www.ahadhealthupdate.tk/2022/07/atoptions-key-915a0d6256f91913afc69662e.html
142.250.74.179301 Moved Permanently 224 B URL HTTP/1.1 www.ahadhealthupdate.tk/2022/07/atoptions-key-915a0d6256f91913afc69662e.html
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 6d6570f8b7bc36c53a4fc4ac91742c96
9a79e5745b9bf5fbaeaeb5728bba57efbb28e807
bcc51501633304463cd433df14e655c33605ada63aad3ad1bee68cd5d813faf3
GET /2022/07/atoptions-key-915a0d6256f91913afc69662e.html HTTP/1.1
Host: www.ahadhealthupdate.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://www.ahadhealthupdate.tk/2022/07/atoptions-key-915a0d6256f91913afc69662e.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Fri, 25 Nov 2022 08:02:00 GMT
Expires: Fri, 25 Nov 2022 08:02:00 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 224
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2386
Expires: Fri, 25 Nov 2022 08:41:46 GMT
Date: Fri, 25 Nov 2022 08:02:00 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5446
Cache-Control: max-age=100797
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:00 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 12:01:57 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 07:19:04 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2576
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9337
Expires: Fri, 25 Nov 2022 10:37:37 GMT
Date: Fri, 25 Nov 2022 08:02:00 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PpS9UFNFRLD5ZVkDCXA5x9NE3sNCelRLBXB6C8brtBsnO2dRIzzl2bxxNQYjP2LBuD2bjPh9qYo=
x-amz-request-id: WE759DAH9GNHDWBX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 07:43:45 GMT
age: 1095
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 08:02:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/KfD8TucV17M
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/KfD8TucV17M
IP 142.250.74.3:0
Hash 4a88d471f09e632d076bef8cb720937d
0bb22cf5725e9ef05c7f960b8d2f8026bdb42733
594914bdcfe437236b354b146809feda26b9664516ee60b21e5ba910e50fb269
POST /s/gts1d4/KfD8TucV17M HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 07:11:11 GMT
cache-control: public,max-age=3600
age: 3050
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.ahadhealthupdate.tk/2022/07/atoptions-key-915a0d6256f91913afc69662e.html
142.250.74.179200 OK 12 kB URL HTTP/2 www.ahadhealthupdate.tk/2022/07/atoptions-key-915a0d6256f91913afc69662e.html
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5599)
Hash 70d6d6b0888c8f3e29acbede8cbd5b7b
c72a32e135c0b0b156ddf25c61d99d9569b94475
de5ab212baf5c01da77d5e5e31ccc2fa16f880c6b17d2f866b37e882a1d23620
GET /2022/07/atoptions-key-915a0d6256f91913afc69662e.html HTTP/1.1
Host: www.ahadhealthupdate.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Fri, 25 Nov 2022 08:02:01 GMT
date: Fri, 25 Nov 2022 08:02:01 GMT
cache-control: private, max-age=0
last-modified: Mon, 21 Nov 2022 03:41:48 GMT
etag: W/"4cea0792290726c015c7260964db5ba221ad75df41ed29a9c013888b131323cd"
x-robots-tag: all,noodp
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 11950
server: GSE
X-Firefox-Spdy: h2
www.ahadhealthupdate.tk/js/cookienotice.js
142.250.74.179200 OK 2.0 kB URL HTTP/2 www.ahadhealthupdate.tk/js/cookienotice.js
IP 142.250.74.179:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: www.ahadhealthupdate.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/2022/07/atoptions-key-915a0d6256f91913afc69662e.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Fri, 25 Nov 2022 08:02:01 GMT
expires: Fri, 02 Dec 2022 08:02:01 GMT
cache-control: public, max-age=604800
last-modified: Fri, 25 Nov 2022 06:52:39 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6430
Cache-Control: max-age=96718
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:01 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:53:59 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 01f789642d92b84211d7a9391f4e55af
bfcdc40fa2e82882051aa26c61d81ffd98371506
66e2ca388a8696e08f992e3d34fe75dcccd99a0743605f3bf5e6c1c893750f24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
142.250.74.105200 OK 7.8 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
IP 142.250.74.105:0
File type ASCII text, with very long lines (35959)
Hash 5aa2d3297bdc86bc81322aedecbb5e79
1c0a3c007e41726e167e79b70ddea76198650884
feae1fac625d0f30b5f10fa00b62df1a5600cd2178062c427e55f289b29cc630
GET /static/v1/widgets/2975350028-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7776
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 18:12:52 GMT
expires: Wed, 22 Nov 2023 18:12:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 18:53:15 GMT
content-type: text/css
age: 222549
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2a03384abe9f9728677b1f7b876b4694
41c1c401e79ac5b6edc6fc3cce8b4d085c565ac1
744b3562ef1851ca3c0413020ef5c40e71af514e6ff8da065f6ea9f846e70717
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 01f789642d92b84211d7a9391f4e55af
bfcdc40fa2e82882051aa26c61d81ffd98371506
66e2ca388a8696e08f992e3d34fe75dcccd99a0743605f3bf5e6c1c893750f24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 01f789642d92b84211d7a9391f4e55af
bfcdc40fa2e82882051aa26c61d81ffd98371506
66e2ca388a8696e08f992e3d34fe75dcccd99a0743605f3bf5e6c1c893750f24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/js/platform.js
142.250.74.174200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1279)
Hash 7ac44ef24e267df17ff72f195b252806
62db12d9ce11a576ccd7fa3544d851c5fd42f3b7
aae7897e7b55999c1b3166309381d19ac488dced51e14071339d8b193a686a61
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Fri, 25 Nov 2022 08:02:01 GMT
expires: Fri, 25 Nov 2022 08:02:01 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/2342155703-widgets.js
142.250.74.105200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2342155703-widgets.js
IP 142.250.74.105:0
File type ASCII text, with very long lines (2221)
Hash 1217c8e34acb09c7cea97bae4d386ea1
55ee17703d0a7710943e93913bacb49220d98b4b
c2f23437ab938096bf8b40de8b08c4f27bb880b7ef8588481ec5ccc08b58870b
GET /static/v1/widgets/2342155703-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 16:02:03 GMT
expires: Tue, 21 Nov 2023 16:02:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 00:52:59 GMT
content-type: text/javascript
age: 316798
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
142.250.74.105200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
IP 142.250.74.105:0
File type ASCII text, with very long lines (1441)
Hash f60e5037324bf7fd2256c16929886f09
aae4b1aea3737e0268e3578dd1d0e7cfe6c6d66b
71846da8d45274b77549b110389ab3dbcb8ce042051b5c39547909c1c343dfde
GET /static/v1/jsbin/3469866930-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6573
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 18:59:43 GMT
expires: Wed, 22 Nov 2023 18:59:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 19:52:12 GMT
content-type: text/javascript
age: 219738
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 01f789642d92b84211d7a9391f4e55af
bfcdc40fa2e82882051aa26c61d81ffd98371506
66e2ca388a8696e08f992e3d34fe75dcccd99a0743605f3bf5e6c1c893750f24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
resources.blogblog.com/blogblog/data/1kt/awesomeinc/body_background_dark.png
142.250.74.105200 OK 106 B URL HTTP/2 resources.blogblog.com/blogblog/data/1kt/awesomeinc/body_background_dark.png
IP 142.250.74.105:0
