine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Cookie: u_pl=16460898; uid_id2=24f780d6-d79d-4091-a96b-9a7ff4eec951:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec5c8909a461560d12134ff27ac2cc655e=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 10:42:02 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: db00f99904fd5d780465f872955d7024
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9652
Expires: Sat, 28 Jan 2023 13:22:55 GMT
Date: Sat, 28 Jan 2023 10:42:03 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
45.133.44.9200 OK 12 kB URL HTTP/2 cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c07f1baac701b672939b359081f813c7
d38ffbae259aae1e8ad3b38959339bb29da9b69f
85bc8e3de3651f6f03dc381ea4bbaff350d8973c37f598582838677817bf1826
GET /si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:03 GMT
content-type: image/png
content-length: 12186
server: nginx/1.17.6
last-modified: Sun, 22 Jan 2023 04:25:10 GMT
etag: "63ccbaa6-2f9a"
expires: Mon, 30 Jan 2023 10:42:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9652
Expires: Sat, 28 Jan 2023 13:22:55 GMT
Date: Sat, 28 Jan 2023 10:42:03 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
172.64.167.9200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
IP 172.64.167.9:0
Hash b0af94306e34d863f64baa44f42f77c6
ad2be00e29e0654550b96d62fe35646ead8cd842
035253b8637a8f47df557ac142af86db549f515c9749f6b8768641bf64a94b95
GET /sb/notifications/software/us/ios/desk-new-big/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:03 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:02 GMT
etag: W/"602d0182-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pdVo5k8YSCvvTVH7Y5G1%2BJHbKIgcl8R1CzYWXI5Gqs00elcBk7gshlBPmlW4hbk4NUOcjLsANfqJNzmTmN4WVY904US6Wp00PLTESEtFqBGFpvjSx4QIm2RDKpXeKsOu5UyIPGyFYL8O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79091e8188b7751d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
172.64.167.9200 OK 1.4 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
IP 172.64.167.9:0
Hash 954946af293f20017b57891b7f1f1d43
0042745327e1848dffb87f07a86c8144b65b19b0
87874b145dd9c611a7be81faaf6fd92b9c6cd639a297c7b097c767317da9f755
GET /sb/notifications/software/us/ios/desk-new-big/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:03 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 12:16:53 GMT
etag: W/"614c7035-145e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cCVUzQzEEJxDMCogvMexBb2ogep4QxCLbFcP522ywN0shXlR0fZ3ej8AZYTiprXLqQSTjgGpjWT0HeAxw4AJhDfleUS0BtowOIJZ0vjO%2FHJkYcJLG9L48DhCj0bIMe28moZ1dr%2FbQgLh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79091e8198da751d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
172.64.167.9200 OK 73 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
IP 172.64.167.9:0
File type Web Open Font Format, TrueType, length 72696, version 11.0\012- data
Hash 53d97caea7ef8a12beab745fcc5744e1
b8c70e4f67957e4f2cb809a58d84c773a3bde6d0
542772868e28df6d786b6f00f9dec929cba214d928cb013b32588485b46f8715
GET /sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:04 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Wed, 17 Feb 2021 11:42:38 GMT
etag: "602d012e-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EAkKlLtXGhJOj28ZCfR1bG6rILVHi%2FjCJzE%2B15ebatDUZ1r19ZcFm8ubJO1clI3%2Fl7uTmMXqQm959h8TZ7YKPjeFwF4xrpknnV5gX2CU55HZf3AWJbaCcTyihJ35SMuT6pA2mQXJPj7A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79091e844b89751d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
aly.diraya.my.id/728.js
104.21.24.51200 OK 0 B IP 104.21.24.51:0
GET /728.js HTTP/1.1
Host: aly.diraya.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:41:59 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"c47089d44b59c17d346c2c324271dae1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cRG1Q4%2BXjlLAZsDWaDX6xeVVZISRiMmGSXqupdHSnJ2l0pQXmI6gfe8JIZ6ELG5ObbQ%2B7TwSGTWxRbNRxn1tARudVYCEKDJ7JdhJA0yU25R%2BaaHMeA0rOv%2BmzkW2SHeg1eHe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 79091e69b902b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
aly.diraya.my.id/320.js
104.21.24.51200 OK 0 B IP 104.21.24.51:0
GET /320.js HTTP/1.1
Host: aly.diraya.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:41:59 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"514adb9a42edf6c400bbd18defab5b0a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zl1J1UfPE0Ae0zH1vibkwF00CDbUyod0K%2B9GAC5qjKN%2Fih15kN0%2Fb%2Fb%2BSRt1Z6ZB4mS%2BwnFP7EgmyLHeHnJp0BYJcaFm56eXjURIXfXyGPPQBjam6JcIQIdQVJgYDFm1Ebwz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 79091e69b8f8b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
IP 172.64.167.9:0
GET /sb/notifications/software/us/ios/desk-new-big/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bellafinhart.blogspot.com
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:42:03 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:44:05 GMT
etag: W/"602d0185-183"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ok6F6yhZ%2BieqGl0x9cTt81g6tW8fPdR5Tl6QjKdA%2FIxzN0OnrVlaNLNzh%2BWYiR5zzGr8QlreI%2FQcpMBVKHtVckiZMbQYMQUKiieqG86Yv8cEjLlPwLsHg8q3zeMpbBjrw8nPaGz6GkVn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79091e8188bb751d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins%3A400%2C700%7CRaleway%3A400%2C700&ver=5.0.3
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Poppins%3A400%2C700%7CRaleway%3A400%2C700&ver=5.0.3
IP 142.250.74.74:0
GET /css?family=Poppins%3A400%2C700%7CRaleway%3A400%2C700&ver=5.0.3 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 10:41:59 GMT
date: Sat, 28 Jan 2023 10:41:59 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
aly.diraya.my.id/300.js
104.21.24.51200 OK 0 B IP 104.21.24.51:0
GET /300.js HTTP/1.1
Host: aly.diraya.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bellafinhart.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:41:59 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"df2f08dc9b151c11d05e2fd99f8b19d6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykmeZ%2FG3NxtR5lfUMpptnxRDeH9JUSdi2UpgCuEFKyMxm7xHLY%2FHtFJVIZ2Fp%2BF%2BsOcnKgvfKvotvnm2DaGgp8yZ6oxjIcwZUbGROpoTwZWb94hqSmrfyF%2FwZTSgT7WW2CjY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 79091e69b8ffb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2