r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5770
Expires: Mon, 05 Dec 2022 10:30:44 GMT
Date: Mon, 05 Dec 2022 08:54:34 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6153
Cache-Control: max-age=98356
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:34 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 12:13:50 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 08:18:28 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2166
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5480
Expires: Mon, 05 Dec 2022 10:25:54 GMT
Date: Mon, 05 Dec 2022 08:54:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: HuBGPozazzba6uTp/QtP3dv9UCEhAVD4wAVjIytaJapBEUmtZOO5qAXrp4lA5fT1QSgJJi45Mzo=
x-amz-request-id: 9ASTE0YSV0D41ZEP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 08:47:54 GMT
age: 400
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocionometro.blogspot.com.br/2010/06/mudanca-de-sexo.html
172.217.21.161302 Moved Temporarily 200 B URL HTTP/1.1 ocionometro.blogspot.com.br/2010/06/mudanca-de-sexo.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 0d703fe571879329135c17266cdcf62a
448f36571ba7e1a98184383d32ba5564296b291a
f62c209e7ff54af0a68647a0bc283780e85e7730cf16275553b8faae259db334
Analyzer Verdict Alert fortinet Malware
GET /2010/06/mudanca-de-sexo.html HTTP/1.1
Host: ocionometro.blogspot.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://ocionometro.blogspot.com/2010/06/mudanca-de-sexo.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 05 Dec 2022 08:54:35 GMT
Expires: Mon, 05 Dec 2022 08:54:35 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 200
Server: GSE
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 08:11:19 GMT
cache-control: public,max-age=3600
age: 2596
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6143
Cache-Control: max-age=93279
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:35 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:49:14 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.41.252.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.252.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1oDAKqV1DasBP5HLXMt3WA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4oYjxQYunL3Qqvy7Ob6NfntLS58=
ocionometro.blogspot.com/2010/06/mudanca-de-sexo.html
172.217.21.161200 OK 22 kB URL HTTP/1.1 ocionometro.blogspot.com/2010/06/mudanca-de-sexo.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (672)
Hash bba89f7a42d59f854d0a13a5331a3614
e83fdee60df6d31fe63fca2c4a0045bfb4601eee
2774b8927ce293e26d33e4aef4829ee2ebe1a50a6ff9ebb5290571d117e0ca5e
Analyzer Verdict Alert fortinet Malware
GET /2010/06/mudanca-de-sexo.html HTTP/1.1
Host: ocionometro.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Mon, 05 Dec 2022 08:54:36 GMT
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: private, max-age=0
Last-Modified: Sat, 26 Nov 2022 10:44:54 GMT
ETag: W/"5430fc94eb38bb2ffa0a66ba2b34ffca753d71946d3d2a81e1fdc0dc49375eeb"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 21748
Server: GSE
fonts.googleapis.com/css?family=Playfair+Display
142.250.74.106200 OK 470 B URL HTTP/1.1 fonts.googleapis.com/css?family=Playfair+Display
IP 142.250.74.106:0
Hash 4c6f023a89a6c31c6f9b5e349285e023
b0c74f61f43f0144ee2e7df0486c5494d4db235f
68b66f0c04f81ad55b8332685073fc5e33adc4fe4e9e36bf4dba27be3c25e3a7
GET /css?family=Playfair+Display HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 05 Dec 2022 08:54:36 GMT