File type PNG image data, 5 x 5, 1-bit colormap, non-interlaced\012- data
Hash 1de2f5d595cb35714e69a0f86e5f058a
c1ecb1aa5b2112d67dbe4644594a984a8df8d933
50d8a5573603d9819f10428efb4bdb6ff418aedbeb830d19e8c848b8f1df8677
GET /blogblog/data/1kt/awesomeinc/body_background_dark.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 106
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 03:56:52 GMT
expires: Wed, 30 Nov 2022 03:56:52 GMT
cache-control: public, max-age=604800
last-modified: Tue, 22 Nov 2022 12:53:21 GMT
content-type: image/png
age: 187509
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 65992aeb8efb9a0b8fd59687090733fe
526a2afccc93d32849185d153fafe44b72797df9
b6677984b6c3602d7b62df776158c09a3e57eec4c0edbddafb0624200715f10e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.162.52.254101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.52.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7M4TmYybLTpV+xlkdka7Ig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3X4BVe0G4AM1AckniZjjG4Sldw4=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bdbfffb8452b9a0257e603f026781088
9db0ca8a7bf6929bb90873648ee2d4c20e9e2e90
c7fa446e7acbe6114d572d8f6ff293c249b26927ecc621cc651f2a4019c804e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C7FA446E7ACBE6114D572D8F6FF293C249B26927ECC621CC651F2A4019C804E0"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17463
Expires: Fri, 25 Nov 2022 12:53:04 GMT
Date: Fri, 25 Nov 2022 08:02:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bdbfffb8452b9a0257e603f026781088
9db0ca8a7bf6929bb90873648ee2d4c20e9e2e90
c7fa446e7acbe6114d572d8f6ff293c249b26927ecc621cc651f2a4019c804e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C7FA446E7ACBE6114D572D8F6FF293C249B26927ECC621CC651F2A4019C804E0"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21598
Expires: Fri, 25 Nov 2022 14:01:59 GMT
Date: Fri, 25 Nov 2022 08:02:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 622ddb64fdf9ab24044527e0cca2d91a
f2a52c71a36012372e7eb5c91e9d7491670f792b
f914e743451bcedff4fbf26450cd3a3f6bca335571b792e6902ebd03e1f55eb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F914E743451BCEDFF4FBF26450CD3A3F6BCA335571B792E6902EBD03E1F55EB8"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10964
Expires: Fri, 25 Nov 2022 11:04:45 GMT
Date: Fri, 25 Nov 2022 08:02:01 GMT
Connection: keep-alive
upwardsdecreasecommitment.com/9d1ab41ec685513a23d06e0bbf5d06ff/invoke.js
173.233.139.164200 OK 9.3 kB URL HTTP/1.1 upwardsdecreasecommitment.com/9d1ab41ec685513a23d06e0bbf5d06ff/invoke.js
IP 173.233.139.164:0
File type Unicode text, UTF-8 text, with very long lines (25112), with no line terminators
Hash c60a61378c82e4ac9957917212ae6629
92a355e884617f993a3dbcec0e2bad63115782ce
0187e44038cb65a6417b0307ea3e5602c1ff9a5c71e49f62bb86d012793ad6fd
Analyzer Verdict Alert quad9 Sinkholed
GET /9d1ab41ec685513a23d06e0bbf5d06ff/invoke.js HTTP/1.1
Host: upwardsdecreasecommitment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cdb17b98f20740ec70a4de523a383d49
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
upwardsdecreasecommitment.com/ee40e84e33c8d7d6b092b7828410aed1/invoke.js
173.233.139.164200 OK 9.3 kB URL HTTP/1.1 upwardsdecreasecommitment.com/ee40e84e33c8d7d6b092b7828410aed1/invoke.js
IP 173.233.139.164:0
File type Unicode text, UTF-8 text, with very long lines (25057), with no line terminators
Hash b175ee5942cc30c5c84528de79fbf23b
2d1a5c36b66b75412bdb72e989f1f3c9b4b71955
5e2290d92c50ea1a8facf5a3cd9cd4a1b35cf16b58e90d0659103e30f768b2ab
Analyzer Verdict Alert quad9 Sinkholed
GET /ee40e84e33c8d7d6b092b7828410aed1/invoke.js HTTP/1.1
Host: upwardsdecreasecommitment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7a0c9233bb56f4b694bf062f7f9b8e96
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
upwardsdecreasecommitment.com/52159631f72184fa8f954cd9492d7637/invoke.js
173.233.139.164200 OK 9.8 kB URL HTTP/1.1 upwardsdecreasecommitment.com/52159631f72184fa8f954cd9492d7637/invoke.js
IP 173.233.139.164:0
File type exported SGML document, ASCII text, with very long lines (26959), with no line terminators
Hash 4e9a229e88537f967f37b6d809222128
bd6694c9336ce695a960f308950f72955938c933
3b6dcaabca83cad84fe855c5fb03f82af664734acca6af9186c7a5274d947bc8
Analyzer Verdict Alert quad9 Sinkholed
GET /52159631f72184fa8f954cd9492d7637/invoke.js HTTP/1.1
Host: upwardsdecreasecommitment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8300355bbeb73ecce88c0431dbf6f309
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
upwardsdecreasecommitment.com/ee40e84e33c8d7d6b092b7828410aed1/invoke.js
173.233.139.164200 OK 9.3 kB URL HTTP/1.1 upwardsdecreasecommitment.com/ee40e84e33c8d7d6b092b7828410aed1/invoke.js
IP 173.233.139.164:0
File type Unicode text, UTF-8 text, with very long lines (25065), with no line terminators
Hash a3c102643f56d63d387f2ed1f52e1f54
81286602f40b32850d9cf40b0af0221b13af4828
93903c3cd480ea15c7553c044c484abedecad09d9e961e556823d4be8e39662e
Analyzer Verdict Alert quad9 Sinkholed
GET /ee40e84e33c8d7d6b092b7828410aed1/invoke.js HTTP/1.1
Host: upwardsdecreasecommitment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c389a515caf254eab422d89e9d484e3e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
upwardsdecreasecommitment.com/28d87abc3c32ae0eb11ae2603f9a791f/invoke.js
173.233.139.164200 OK 9.8 kB URL HTTP/1.1 upwardsdecreasecommitment.com/28d87abc3c32ae0eb11ae2603f9a791f/invoke.js
IP 173.233.139.164:0
File type exported SGML document, ASCII text, with very long lines (26965), with no line terminators
Hash 3dca9164aad934077ca86dad68ec4b1f
e16c60b3061b149b9b3310adee0f85869a06d1e0
cabddcef537a7d14ff48ac30cea80206a026e997a1e98163d98be62af9e6354b
Analyzer Verdict Alert quad9 Sinkholed
GET /28d87abc3c32ae0eb11ae2603f9a791f/invoke.js HTTP/1.1
Host: upwardsdecreasecommitment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b4bf0a805abc5900496654e23984974c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 5348b4ee74a9c894db836c2b61cc7086
9a65195ea94f2f7326007ad86ca1675010f4c00e
d2c786795613bca9a9bee9143dc278307b828a07b40880cfa20e087895aa359a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 25 Nov 2022 08:02:02 GMT
Last-Modified: Fri, 25 Nov 2022 06:12:27 GMT
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OoRzGunHAZvdP9-5R6hOux8_qVdUUMLDYhhrjyZADVkWf175Vf2MSA==
Age: 6578
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 5348b4ee74a9c894db836c2b61cc7086
9a65195ea94f2f7326007ad86ca1675010f4c00e
d2c786795613bca9a9bee9143dc278307b828a07b40880cfa20e087895aa359a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 25 Nov 2022 08:02:02 GMT
Last-Modified: Fri, 25 Nov 2022 06:12:27 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: S8lP9OdydCc--Idqd9f2AnM-E3yIbipQA6_vPR51z138XHwxIwiykg==
Age: 6578
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash df077ace3bf5022aa38787fcbc1f355d
3e6545abc706a2d7e1fb30d8b00d3c63d963ad7c
26348459295c3f50cc645e4fd92801bebe568f60bb35190808b86ed6f3fc9910
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 08:02:02 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.ahadhealthupdate.tk
access-control-allow-credentials: true
set-cookie: uid_id2=23c83a0b-ee85-4559-8b4e-f88ef7584071:3:1; expires=Mon, 22 Nov 2032 08:02:02 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash e1eb0543ad984452ebdf58b39d2f3b1e
d83b33d1ad9cce40ffeb9f367804a4227322b3eb
feecb757c08bf2b18321569479532c071a7b84fd089da6294855a32b38f1829f
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 08:02:02 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.ahadhealthupdate.tk
access-control-allow-credentials: true
set-cookie: uid_id2=6f02feab-dad9-40c2-a8f2-c596f56c126b:1:1; expires=Mon, 22 Nov 2032 08:02:02 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
upwardsdecreasecommitment.com/ee40e84e33c8d7d6b092b7828410aed1/invoke.js
173.233.139.164200 OK 9.3 kB URL HTTP/1.1 upwardsdecreasecommitment.com/ee40e84e33c8d7d6b092b7828410aed1/invoke.js
IP 173.233.139.164:0
File type Unicode text, UTF-8 text, with very long lines (25085), with no line terminators
Hash aeaf1b28efb5cf8311d2d72cc11c9b57
349f62c9da91d104a9952b62d9fa89e2780167e2
9d02a4ad20bd50e93a9a70458566dc891979eb1c0ca8f877cc5a4095502850c7
Analyzer Verdict Alert quad9 Sinkholed
GET /ee40e84e33c8d7d6b092b7828410aed1/invoke.js HTTP/1.1
Host: upwardsdecreasecommitment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b1281bffa1e77c454bdea318044f9051
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 5c4af51e88b77014fa77140db455aa36
8b1d26931ff37bd2d824ea25094c8765ef0db678
26d9b7751c899c5f95a8d43d5b682f00b9b0322c8081b11e1d5cacafa055e03b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 08:02:02 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.ahadhealthupdate.tk
access-control-allow-credentials: true
set-cookie: uid_id2=906ba8f9-b05e-4d89-9a46-c6c8d84af1af:3:1; expires=Mon, 22 Nov 2032 08:02:02 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash df077ace3bf5022aa38787fcbc1f355d
3e6545abc706a2d7e1fb30d8b00d3c63d963ad7c
26348459295c3f50cc645e4fd92801bebe568f60bb35190808b86ed6f3fc9910
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Cookie: uid_id2=23c83a0b-ee85-4559-8b4e-f88ef7584071:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 08:02:02 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.ahadhealthupdate.tk
access-control-allow-credentials: true
X-Firefox-Spdy: h2
upwardsdecreasecommitment.com/201adc9658d9fb2858d08c97140b0ea3/invoke.js
173.233.139.164200 OK 9.8 kB URL HTTP/1.1 upwardsdecreasecommitment.com/201adc9658d9fb2858d08c97140b0ea3/invoke.js
IP 173.233.139.164:0
File type exported SGML document, ASCII text, with very long lines (26939), with no line terminators
Hash bc6589ce798affa0efc232a57bf3362f
35cd290a46e043da0c7cb61147fc44a411ef0959
74d9525d088d2f4e9130e3e3d2be943e2998cb6f60aa518abb58829acaa16561
Analyzer Verdict Alert quad9 Sinkholed
GET /201adc9658d9fb2858d08c97140b0ea3/invoke.js HTTP/1.1
Host: upwardsdecreasecommitment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 08b3ace638a8b3b94014f08f3ec8e88e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
upwardsdecreasecommitment.com/ee40e84e33c8d7d6b092b7828410aed1/invoke.js
173.233.139.164200 OK 9.3 kB URL HTTP/1.1 upwardsdecreasecommitment.com/ee40e84e33c8d7d6b092b7828410aed1/invoke.js
IP 173.233.139.164:0
File type Unicode text, UTF-8 text, with very long lines (25117), with no line terminators
Hash 2f0ba6ab2ae33ed3cd6e7bfc9aaeb19b
8c88818cf3d360dd32be764402d113f9d403cc33
95c9009481eb129278198bf96b5ef28f265726672f111b845ebd9d6be7d27b74
Analyzer Verdict Alert quad9 Sinkholed
GET /ee40e84e33c8d7d6b092b7828410aed1/invoke.js HTTP/1.1
Host: upwardsdecreasecommitment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e278da2232a751a789a430be99e8a946
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
upwardsdecreasecommitment.com/9d1ab41ec685513a23d06e0bbf5d06ff/invoke.js
173.233.139.164200 OK 9.3 kB URL HTTP/1.1 upwardsdecreasecommitment.com/9d1ab41ec685513a23d06e0bbf5d06ff/invoke.js
IP 173.233.139.164:0
File type Unicode text, UTF-8 text, with very long lines (25120), with no line terminators
Hash ea49d65e3413bc9d47d457772eabf4eb
5c5e9d069b85126943a0cab12ca2858fbac58007
5bcb4171c75c46b031336bf63deb0dca1750790c53c6961eeebd1a532c7e339a
Analyzer Verdict Alert quad9 Sinkholed
GET /9d1ab41ec685513a23d06e0bbf5d06ff/invoke.js HTTP/1.1
Host: upwardsdecreasecommitment.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 72a52678b6291017b20f187a009c90ff
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b1bf04e4f32fbb490a9e0fb77904f5ec
aa75604d78da0a2951c530e82f280ec946896327
57c23cb50c35c16de4d07b6768f68a2d931b8f7fe131155eeede96ed3ff34007
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "57C23CB50C35C16DE4D07B6768F68A2D931B8F7FE131155EEEDE96ED3FF34007"
Last-Modified: Thu, 24 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15416
Expires: Fri, 25 Nov 2022 12:18:58 GMT
Date: Fri, 25 Nov 2022 08:02:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5415ce9f48521f24db23adf96a352b1
0233ac89af3fdc5cc1a2bc48e68b304b6972fbb4
b2787f8d3a5ec94336402997b8f05e24463e06a009a07e77d2f0d11658ff2e72
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B2787F8D3A5EC94336402997B8F05E24463E06A009A07E77D2F0D11658FF2E72"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2141
Expires: Fri, 25 Nov 2022 08:37:43 GMT
Date: Fri, 25 Nov 2022 08:02:02 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 76544babbcf6515110bd81aaee8e7e63
043497692868c67ac84cdfe70d0a484517abd1c2
a19d5958d683662375a2469d1d7e551188469b967eb6f2bae2d5e43dac51a4f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b86bf1a3813d0cc2f2eb769110dad592
c6fbd65115a24b0fbae27e119d3d3131f891316c
f254c0e2db21ebf9197716e6fab5bc17758f6ab9fe587cb80d67e755808145a8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F254C0E2DB21EBF9197716E6FAB5BC17758F6AB9FE587CB80D67E755808145A8"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3375
Expires: Fri, 25 Nov 2022 08:58:17 GMT
Date: Fri, 25 Nov 2022 08:02:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47321a660cc180721ed78d92dcee934a
8b35d23b1bc8a79a7163e9a8ad5d3abc4faecf5c
ce1778ba0bccf8d4a25ff3d86a7d4b416b754c1d53bdd3e1466ea42e207342bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE1778BA0BCCF8D4A25FF3D86A7D4B416B754C1D53BDD3E1466EA42E207342BB"
Last-Modified: Thu, 24 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4387
Expires: Fri, 25 Nov 2022 09:15:09 GMT
Date: Fri, 25 Nov 2022 08:02:02 GMT
Connection: keep-alive
www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
142.250.74.164200 OK 665 B URL HTTP/2 www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
IP 142.250.74.164:0
File type ASCII text, with very long lines (1034), with no line terminators
Hash 34e37af4d526255a20a2056cd5f4addf
bcac186d6a49539e69a3f67aa08d0188966f5623
51a2c479b272414cb9d7e1ec62edffbad01217068b73d516d33cb8f26a4fc634
GET /recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 25 Nov 2022 08:02:02 GMT
date: Fri, 25 Nov 2022 08:02:02 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 665
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 65992aeb8efb9a0b8fd59687090733fe
526a2afccc93d32849185d153fafe44b72797df9
b6677984b6c3602d7b62df776158c09a3e57eec4c0edbddafb0624200715f10e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 65992aeb8efb9a0b8fd59687090733fe
526a2afccc93d32849185d153fafe44b72797df9
b6677984b6c3602d7b62df776158c09a3e57eec4c0edbddafb0624200715f10e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 87de3dd2c7dce12b01a337d1554a222a
30e0bd68bbb78995aa8a0686ac02848fd5a7a699
533c21806ef66401ea5faeeb37366a33f19f0e9052b4fb06f22981ec73b21a59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