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Lobster
142.250.74.106200 OK 475 B URL HTTP/1.1 fonts.googleapis.com/css?family=Lobster
IP 142.250.74.106:0
Hash 11b42bb2b41a38de996516693aae0a82
43f4ef56713050f19588ec2f21e9548ad458ab54
523314ef4bde5c970a60ca92fabea3f0b038e5f3efbec6e0e536d99ea101ae0f
GET /css?family=Lobster HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 05 Dec 2022 08:54:36 GMT
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Shadows+Into+Light
142.250.74.106200 OK 293 B URL HTTP/1.1 fonts.googleapis.com/css?family=Shadows+Into+Light
IP 142.250.74.106:0
Hash c0a373af9d19a4513a84e932ae335bbc
d9b073f8896d6dbd42e7c63a990ee3ec4d3bd1a5
1e9e766c84d5eacfdccc15d52ab367c2c1b143d16dee041c5715c15e25ea912b
GET /css?family=Shadows+Into+Light HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 05 Dec 2022 08:54:36 GMT
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Droid+Sans:bold
142.250.74.106200 OK 278 B URL HTTP/1.1 fonts.googleapis.com/css?family=Droid+Sans:bold
IP 142.250.74.106:0
Hash 5d566a8e9e9aba2a075c6eb8caafc3e7
87b7cab3979cc2710132458e96f038c14c7aef2b
68940e03b372fea71a28540959d3daf418d98bbcebf342ac51b789d7abf5a7e6
GET /css?family=Droid+Sans:bold HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 05 Dec 2022 08:54:36 GMT
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Droid+Serif:bold
142.250.74.106200 OK 279 B URL HTTP/1.1 fonts.googleapis.com/css?family=Droid+Serif:bold
IP 142.250.74.106:0
Hash 043942583e9f4b9c059124714a741b43
0caae8318397cfd07dce018498f0a52923094dfa
d8f0bd3ef278b2282a8f7f3bd5138eb6a201e3f0b7b3138ab9797edcab7e1883
GET /css?family=Droid+Serif:bold HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 05 Dec 2022 08:54:36 GMT
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Raleway:100
142.250.74.106200 OK 493 B URL HTTP/1.1 fonts.googleapis.com/css?family=Raleway:100
IP 142.250.74.106:0
Hash 66cd89b3a816026bec97d432135c9707
58f140e40bce93063decc23c7d67d24ff55a75c7
bcf76f390e80767af8ff2f3bb046cefa3eb087d359c8ea65005ffa2656e56765
GET /css?family=Raleway:100 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 05 Dec 2022 08:54:36 GMT
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocionometro.blogspot.com/js/cookienotice.js
172.217.21.161200 OK 2.0 kB URL HTTP/1.1 ocionometro.blogspot.com/js/cookienotice.js
IP 172.217.21.161:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
Analyzer Verdict Alert fortinet Malware
GET /js/cookienotice.js HTTP/1.1
Host: ocionometro.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/2010/06/mudanca-de-sexo.html
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 04 Dec 2022 12:51:10 GMT
Expires: Sun, 11 Dec 2022 12:51:10 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sun, 04 Dec 2022 11:51:07 GMT
Content-Type: text/javascript
Age: 72206
pagead2.googlesyndication.com/pagead/show_ads.js
216.58.207.226200 OK 36 kB URL HTTP/1.1 pagead2.googlesyndication.com/pagead/show_ads.js
IP 216.58.207.226:0
File type ASCII text, with very long lines (3577)
Hash c802d6aed4db96880c2c9af9613c0625
c73bce7c2a0dc3e3b3f8af70aad4f5414c9163be
6459db295a7c0d64248c33ee509ea58f5d5e3e551d1928d502f2dfde5ed90863
GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Mon, 05 Dec 2022 08:54:36 GMT
Expires: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 8379707187089999966
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 36166
X-XSS-Protection: 0
bloggerblogwidgets.googlecode.com/svn/trunk/auto-hide-social-bookmarking-way2blogging.css