play.google.com/log?format=json&hasfast=true&authuser=0
142.250.74.110200 OK 0 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 142.250.74.110:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Fri, 25 Nov 2022 08:02:02 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+587; expires=Sun, 24-Nov-2024 08:02:02 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Nov 2022 08:02:02 GMT
cache-control: private
X-Firefox-Spdy: h2
cuesingle.com/ntv.json?key=ee40e84e33c8d7d6b092b7828410aed1&vstc=4
173.233.137.52200 OK 0 B URL HTTP/1.1 cuesingle.com/ntv.json?key=ee40e84e33c8d7d6b092b7828410aed1&vstc=4
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /ntv.json?key=ee40e84e33c8d7d6b092b7828410aed1&vstc=4 HTTP/1.1
Host: cuesingle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.ahadhealthupdate.tk
Access-Control-Allow-Origin: https://www.ahadhealthupdate.tk
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17425940; expires=Sat, 26 Nov 2022 08:02:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2dfcad966db365c5a97666c87dfb466e
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d23a0fcc9ce5c0abc30a71f296b05085
3dbfd986c3ca37e1cc33fe514582fa692f858235
0e880708644d6abaae0f6960487198f544bf9430a6730067da431c28175999a8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E880708644D6ABAAE0F6960487198F544BF9430A6730067DA431C28175999A8"
Last-Modified: Wed, 23 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16095
Expires: Fri, 25 Nov 2022 12:30:17 GMT
Date: Fri, 25 Nov 2022 08:02:02 GMT
Connection: keep-alive
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.163200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 09:43:42 GMT
expires: Fri, 24 Nov 2023 09:43:42 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 80300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
play.google.com/log?format=json&hasfast=true&authuser=0
142.250.74.110200 OK 131 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 142.250.74.110:0
File type JSON data\012- , ASCII text, with no line terminators
Hash babb6f090aeebc6f421624475b4aefff
06079b7547949822c118224e51604f4c5ebf80c8
b2fe8b91f31edc7284cc9690e90dd4a38d985598374df68967d917590beb55dd
POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
X-Goog-AuthUser: 0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 2975
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Fri, 25 Nov 2022 08:02:02 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+993; expires=Sun, 24-Nov-2024 08:02:02 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Nov 2022 08:02:02 GMT
X-Firefox-Spdy: h2
majorityevaluatewiped.com/watch.1015420723177.js?key=52159631f72184fa8f954cd9492d7637&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1
192.243.61.227307 Temporary Redirect 0 B URL HTTP/1.1 majorityevaluatewiped.com/watch.1015420723177.js?key=52159631f72184fa8f954cd9492d7637&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1015420723177.js?key=52159631f72184fa8f954cd9492d7637&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1 HTTP/1.1
Host: majorityevaluatewiped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.ahadhealthupdate.tk
Access-Control-Allow-Origin: https://www.ahadhealthupdate.tk
Access-Control-Allow-Credentials: true
Location: https://majorityevaluatewiped.com/watch.1015420723177.js?key=52159631f72184fa8f954cd9492d7637&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1&shu=d5756bf14fb15b8494022a7c8789250eb1123516db2d99e4fcd94847325606e9f86cb97c8f013c0f63ec2a629daa863556726d6938df9abe752b29c127b92bc7cb897b6119cfaffc518e8549827569cdd63157&pst=1669363382&rmtc=t
Set-Cookie: u_pl=17430458; expires=Sat, 26 Nov 2022 08:02:02 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQzMDQ1OCwiayI6IjUyMTU5NjMxZjcyMTg0ZmE4Zjk1NGNkOTQ5MmQ3NjM3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA4OTgxLCJwaWQiOjIxNjA0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ6cGR3eDFmZ3giLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuYWhhZGhlYWx0aHVwZGF0ZS50ay8yMDIyLzA3L2F0b3B0aW9ucy1rZXktOTE1YTBkNjI1NmY5MTkxM2FmYzY5NjYyZS5odG1sIn19.8-Y22zo8DhwiRSY1xbgEZShStZzhyhEWPVenPno1KnA; expires=Fri, 25 Nov 2022 08:03:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3cd1a55fdd82ef391a707f733811ba58
Strict-Transport-Security: max-age=0; includeSubdomains
firearmtire.com/pixel/nvwbdp?key=ee40e84e33c8d7d6b092b7828410aed1
173.233.137.44200 OK 0 B URL HTTP/1.1 firearmtire.com/pixel/nvwbdp?key=ee40e84e33c8d7d6b092b7828410aed1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/nvwbdp?key=ee40e84e33c8d7d6b092b7828410aed1 HTTP/1.1
Host: firearmtire.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 59ea8f913c9385f85b63452a66844173
56504ffc6c52d717869646f91a5a6c2ac0cc0754
e0b038b77dcf1a97a15863fa55c4fe4f8e06086aef759639b779af1619b7634f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E0B038B77DCF1A97A15863FA55C4FE4F8E06086AEF759639B779AF1619B7634F"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14290
Expires: Fri, 25 Nov 2022 12:00:12 GMT
Date: Fri, 25 Nov 2022 08:02:02 GMT
Connection: keep-alive
moleconcern.com/watch.345052067833.js?key=201adc9658d9fb2858d08c97140b0ea3&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1
192.243.61.227307 Temporary Redirect 0 B URL HTTP/1.1 moleconcern.com/watch.345052067833.js?key=201adc9658d9fb2858d08c97140b0ea3&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.345052067833.js?key=201adc9658d9fb2858d08c97140b0ea3&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1 HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.ahadhealthupdate.tk
Access-Control-Allow-Origin: https://www.ahadhealthupdate.tk
Access-Control-Allow-Credentials: true
Location: https://moleconcern.com/watch.345052067833.js?key=201adc9658d9fb2858d08c97140b0ea3&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1&shu=7b4431f55b83811605d46904089f8fc07a46a5118346f03db38e8bbf90bb65c491fec2a7b7042b034c91bc1242a4997b371a7771aee91655faeb07ffbe739386a686a9e8d0a7655503c04d20ea8c9ae3b7e0be5320fc7909cf56c4d5575ad0&pst=1669363382&rmtc=t
Set-Cookie: u_pl=17468557; expires=Sat, 26 Nov 2022 08:02:02 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQ2ODU1NywiayI6IjIwMWFkYzk2NThkOWZiMjg1OGQwOGM5NzE0MGIwZWEzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTIxNTQ4LCJwaWQiOjIxNjA0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJkaG5oa3FxaGcwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmFoYWRoZWFsdGh1cGRhdGUudGsvMjAyMi8wNy9hdG9wdGlvbnMta2V5LTkxNWEwZDYyNTZmOTE5MTNhZmM2OTY2MmUuaHRtbCJ9fQ.Q3TFapE7C7VoMCVOC2TrrooM-CQhfYBdE8O4GtSlGo0; expires=Fri, 25 Nov 2022 08:03:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cf663e791af676c21d5b68be5c6a4c3a
Strict-Transport-Security: max-age=0; includeSubdomains
sandwichesinstinctive.com/ntv.json?key=9d1ab41ec685513a23d06e0bbf5d06ff&vstc=1
173.233.137.52200 OK 0 B URL HTTP/1.1 sandwichesinstinctive.com/ntv.json?key=9d1ab41ec685513a23d06e0bbf5d06ff&vstc=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ntv.json?key=9d1ab41ec685513a23d06e0bbf5d06ff&vstc=1 HTTP/1.1
Host: sandwichesinstinctive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:02 GMT
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.ahadhealthupdate.tk
Access-Control-Allow-Origin: https://www.ahadhealthupdate.tk
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17419225; expires=Sat, 26 Nov 2022 08:02:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 762276556fcc7f423c7a07b25173e15c
Strict-Transport-Security: max-age=0; includeSubdomains
hopefullyapricot.com/pixel/nvwbdp?key=ee40e84e33c8d7d6b092b7828410aed1
173.233.139.164200 OK 0 B URL HTTP/1.1 hopefullyapricot.com/pixel/nvwbdp?key=ee40e84e33c8d7d6b092b7828410aed1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/nvwbdp?key=ee40e84e33c8d7d6b092b7828410aed1 HTTP/1.1
Host: hopefullyapricot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
majorityevaluatewiped.com/watch.1015420723177.js?key=52159631f72184fa8f954cd9492d7637&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1&shu=d5756bf14fb15b8494022a7c8789250eb1123516db2d99e4fcd94847325606e9f86cb97c8f013c0f63ec2a629daa863556726d6938df9abe752b29c127b92bc7cb897b6119cfaffc518e8549827569cdd63157&pst=1669363382&rmtc=t
192.243.61.227200 OK 0 B URL HTTP/1.1 majorityevaluatewiped.com/watch.1015420723177.js?key=52159631f72184fa8f954cd9492d7637&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1&shu=d5756bf14fb15b8494022a7c8789250eb1123516db2d99e4fcd94847325606e9f86cb97c8f013c0f63ec2a629daa863556726d6938df9abe752b29c127b92bc7cb897b6119cfaffc518e8549827569cdd63157&pst=1669363382&rmtc=t
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1015420723177.js?key=52159631f72184fa8f954cd9492d7637&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1&shu=d5756bf14fb15b8494022a7c8789250eb1123516db2d99e4fcd94847325606e9f86cb97c8f013c0f63ec2a629daa863556726d6938df9abe752b29c127b92bc7cb897b6119cfaffc518e8549827569cdd63157&pst=1669363382&rmtc=t HTTP/1.1
Host: majorityevaluatewiped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Referer: https://www.ahadhealthupdate.tk/
Connection: keep-alive
Cookie: u_pl=17430458; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQzMDQ1OCwiayI6IjUyMTU5NjMxZjcyMTg0ZmE4Zjk1NGNkOTQ5MmQ3NjM3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTA4OTgxLCJwaWQiOjIxNjA0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ6cGR3eDFmZ3giLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuYWhhZGhlYWx0aHVwZGF0ZS50ay8yMDIyLzA3L2F0b3B0aW9ucy1rZXktOTE1YTBkNjI1NmY5MTkxM2FmYzY5NjYyZS5odG1sIn19.8-Y22zo8DhwiRSY1xbgEZShStZzhyhEWPVenPno1KnA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 08:02:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.ahadhealthupdate.tk
Access-Control-Allow-Origin: https://www.ahadhealthupdate.tk
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=23c83a0b-ee85-4559-8b4e-f88ef7584071:3:1; expires=Fri, 02 Dec 2022 08:02:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4cde9a7356a351c455822ba575755b3c
Strict-Transport-Security: max-age=0; includeSubdomains
moleconcern.com/watch.345052067833.js?key=201adc9658d9fb2858d08c97140b0ea3&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1&shu=7b4431f55b83811605d46904089f8fc07a46a5118346f03db38e8bbf90bb65c491fec2a7b7042b034c91bc1242a4997b371a7771aee91655faeb07ffbe739386a686a9e8d0a7655503c04d20ea8c9ae3b7e0be5320fc7909cf56c4d5575ad0&pst=1669363382&rmtc=t
192.243.61.227200 OK 2.1 kB URL HTTP/1.1 moleconcern.com/watch.345052067833.js?key=201adc9658d9fb2858d08c97140b0ea3&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1&shu=7b4431f55b83811605d46904089f8fc07a46a5118346f03db38e8bbf90bb65c491fec2a7b7042b034c91bc1242a4997b371a7771aee91655faeb07ffbe739386a686a9e8d0a7655503c04d20ea8c9ae3b7e0be5320fc7909cf56c4d5575ad0&pst=1669363382&rmtc=t
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (2645)
Hash 2062e3dfe520f6dd9f2cb2fb9c189f3a
3581616bad9820a44d9c826094bbf0e49756adc1
71826453f05d850f9a71228b00832f03110c7b3a56246d9781a55db408a224d6
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.345052067833.js?key=201adc9658d9fb2858d08c97140b0ea3&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1&shu=7b4431f55b83811605d46904089f8fc07a46a5118346f03db38e8bbf90bb65c491fec2a7b7042b034c91bc1242a4997b371a7771aee91655faeb07ffbe739386a686a9e8d0a7655503c04d20ea8c9ae3b7e0be5320fc7909cf56c4d5575ad0&pst=1669363382&rmtc=t HTTP/1.1
Host: moleconcern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Referer: https://www.ahadhealthupdate.tk/
Connection: keep-alive
Cookie: u_pl=17468557; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzQ2ODU1NywiayI6IjIwMWFkYzk2NThkOWZiMjg1OGQwOGM5NzE0MGIwZWEzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTIxNTQ4LCJwaWQiOjIxNjA0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJkaG5oa3FxaGcwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmFoYWRoZWFsdGh1cGRhdGUudGsvMjAyMi8wNy9hdG9wdGlvbnMta2V5LTkxNWEwZDYyNTZmOTE5MTNhZmM2OTY2MmUuaHRtbCJ9fQ.Q3TFapE7C7VoMCVOC2TrrooM-CQhfYBdE8O4GtSlGo0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 08:02:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.ahadhealthupdate.tk
Access-Control-Allow-Origin: https://www.ahadhealthupdate.tk
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=23c83a0b-ee85-4559-8b4e-f88ef7584071:3:1; expires=Fri, 02 Dec 2022 08:02:03 GMT; secure; SameSite=None
iprc6cd95346aefbd197d87973fdccadb42e=3569806; expires=Fri, 25 Nov 2022 12:02:03 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 26 Nov 2022 08:02:03 GMT; secure; SameSite=None
uncs=1; expires=Sat, 26 Nov 2022 08:02:03 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 26 Nov 2022 08:02:03 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 26 Nov 2022 08:02:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b0058960c73b4e8ccc3e4c3a93b5a010
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5211
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 08:02:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5211
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 08:02:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b75c00c21f5854618bc06d14b8d83c40
ae14f585ae9682e6c2fad146c12c00ee4d83e8f3
a8e7585e49b01a64520051f8d38f499c8cb82645e3d146e6ca34378eac684e69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5211
Expires: Fri, 25 Nov 2022 09:28:54 GMT
Date: Fri, 25 Nov 2022 08:02:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81f06bdffcb9d3bbc4c97b81c154458c
1b0c26a8e57f9f1a0feb64e442da93197452af91
93bfab2a077dc2ab11317f09649bd6d400aa606a5c062b3f728557105ac2847d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "93BFAB2A077DC2AB11317F09649BD6D400AA606A5C062B3F728557105AC2847D"
Last-Modified: Wed, 23 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14267
Expires: Fri, 25 Nov 2022 11:59:50 GMT
Date: Fri, 25 Nov 2022 08:02:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ef1a395d07210c1967f22dea6a511784
25cdf1b0c03454605829f676aeaf2bfac8fc494c
ac0776bf1d6f555e98557d17c20767c21715d977048295f3f424c31d4b15046f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC0776BF1D6F555E98557D17C20767C21715D977048295F3F424C31D4B15046F"
Last-Modified: Fri, 25 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9173
Expires: Fri, 25 Nov 2022 10:34:56 GMT
Date: Fri, 25 Nov 2022 08:02:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6673267df195141739d1018c17101368
b80047da428636adb7027f12718c8d11bd461da4
de30af07eed7326a1326c831e04727649a112c20d0c485a7e973edd96f91bfaa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11954
x-amzn-requestid: c2484616-009c-47c4-b52a-36b956c7b207