173.194.222.82404 Not Found 1.6 kB URL HTTP/1.1 bloggerblogwidgets.googlecode.com/svn/trunk/auto-hide-social-bookmarking-way2blogging.css
IP 173.194.222.82:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 8139253c48e13aff6797aee728471885
4b63d3c2f47c7036441b5c88094760afeedbf762
f44ba57a96b0d3adcaefd19c51aec57f3c06a913696b2ac8c192339eb1e8dd09
GET /svn/trunk/auto-hide-social-bookmarking-way2blogging.css HTTP/1.1
Host: bloggerblogwidgets.googlecode.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1616
Date: Mon, 05 Dec 2022 08:54:36 GMT
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 29335a536fd47c44f11a984665f501f6
46dbfa43c5a94c6baec55a9e89cb1cb0cee7eb69
39d8bc234639a4fceeee88f10319692733e37388c06ae5567971f9dbb7c0aab5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 1e5e51fbc58282a2410de240a13bac3d
03e7151c23e4ed5efc5a4415fc5dcb01f0d5e019
ad20d69cf3f84ec6bee56a570acbce60d0ade6bdf201397a1de2417fed11b3fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3eb49088cb079aacf8b1e395e69b68b3
c437fb2b4a604c70a876a918eeac9f33c11220af
655a0369b319f02ca9c48ce312da812ea0ce9387e729ee250e23a3f43af639d3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1603
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Etag: "638d4cb1-1d7"
Last-Modified: Mon, 05 Dec 2022 08:27:53 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
142.250.74.41200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
IP 142.250.74.41:0
File type ASCII text, with very long lines (30596)
Hash 6f46e6f68353c7911fe34f31faa1518f
ea4dbfa2f87c18e9c51c59a32dfa9afb9c2c3472
0be7e26374fcff6f423b88e5f2a05d1cfdcb56abb4a78fa125e391989782ae0f
GET /static/v1/widgets/55013136-widget_css_bundle.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 14:01:43 GMT
expires: Wed, 29 Nov 2023 14:01:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 28 Nov 2022 14:50:39 GMT
content-type: text/css
age: 499973
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 29335a536fd47c44f11a984665f501f6
46dbfa43c5a94c6baec55a9e89cb1cb0cee7eb69
39d8bc234639a4fceeee88f10319692733e37388c06ae5567971f9dbb7c0aab5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
142.250.74.170200 OK 27 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (820)
Hash 88ed7d5a26ffff39cbae41fa7b2c615d
5ea49f5aeeb49e8abd640da2f6d657fb57cc5acc
52943bd40a595c39f84e23ddd74755daa4d013b55c709de9b312661e59103ab3
GET /ajax/libs/jquery/1.4.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 27266
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 20:33:11 GMT
expires: Tue, 28 Nov 2023 20:33:11 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 562885
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/2342155703-widgets.js
142.250.74.41200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2342155703-widgets.js
IP 142.250.74.41:0
File type ASCII text, with very long lines (2221)
Hash 1217c8e34acb09c7cea97bae4d386ea1
55ee17703d0a7710943e93913bacb49220d98b4b
c2f23437ab938096bf8b40de8b08c4f27bb880b7ef8588481ec5ccc08b58870b
GET /static/v1/widgets/2342155703-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 05:43:29 GMT
expires: Wed, 29 Nov 2023 05:43:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 28 Nov 2022 14:50:39 GMT
content-type: text/javascript
age: 529867
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon_delete13.gif
142.250.74.41200 OK 140 B URL HTTP/2 resources.blogblog.com/img/icon_delete13.gif
IP 142.250.74.41:0
File type GIF image data, version 89a, 13 x 13\012- data
Hash e7f55c98f18368f2ba26a008b1d40fc3
bb509d770d2d149060707c2c2c01776e86b858c4
69ff07a31a102649f3e0d08a967c39b134286293b85aac0885b3102a9120f1a6
GET /img/icon_delete13.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 140
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 16:34:35 GMT
expires: Tue, 06 Dec 2022 16:34:35 GMT
cache-control: public, max-age=604800
last-modified: Tue, 29 Nov 2022 03:53:34 GMT
content-type: image/gif
age: 490801
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dl.dropbox.com/u/1944599/page.nav123.js
162.125.71.15301 Moved Permanently 0 B URL HTTP/1.1 dl.dropbox.com/u/1944599/page.nav123.js
IP 162.125.71.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /u/1944599/page.nav123.js HTTP/1.1
Host: dl.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 301 Moved Permanently
location: https://dl.dropbox.com/u/1944599/page.nav123.js
date: Mon, 05 Dec 2022 08:54:36 GMT
server: envoy
x-dropbox-request-id: 308f7eff277441b5bef06a69b1a74967
content-length: 0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c7f307380854586da101738174034bb8
ed2ae28159d0844079f34edc93ba7388e34a82dd
3fec8d210d766fd9899172503dcedd649b9e64d25e674db4327149467362d430
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1014
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Last-Modified: Mon, 05 Dec 2022 08:37:43 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 29335a536fd47c44f11a984665f501f6
46dbfa43c5a94c6baec55a9e89cb1cb0cee7eb69
39d8bc234639a4fceeee88f10319692733e37388c06ae5567971f9dbb7c0aab5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 29335a536fd47c44f11a984665f501f6
46dbfa43c5a94c6baec55a9e89cb1cb0cee7eb69
39d8bc234639a4fceeee88f10319692733e37388c06ae5567971f9dbb7c0aab5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8ead0ac4ce19cef2471bae0458759d89
af02fd3fcd2e10cfa2458407c0c2e59a43e18517
507b93c64bab73e393cf8d8131415ef4d4b01e65e0f2ab73597715197845e75e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dicasdownload.net/imagen-template-blogger/ucc.js
190.2.139.23200 OK 6.6 kB URL HTTP/1.1 dicasdownload.net/imagen-template-blogger/ucc.js
IP 190.2.139.23:0
ASN #49981 WorldStream B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (16837)
Hash a6d91bf0c47c3a59f67c7bfe16c18961
42c74c26d0ca415334828b24e510ee87181cfac5
aaf616f4c9704589e5c2bc147557ac463aa42c38c37358d26ff297b13307e291
Analyzer Verdict Alert fortinet Malware
GET /imagen-template-blogger/ucc.js HTTP/1.1
Host: dicasdownload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 05 Dec 2022 08:54:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
X-Powered-By: PHP/7.2.34
Content-Encoding: gzip
resources.blogblog.com/img/blank.gif
142.250.74.41200 OK 43 B URL HTTP/1.1 resources.blogblog.com/img/blank.gif
IP 142.250.74.41:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /img/blank.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 43
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 29 Nov 2022 11:18:21 GMT
Expires: Tue, 06 Dec 2022 11:18:21 GMT
Cache-Control: public, max-age=604800
Last-Modified: Tue, 29 Nov 2022 05:51:11 GMT
Content-Type: image/gif
Age: 509775
4.bp.blogspot.com/-1PTkR7-l0E0/Thda2ZneE1I/AAAAAAAAB_o/DZ-Lve1Gy5w/s000/rss.png
142.250.74.161200 OK 1.5 kB URL HTTP/1.1 4.bp.blogspot.com/-1PTkR7-l0E0/Thda2ZneE1I/AAAAAAAAB_o/DZ-Lve1Gy5w/s000/rss.png
IP 142.250.74.161:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash bac29629d2b8bd521428f0f502011f86
469f50c69906d2588554935d0ef8ef3e1700a4e4