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8JzaHXLoAMFpUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b2348-01d4a7be526475d31fce3c13;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:05:44 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 3KRN_6gYmJqP-Ehaxdu5iwp9xKOOg-dhtGdUcSaho56NVWqVCtyiFA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 2c6b5dd77f1abe60653ce0454f344b64.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 14:49:47 GMT
age: 61936
etag: "b80047da428636adb7027f12718c8d11bd461da4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f6118fc03f31862ff68fef8a2b9a7f
318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8089
x-amzn-requestid: f4b5f150-a5dc-40bf-93b9-394c294a51cb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEmkRFSnIAMF5vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e8481-74454bee1a1ec6d506f3d75b;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 20:37:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZVv8iTGCYV-IiBJ6KwNSG1ZWSEwClaQopUejSqZq0S1wd782lRoyKA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:59:49 GMT
age: 32534
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F012ad1d7-e278-4523-b537-853fcf51e3c0.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F012ad1d7-e278-4523-b537-853fcf51e3c0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58d104a028a45c82a7310de66477b256
e94f119e32bcff525f9b1a1c239e77747b6fc101
84d79596f4a2c255d1ecb98f557cfa4a2a42230eb92228122df7db6662140250
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F012ad1d7-e278-4523-b537-853fcf51e3c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15116
x-amzn-requestid: fda2f125-032c-47b6-b089-fa24112fbc37
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bujXQG9YIAMFq1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375b294-3db431e479f33dae20a54124;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 04:03:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 16F1xBlJu8h6NhDqMDYk_irlTyBNBDKiiChhEiyXWksmr2iGoNWBXA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:22:11 GMT
age: 9592
etag: "e94f119e32bcff525f9b1a1c239e77747b6fc101"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25123759-9d71-477d-9857-9cc07cc12173.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25123759-9d71-477d-9857-9cc07cc12173.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92171fa8fbc051aefeb8ceb6072848de
377775b7c7b085efa6dd653d285ba3a52af6a549
537c4d5cc3ef2e60c3d0171ac31c1dba4ab2ff340108015787a9dd20dc76b7ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25123759-9d71-477d-9857-9cc07cc12173.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6891
x-amzn-requestid: 6da0ae90-c3cc-4e9c-9a0e-3c72b4eb7605
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b7m2NGsvoAMF_fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637aeb5a-1ed2badf0e84d40e6a052f7a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OTpJ5Qu_Ttq5se4SrZIAEiNVm6mqrrUq_0TmMJ4vldeuzMuCSxxUtA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 06:37:47 GMT
age: 5056
etag: "377775b7c7b085efa6dd653d285ba3a52af6a549"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f8eed1e115bab8c9439d16bbde4509fd
776534f3bc34346a533681a515d7706daa07cb6e
8f962f20c187fb5472bf08fedb4fdb953035679024889356b147c07d88677e87
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F962F20C187FB5472BF08FEDB4FDB953035679024889356B147C07D88677E87"
Last-Modified: Thu, 24 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14384
Expires: Fri, 25 Nov 2022 12:01:47 GMT
Date: Fri, 25 Nov 2022 08:02:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a33fb5-b971-4386-a670-7dcbbf52b051.jpeg
34.120.237.76200 OK 2.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a33fb5-b971-4386-a670-7dcbbf52b051.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 66d06d3cac1784e4ce6c8c89c300f10a
41ef94d198bbf98185eb332a3b6934c3c26c3afc
55312d1b43447e4f77d8e9e52451bb63a9868ba8122c9e16e0a20479d34367e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a33fb5-b971-4386-a670-7dcbbf52b051.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2351
x-amzn-requestid: 141bbf99-5d78-4b9c-a537-491718aee68a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b43YGE_SoAMFlbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6379d29a-00017cd344caea2b6408aeb3;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 07:09:14 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 1-8WM-7tNqakPDW9-K0GVbOKdotndEXj2QeJzw3cJol-g9TT5IVyOQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 28fdf6e146f70e7372911f118404fb20.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 16:45:53 GMT
age: 54970
etag: "41ef94d198bbf98185eb332a3b6934c3c26c3afc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd87485db-f230-4024-987f-6b9ea6098576.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd87485db-f230-4024-987f-6b9ea6098576.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05a92b9f554600c920e8b772eb16ee75
7f29e0e2de89f7a88ff0bf2a720365032ef11cc1
4b51a70a0ee6fe0d723880ea70fee25c15bff671d8a484bbb2a3c9962303c735
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd87485db-f230-4024-987f-6b9ea6098576.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10356
x-amzn-requestid: 8450975f-bcb2-4b59-b0ef-42e43d1bb16a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM-cGKIIAMFo7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8ec2-7f95154e3177c6e30a925244;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _dHgUlzLnOsFrI73NzPGn0VJ2NvJqRew6bHzlD6_n2zwHPfQ-8kIvA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 03:16:29 GMT
age: 17134
etag: "7f29e0e2de89f7a88ff0bf2a720365032ef11cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 19 Nov 2022 12:31:58 GMT
expires: Sun, 19 Nov 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 502205
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:46:16 GMT
expires: Fri, 24 Nov 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 36947
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
schemevolcanosuspicions.com/pixel/nvwbdp?key=9d1ab41ec685513a23d06e0bbf5d06ff
173.233.137.60200 OK 0 B URL HTTP/1.1 schemevolcanosuspicions.com/pixel/nvwbdp?key=9d1ab41ec685513a23d06e0bbf5d06ff
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /pixel/nvwbdp?key=9d1ab41ec685513a23d06e0bbf5d06ff HTTP/1.1
Host: schemevolcanosuspicions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
whiskerssituationdisturb.com/watch.757399834604.js?key=28d87abc3c32ae0eb11ae2603f9a791f&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=6f02feab-dad9-40c2-a8f2-c596f56c126b%3A1%3A1
173.233.137.60307 Temporary Redirect 0 B URL HTTP/1.1 whiskerssituationdisturb.com/watch.757399834604.js?key=28d87abc3c32ae0eb11ae2603f9a791f&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=6f02feab-dad9-40c2-a8f2-c596f56c126b%3A1%3A1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.757399834604.js?key=28d87abc3c32ae0eb11ae2603f9a791f&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=6f02feab-dad9-40c2-a8f2-c596f56c126b%3A1%3A1 HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.ahadhealthupdate.tk
Access-Control-Allow-Origin: https://www.ahadhealthupdate.tk
Access-Control-Allow-Credentials: true
Location: https://whiskerssituationdisturb.com/watch.757399834604.js?key=28d87abc3c32ae0eb11ae2603f9a791f&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=6f02feab-dad9-40c2-a8f2-c596f56c126b%3A1%3A1&shu=fd8879e03bb4ac9a02a2ff670d457e748cb5eb53e6b5f64327075bbacdf215fba14cf55f40c4757866c9f87b019817c039a4f952d928a953b96257427472aa1701acc82d3308f95188cc2c34735ab1b34b3a60eaf65f5c25e6e2ba217df2&pst=1669363383&rmtc=t