93c2effcbf7e12461ffaf5f6083f4c8e7845661b118e6c8dd740f41e14feb0c6
GET /-1PTkR7-l0E0/Thda2ZneE1I/AAAAAAAAB_o/DZ-Lve1Gy5w/s000/rss.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v7fa"
Expires: Tue, 06 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="rss.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:36 GMT
Server: fife
Content-Length: 1460
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 67e4709c84acec8eddbeb11d56e7d0fd
32a14eeba023499cda0d49fd785ac7626f4a5582
8953090ad9df36f81c3393cc6c67c87b6ad521b8806c7ea004e0b4354b9e1c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 67e4709c84acec8eddbeb11d56e7d0fd
32a14eeba023499cda0d49fd785ac7626f4a5582
8953090ad9df36f81c3393cc6c67c87b6ad521b8806c7ea004e0b4354b9e1c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dl.dropbox.com/u/1944060/cd.js
162.125.71.15404 Not Found 5.8 kB URL HTTP/2 dl.dropbox.com/u/1944060/cd.js
IP 162.125.71.15:0
Hash 045caa1aa330da0c3258d3f4a51ed7c8
76b5ac3f9bc6ffff9e5484ba512fc9486322e3e0
86515a7d56e8fd9c70c557564f3a6b6e8c7ebc3f6dbedde8ab680276bc33dc90
GET /u/1944060/cd.js HTTP/1.1
Host: dl.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ocionometro.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html
date: Mon, 05 Dec 2022 08:54:36 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: remote
x-dropbox-request-id: 35a34139568b4973879bc9a7440691dd
X-Firefox-Spdy: h2
lh3-testonly.googleusercontent.com/blogger_img_proxy/ANbyha2Vabktk74Wj6LKPytov8idFec3AcM9ieLzUUfmXKb2052d5KxXxHuey5J4jnUKTdYdzgt4kMgdZGfaZFsUnIzenDU_ziknqh5ScpwPM3CG91HyGPJZPVHeHJR77DA=w72-h72-p-k-no-nu
216.58.207.225404 Not Found 1.7 kB URL HTTP/2 lh3-testonly.googleusercontent.com/blogger_img_proxy/ANbyha2Vabktk74Wj6LKPytov8idFec3AcM9ieLzUUfmXKb2052d5KxXxHuey5J4jnUKTdYdzgt4kMgdZGfaZFsUnIzenDU_ziknqh5ScpwPM3CG91HyGPJZPVHeHJR77DA=w72-h72-p-k-no-nu
IP 216.58.207.225:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 825ed694f43b1edc556dcc6ebc8096b1
edc9dd62df1d9741d4123659d946d2b8f74bbe17
d53f7c45a7773d5291cf1710562cd46e982f54ab2d9e5984bd39f498a4da0286
GET /blogger_img_proxy/ANbyha2Vabktk74Wj6LKPytov8idFec3AcM9ieLzUUfmXKb2052d5KxXxHuey5J4jnUKTdYdzgt4kMgdZGfaZFsUnIzenDU_ziknqh5ScpwPM3CG91HyGPJZPVHeHJR77DA=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3-testonly.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 08:54:36 GMT
server: sffe
content-length: 1728
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lh3-testonly.googleusercontent.com/blogger_img_proxy/ANbyha1M5xfmDr58Fc28EomZSjI1T02hh74krQmUzb2ji8B543pPPTUqAb_XWU3Pn8M0tn8fngFJu7n9bSeeFMeU0TEpoDS1VrKg7zhrxF_A85bnc6AJNvcF6tcJSFURHGjyIw=w72-h72-p-k-no-nu
216.58.207.225404 Not Found 1.7 kB URL HTTP/2 lh3-testonly.googleusercontent.com/blogger_img_proxy/ANbyha1M5xfmDr58Fc28EomZSjI1T02hh74krQmUzb2ji8B543pPPTUqAb_XWU3Pn8M0tn8fngFJu7n9bSeeFMeU0TEpoDS1VrKg7zhrxF_A85bnc6AJNvcF6tcJSFURHGjyIw=w72-h72-p-k-no-nu
IP 216.58.207.225:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 865eaf2900469062068f635a6c2abe66
fb66b8e52e62a82497e46b04374943e0b5dcb48d
cf23438a716c7025dda38292a462b161dbffc38ac50aec2ea45f29c4774c4cb6
GET /blogger_img_proxy/ANbyha1M5xfmDr58Fc28EomZSjI1T02hh74krQmUzb2ji8B543pPPTUqAb_XWU3Pn8M0tn8fngFJu7n9bSeeFMeU0TEpoDS1VrKg7zhrxF_A85bnc6AJNvcF6tcJSFURHGjyIw=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3-testonly.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 08:54:36 GMT
server: sffe
content-length: 1731
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
216.58.207.226200 OK 67 B URL HTTP/1.1 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 216.58.207.226:0
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Sun, 04 Dec 2022 10:29:51 GMT
Expires: Sun, 18 Dec 2022 10:29:51 GMT
Cache-Control: public, max-age=1209600
ETag: 13036835877489095579
Content-Type: text/javascript; charset=UTF-8
Age: 80685
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 67e4709c84acec8eddbeb11d56e7d0fd
32a14eeba023499cda0d49fd785ac7626f4a5582
8953090ad9df36f81c3393cc6c67c87b6ad521b8806c7ea004e0b4354b9e1c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lh3.ggpht.com/_mcq01yDJ2uY/Sdke3rFjMUI/AAAAAAAAAkE/o0kR0MfngXA/Germany.png
142.250.74.161404 Not Found 832 B URL HTTP/1.1 lh3.ggpht.com/_mcq01yDJ2uY/Sdke3rFjMUI/AAAAAAAAAkE/o0kR0MfngXA/Germany.png
IP 142.250.74.161:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 596246739a83bb45e30e13437e0810d9
203d99f5cb1f2c816d6f9974cc5a73cf412892a6
94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
GET /_mcq01yDJ2uY/Sdke3rFjMUI/AAAAAAAAAkE/o0kR0MfngXA/Germany.png HTTP/1.1
Host: lh3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:36 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
lh3.ggpht.com/_mcq01yDJ2uY/Sdke2xCmrPI/AAAAAAAAAj0/Jv14yyDo1i4/Italy.png
142.250.74.161404 Not Found 832 B URL HTTP/1.1 lh3.ggpht.com/_mcq01yDJ2uY/Sdke2xCmrPI/AAAAAAAAAj0/Jv14yyDo1i4/Italy.png
IP 142.250.74.161:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 596246739a83bb45e30e13437e0810d9
203d99f5cb1f2c816d6f9974cc5a73cf412892a6
94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
GET /_mcq01yDJ2uY/Sdke2xCmrPI/AAAAAAAAAj0/Jv14yyDo1i4/Italy.png HTTP/1.1
Host: lh3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:36 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
lh5.ggpht.com/_mcq01yDJ2uY/SdkfGVESWsI/AAAAAAAAAkk/-ruu99vFElQ/Russian%20Federation.png
142.250.74.161404 Not Found 832 B URL HTTP/1.1 lh5.ggpht.com/_mcq01yDJ2uY/SdkfGVESWsI/AAAAAAAAAkk/-ruu99vFElQ/Russian%20Federation.png
IP 142.250.74.161:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 596246739a83bb45e30e13437e0810d9
203d99f5cb1f2c816d6f9974cc5a73cf412892a6
94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
GET /_mcq01yDJ2uY/SdkfGVESWsI/AAAAAAAAAkk/-ruu99vFElQ/Russian%20Federation.png HTTP/1.1
Host: lh5.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
lh4.ggpht.com/_mcq01yDJ2uY/SdkfGSkRgfI/AAAAAAAAAkc/X4E87SASLtA/France.png
142.250.74.161404 Not Found 832 B URL HTTP/1.1 lh4.ggpht.com/_mcq01yDJ2uY/SdkfGSkRgfI/AAAAAAAAAkc/X4E87SASLtA/France.png
IP 142.250.74.161:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 596246739a83bb45e30e13437e0810d9
203d99f5cb1f2c816d6f9974cc5a73cf412892a6
94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
GET /_mcq01yDJ2uY/SdkfGSkRgfI/AAAAAAAAAkc/X4E87SASLtA/France.png HTTP/1.1
Host: lh4.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
lh5.ggpht.com/_mcq01yDJ2uY/Sdke3f2KbNI/AAAAAAAAAj8/xyGLFdUZbVY/Japan.png
142.250.74.161404 Not Found 832 B URL HTTP/1.1 lh5.ggpht.com/_mcq01yDJ2uY/Sdke3f2KbNI/AAAAAAAAAj8/xyGLFdUZbVY/Japan.png
IP 142.250.74.161:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 596246739a83bb45e30e13437e0810d9
203d99f5cb1f2c816d6f9974cc5a73cf412892a6
94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
GET /_mcq01yDJ2uY/Sdke3f2KbNI/AAAAAAAAAj8/xyGLFdUZbVY/Japan.png HTTP/1.1
Host: lh5.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