Set-Cookie: u_pl=15594335; expires=Sat, 26 Nov 2022 08:02:03 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU5NDMzNSwiayI6IjI4ZDg3YWJjM2MzMmFlMGViMTFhZTI2MDNmOWE3OTFmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzUzNjMwLCJwaWQiOjIxNjA0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyNSwicHQiOjQsInBrIjoiYzR3c2VjOHg1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmFoYWRoZWFsdGh1cGRhdGUudGsvMjAyMi8wNy9hdG9wdGlvbnMta2V5LTkxNWEwZDYyNTZmOTE5MTNhZmM2OTY2MmUuaHRtbCJ9fQ.cprIA7nh74whI2S2weU5NZosUeZgEPTKd7p6J5t5n7U; expires=Fri, 25 Nov 2022 08:03:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 74dba0b7435648dc5dd0cdb43642ff19
Strict-Transport-Security: max-age=0; includeSubdomains
strategicperplexanswered.com/pixel/nvwbdp?key=ee40e84e33c8d7d6b092b7828410aed1
192.243.61.227200 OK 0 B URL HTTP/1.1 strategicperplexanswered.com/pixel/nvwbdp?key=ee40e84e33c8d7d6b092b7828410aed1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/nvwbdp?key=ee40e84e33c8d7d6b092b7828410aed1 HTTP/1.1
Host: strategicperplexanswered.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Fri, 25 Nov 2022 08:02:03 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f6c1497d491ebdec0b24caf356dad1f
6efe847d68565760b80862295cb809e7efee7de8
5a7ebb4a3bfc1046cd3c07cef6bd550f3452c3cf4d48d48e6428473f2de44c51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A7EBB4A3BFC1046CD3C07CEF6BD550F3452C3CF4D48D48E6428473F2DE44C51"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12974
Expires: Fri, 25 Nov 2022 11:38:17 GMT
Date: Fri, 25 Nov 2022 08:02:03 GMT
Connection: keep-alive
whiskerssituationdisturb.com/watch.757399834604.js?key=28d87abc3c32ae0eb11ae2603f9a791f&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=6f02feab-dad9-40c2-a8f2-c596f56c126b%3A1%3A1&shu=fd8879e03bb4ac9a02a2ff670d457e748cb5eb53e6b5f64327075bbacdf215fba14cf55f40c4757866c9f87b019817c039a4f952d928a953b96257427472aa1701acc82d3308f95188cc2c34735ab1b34b3a60eaf65f5c25e6e2ba217df2&pst=1669363383&rmtc=t
173.233.137.60200 OK 0 B URL HTTP/1.1 whiskerssituationdisturb.com/watch.757399834604.js?key=28d87abc3c32ae0eb11ae2603f9a791f&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=6f02feab-dad9-40c2-a8f2-c596f56c126b%3A1%3A1&shu=fd8879e03bb4ac9a02a2ff670d457e748cb5eb53e6b5f64327075bbacdf215fba14cf55f40c4757866c9f87b019817c039a4f952d928a953b96257427472aa1701acc82d3308f95188cc2c34735ab1b34b3a60eaf65f5c25e6e2ba217df2&pst=1669363383&rmtc=t
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.757399834604.js?key=28d87abc3c32ae0eb11ae2603f9a791f&kw=%5B%22health%22%2C%22info%22%2C%22daily%22%2C%22a%22%2C%22man%22%2C%22who%22%2C%22was%22%2C%22dismissed%22%2C%22multiple%22%2C%22times%22%2C%22by%22%2C%22google%22%5D&refer=https%3A%2F%2Fwww.ahadhealthupdate.tk%2F2022%2F07%2Fatoptions-key-915a0d6256f91913afc69662e.html&tz=0&dev=e&res=12.1055&uuid=6f02feab-dad9-40c2-a8f2-c596f56c126b%3A1%3A1&shu=fd8879e03bb4ac9a02a2ff670d457e748cb5eb53e6b5f64327075bbacdf215fba14cf55f40c4757866c9f87b019817c039a4f952d928a953b96257427472aa1701acc82d3308f95188cc2c34735ab1b34b3a60eaf65f5c25e6e2ba217df2&pst=1669363383&rmtc=t HTTP/1.1
Host: whiskerssituationdisturb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahadhealthupdate.tk
Referer: https://www.ahadhealthupdate.tk/
Connection: keep-alive
Cookie: u_pl=15594335; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTU5NDMzNSwiayI6IjI4ZDg3YWJjM2MzMmFlMGViMTFhZTI2MDNmOWE3OTFmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzUzNjMwLCJwaWQiOjIxNjA0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyNSwicHQiOjQsInBrIjoiYzR3c2VjOHg1IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmFoYWRoZWFsdGh1cGRhdGUudGsvMjAyMi8wNy9hdG9wdGlvbnMta2V5LTkxNWEwZDYyNTZmOTE5MTNhZmM2OTY2MmUuaHRtbCJ9fQ.cprIA7nh74whI2S2weU5NZosUeZgEPTKd7p6J5t5n7U
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 25 Nov 2022 08:02:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.ahadhealthupdate.tk
Access-Control-Allow-Origin: https://www.ahadhealthupdate.tk
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=6f02feab-dad9-40c2-a8f2-c596f56c126b:1:1; expires=Fri, 02 Dec 2022 08:02:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 85fdb778b18305cefa83aa013da3623e
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b7757171f2e55c37975a5bcdeba7a4ae
1ce146a166c3c1d510d26c855321ca4b2426353d
7675dc8e0d7a554bf286e61db1c9546aa6fc7188cb83c3d9bd5beb80c2351fe5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b7757171f2e55c37975a5bcdeba7a4ae
1ce146a166c3c1d510d26c855321ca4b2426353d
7675dc8e0d7a554bf286e61db1c9546aa6fc7188cb83c3d9bd5beb80c2351fe5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b7757171f2e55c37975a5bcdeba7a4ae
1ce146a166c3c1d510d26c855321ca4b2426353d
7675dc8e0d7a554bf286e61db1c9546aa6fc7188cb83c3d9bd5beb80c2351fe5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b7757171f2e55c37975a5bcdeba7a4ae
1ce146a166c3c1d510d26c855321ca4b2426353d
7675dc8e0d7a554bf286e61db1c9546aa6fc7188cb83c3d9bd5beb80c2351fe5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b7757171f2e55c37975a5bcdeba7a4ae
1ce146a166c3c1d510d26c855321ca4b2426353d
7675dc8e0d7a554bf286e61db1c9546aa6fc7188cb83c3d9bd5beb80c2351fe5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
45.133.44.9200 OK 144 kB URL HTTP/2 cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 144 kB (144379 bytes)
Hash 33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 08:02:03 GMT
content-type: image/png
content-length: 144379
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sun, 27 Nov 2022 08:02:03 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
142.250.74.34200 OK 67 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 142.250.74.34:0
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 67
x-xss-protection: 0
date: Thu, 24 Nov 2022 20:43:34 GMT
expires: Thu, 08 Dec 2022 20:43:34 GMT
cache-control: public, max-age=1209600
age: 40709
etag: 13036835877489095579
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.ahadhealthupdate.tk/favicon.ico
142.250.74.179200 OK 677 B URL HTTP/2 www.ahadhealthupdate.tk/favicon.ico
IP 142.250.74.179:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7be436b2cbf638d5a63605543cba4b4a
9bc6149545c7de07afc3762b7a9456a1558e094c
7d22e13b4c48382cda6375ebf1178da8b75a0d7a7c7eb6dd8a1cd149912e6c7a
GET /favicon.ico HTTP/1.1
Host: www.ahadhealthupdate.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/2022/07/atoptions-key-915a0d6256f91913afc69662e.html
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=23c83a0b-ee85-4559-8b4e-f88ef7584071%3A3%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=sandwichesinstinctive.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon; charset=UTF-8
expires: Fri, 25 Nov 2022 08:02:03 GMT
date: Fri, 25 Nov 2022 08:02:03 GMT
cache-control: private, max-age=86400
last-modified: Mon, 21 Nov 2022 03:41:48 GMT
etag: W/"4cea0792290726c015c7260964db5ba221ad75df41ed29a9c013888b131323cd"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 677
server: GSE
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEj0AHR6Gb8YK5BbzfEoNQL_gsFWPdH5f_1iUeGObRX1c_vzKFR0O3zZ8JImPoRR8GZlOiA-Hs5F79flFnI_kWGeU-m484gLA56Yos2ZhBLC2Mf0hgOLQRWHZPFzSYXRPeG48H6VQZ5y4kUueVxqgiVtjPiWoFmV3O8kEYVhmC596WLVFQHMtynL1UrihA=s183
142.250.74.33200 OK 4.0 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEj0AHR6Gb8YK5BbzfEoNQL_gsFWPdH5f_1iUeGObRX1c_vzKFR0O3zZ8JImPoRR8GZlOiA-Hs5F79flFnI_kWGeU-m484gLA56Yos2ZhBLC2Mf0hgOLQRWHZPFzSYXRPeG48H6VQZ5y4kUueVxqgiVtjPiWoFmV3O8kEYVhmC596WLVFQHMtynL1UrihA=s183
IP 142.250.74.33:0
File type PNG image data, 183 x 60, 8-bit/color RGB, non-interlaced\012- data
Hash 63a13280d145247327da26769eaabb97
68d79c51ecfc1058dbc18fadc052554d1affb3a0
3f435a3f0378e69cf4661a21b8a41dda81b7ad63e401e263a44b45fbabc6c778
GET /img/a/AVvXsEj0AHR6Gb8YK5BbzfEoNQL_gsFWPdH5f_1iUeGObRX1c_vzKFR0O3zZ8JImPoRR8GZlOiA-Hs5F79flFnI_kWGeU-m484gLA56Yos2ZhBLC2Mf0hgOLQRWHZPFzSYXRPeG48H6VQZ5y4kUueVxqgiVtjPiWoFmV3O8kEYVhmC596WLVFQHMtynL1UrihA=s183 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v6ef"
expires: Sat, 26 Nov 2022 08:02:04 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="DAILY HEALTH INFO.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 08:02:04 GMT
server: fife
content-length: 3994
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEiWUyNpluYQupguNjolpTVciZnb2e73F4CAsKTn0YW6RPeoge5KAMN-2XmErAlO8C_Olc1ViYYTvcJRsWUZeDYb5dJzmUgt3ku4BJSjl7-9vhrXWWo5No6TemMv4vk3oLCvu05nvRe1yxfWildNNF_8Dh7soeyWE9IsIFhBjSEQA8-iGuTF6X2yhadWEg=s183
142.250.74.33200 OK 4.0 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEiWUyNpluYQupguNjolpTVciZnb2e73F4CAsKTn0YW6RPeoge5KAMN-2XmErAlO8C_Olc1ViYYTvcJRsWUZeDYb5dJzmUgt3ku4BJSjl7-9vhrXWWo5No6TemMv4vk3oLCvu05nvRe1yxfWildNNF_8Dh7soeyWE9IsIFhBjSEQA8-iGuTF6X2yhadWEg=s183
IP 142.250.74.33:0
File type PNG image data, 183 x 60, 8-bit/color RGB, non-interlaced\012- data
Hash 63a13280d145247327da26769eaabb97
68d79c51ecfc1058dbc18fadc052554d1affb3a0
3f435a3f0378e69cf4661a21b8a41dda81b7ad63e401e263a44b45fbabc6c778
GET /img/a/AVvXsEiWUyNpluYQupguNjolpTVciZnb2e73F4CAsKTn0YW6RPeoge5KAMN-2XmErAlO8C_Olc1ViYYTvcJRsWUZeDYb5dJzmUgt3ku4BJSjl7-9vhrXWWo5No6TemMv4vk3oLCvu05nvRe1yxfWildNNF_8Dh7soeyWE9IsIFhBjSEQA8-iGuTF6X2yhadWEg=s183 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v6f1"
expires: Sat, 26 Nov 2022 08:02:04 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="DAILY HEALTH INFO.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 08:02:04 GMT
server: fife
content-length: 3994
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b7757171f2e55c37975a5bcdeba7a4ae
1ce146a166c3c1d510d26c855321ca4b2426353d
7675dc8e0d7a554bf286e61db1c9546aa6fc7188cb83c3d9bd5beb80c2351fe5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 08:02:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_rQvbyluMp2EAEe34a1mnH_67_EcB9x9pi3SFMi7ET7iAaN9BbxcicTuGbKbm_5BmvDx6HsdwaXFcS7zUlj2I-i6djCq3Ybj0aie54sHM4axdB80j9wxW_OcM8bXAV7mG3rTka5O8qyApQ6sim0nBtlGI0M94l3zRTxoG3ioI2sd8A7ak0w-UNZDSYQ/s320/istockphoto-1163973538-612x612.jpg
142.250.74.33200 OK 31 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_rQvbyluMp2EAEe34a1mnH_67_EcB9x9pi3SFMi7ET7iAaN9BbxcicTuGbKbm_5BmvDx6HsdwaXFcS7zUlj2I-i6djCq3Ybj0aie54sHM4axdB80j9wxW_OcM8bXAV7mG3rTka5O8qyApQ6sim0nBtlGI0M94l3zRTxoG3ioI2sd8A7ak0w-UNZDSYQ/s320/istockphoto-1163973538-612x612.jpg
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, description=Mountain View, California, USA - March 28, 2018: Google sign at Google's headquarters in Silicon Valley. Google is an American , software=Google], baseline, precision 8, 320x213, components 3\012- data
Hash c8b429221efa24b59f8ded52c22292b6
eb1db8627aa8b22203f395ef0092ad612175bee1
9354dd36db9765dca49cd638d368a59287b39dccadbee49c66565421c8ac420b
GET /img/b/R29vZ2xl/AVvXsEg_rQvbyluMp2EAEe34a1mnH_67_EcB9x9pi3SFMi7ET7iAaN9BbxcicTuGbKbm_5BmvDx6HsdwaXFcS7zUlj2I-i6djCq3Ybj0aie54sHM4axdB80j9wxW_OcM8bXAV7mG3rTka5O8qyApQ6sim0nBtlGI0M94l3zRTxoG3ioI2sd8A7ak0w-UNZDSYQ/s320/istockphoto-1163973538-612x612.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v711"
expires: Sat, 26 Nov 2022 08:02:04 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="istockphoto-1163973538-612x612.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 08:02:04 GMT
server: fife
content-length: 31336
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_rQvbyluMp2EAEe34a1mnH_67_EcB9x9pi3SFMi7ET7iAaN9BbxcicTuGbKbm_5BmvDx6HsdwaXFcS7zUlj2I-i6djCq3Ybj0aie54sHM4axdB80j9wxW_OcM8bXAV7mG3rTka5O8qyApQ6sim0nBtlGI0M94l3zRTxoG3ioI2sd8A7ak0w-UNZDSYQ/w72-h72-p-k-no-nu/istockphoto-1163973538-612x612.jpg
142.250.74.33200 OK 4.8 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_rQvbyluMp2EAEe34a1mnH_67_EcB9x9pi3SFMi7ET7iAaN9BbxcicTuGbKbm_5BmvDx6HsdwaXFcS7zUlj2I-i6djCq3Ybj0aie54sHM4axdB80j9wxW_OcM8bXAV7mG3rTka5O8qyApQ6sim0nBtlGI0M94l3zRTxoG3ioI2sd8A7ak0w-UNZDSYQ/w72-h72-p-k-no-nu/istockphoto-1163973538-612x612.jpg
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, description=Mountain View, California, USA - March 28, 2018: Google sign at Google's headquarters in Silicon Valley. Google is an American , software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 879448f9116f8eccb0b1b0061a0d2b44
d22c6630e567a940482dd1febbab20b96c36b7f8
652c617be6d03724770519d44640ea97255c714d658dbf256f922c48abdb6642
GET /img/b/R29vZ2xl/AVvXsEg_rQvbyluMp2EAEe34a1mnH_67_EcB9x9pi3SFMi7ET7iAaN9BbxcicTuGbKbm_5BmvDx6HsdwaXFcS7zUlj2I-i6djCq3Ybj0aie54sHM4axdB80j9wxW_OcM8bXAV7mG3rTka5O8qyApQ6sim0nBtlGI0M94l3zRTxoG3ioI2sd8A7ak0w-UNZDSYQ/w72-h72-p-k-no-nu/istockphoto-1163973538-612x612.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v711"
expires: Sat, 26 Nov 2022 08:02:04 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="istockphoto-1163973538-612x612.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 08:02:04 GMT
server: fife
content-length: 4775
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie7Cer_Z5THMqGGkAuY8KGjtRTcZX02QdUPV5YbuQwhjHHc0AYWtbCkGuuREQa4U_o4WCrkqZS550mIHaNEfz5EzcohqivB5VxzDSoPV9m_S7Sbs60Rk3or6prOM9SUqeRCuuO5P3pme3mvgaW04-PaRIJ96iYLVf5mYc8rrh9_0qs-vTKypNn-6UCJA/w72-h72-p-k-no-nu/istockphoto-1390600542-612x612.jpg
142.250.74.33200 OK 6.6 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie7Cer_Z5THMqGGkAuY8KGjtRTcZX02QdUPV5YbuQwhjHHc0AYWtbCkGuuREQa4U_o4WCrkqZS550mIHaNEfz5EzcohqivB5VxzDSoPV9m_S7Sbs60Rk3or6prOM9SUqeRCuuO5P3pme3mvgaW04-PaRIJ96iYLVf5mYc8rrh9_0qs-vTKypNn-6UCJA/w72-h72-p-k-no-nu/istockphoto-1390600542-612x612.jpg
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, description=WEB 3.0 on futuristic electronic board background, Technology of decentralized social network connection concept, 3d rendering , software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 52f90f4407d8dd9fc6c773c00acd154c
c6df0d54847ee59514cc2e432886910c93a4ee85
b2d10a5f07841af45e4393b51a7ea6ae88770dee2dc5de9777f7c9f882cdb863
GET /img/b/R29vZ2xl/AVvXsEie7Cer_Z5THMqGGkAuY8KGjtRTcZX02QdUPV5YbuQwhjHHc0AYWtbCkGuuREQa4U_o4WCrkqZS550mIHaNEfz5EzcohqivB5VxzDSoPV9m_S7Sbs60Rk3or6prOM9SUqeRCuuO5P3pme3mvgaW04-PaRIJ96iYLVf5mYc8rrh9_0qs-vTKypNn-6UCJA/w72-h72-p-k-no-nu/istockphoto-1390600542-612x612.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahadhealthupdate.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v70d"
expires: Sat, 26 Nov 2022 08:02:04 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="istockphoto-1390600542-612x612.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 08:02:04 GMT
server: fife
content-length: 6595
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2