lh5.ggpht.com/_mcq01yDJ2uY/Sdke4C8za2I/AAAAAAAAAkU/Mpfn_ntCweU/China.png
142.250.74.161404 Not Found 832 B URL HTTP/1.1 lh5.ggpht.com/_mcq01yDJ2uY/Sdke4C8za2I/AAAAAAAAAkU/Mpfn_ntCweU/China.png
IP 142.250.74.161:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 596246739a83bb45e30e13437e0810d9
203d99f5cb1f2c816d6f9974cc5a73cf412892a6
94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
GET /_mcq01yDJ2uY/Sdke4C8za2I/AAAAAAAAAkU/Mpfn_ntCweU/China.png HTTP/1.1
Host: lh5.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
lh3.ggpht.com/_mcq01yDJ2uY/Sdke312ethI/AAAAAAAAAkM/KeACgltRc38/Spain.png
142.250.74.161404 Not Found 832 B URL HTTP/1.1 lh3.ggpht.com/_mcq01yDJ2uY/Sdke312ethI/AAAAAAAAAkM/KeACgltRc38/Spain.png
IP 142.250.74.161:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 596246739a83bb45e30e13437e0810d9
203d99f5cb1f2c816d6f9974cc5a73cf412892a6
94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
GET /_mcq01yDJ2uY/Sdke312ethI/AAAAAAAAAkM/KeACgltRc38/Spain.png HTTP/1.1
Host: lh3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
lh4.ggpht.com/_mcq01yDJ2uY/SdkhG4bjxqI/AAAAAAAAAks/Ws6AzZdnZTw/United%20States%20of%20America%20%28USA%29.png
142.250.74.161404 Not Found 832 B URL HTTP/1.1 lh4.ggpht.com/_mcq01yDJ2uY/SdkhG4bjxqI/AAAAAAAAAks/Ws6AzZdnZTw/United%20States%20of%20America%20%28USA%29.png
IP 142.250.74.161:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 596246739a83bb45e30e13437e0810d9
203d99f5cb1f2c816d6f9974cc5a73cf412892a6
94aa7bf7f0d9660bb348ed4ed7faaa42c63f1a40f591dab32ce5046765df3615
GET /_mcq01yDJ2uY/SdkhG4bjxqI/AAAAAAAAAks/Ws6AzZdnZTw/United%20States%20of%20America%20%28USA%29.png HTTP/1.1
Host: lh4.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 832
X-XSS-Protection: 0
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4120
Expires: Mon, 05 Dec 2022 10:03:17 GMT
Date: Mon, 05 Dec 2022 08:54:37 GMT
Connection: keep-alive
3.bp.blogspot.com/_uftQ_FJxp0k/TAWlRQYivLI/AAAAAAAAARk/4fHy8yLIWWQ/w72-h72-p-k-no-nu/realizando-o-veio.jpg
142.250.74.161200 OK 3.9 kB URL HTTP/1.1 3.bp.blogspot.com/_uftQ_FJxp0k/TAWlRQYivLI/AAAAAAAAARk/4fHy8yLIWWQ/w72-h72-p-k-no-nu/realizando-o-veio.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 7df3de1c8237b54a5d466bfbf804f0cb
080e7c156fafbfa6fbfac39dbaf9ef36b41b2cb1
8599191ee4dbc1c444544177ac6a335250457b64699bc9c63ecd54ccd4ad47a8
GET /_uftQ_FJxp0k/TAWlRQYivLI/AAAAAAAAARk/4fHy8yLIWWQ/w72-h72-p-k-no-nu/realizando-o-veio.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v119"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="realizando-o-veio.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 3854
X-XSS-Protection: 0
3.bp.blogspot.com/_uftQ_FJxp0k/TG8W8xOuTyI/AAAAAAAABOk/VKAPgCjhFKc/w72-h72-p-k-no-nu/plancton.jpg
142.250.74.161200 OK 3.1 kB URL HTTP/1.1 3.bp.blogspot.com/_uftQ_FJxp0k/TG8W8xOuTyI/AAAAAAAABOk/VKAPgCjhFKc/w72-h72-p-k-no-nu/plancton.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 9190228ba011c3dfe3fe802e3022ff04
6f6e4452b1763c7ba6e71b48b222c7ba30aa3fb1
a7ca5f4678f8182851d7d38e156726f2748715a04ae0e6813e617d5854c84f53
GET /_uftQ_FJxp0k/TG8W8xOuTyI/AAAAAAAABOk/VKAPgCjhFKc/w72-h72-p-k-no-nu/plancton.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v4e9"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="plancton.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 3095
X-XSS-Protection: 0
4.bp.blogspot.com/_uftQ_FJxp0k/TAfqNmBobsI/AAAAAAAAAWo/iPH2sKSRY38/w72-h72-p-k-no-nu/papo-nerd.jpg
142.250.74.161200 OK 2.9 kB URL HTTP/1.1 4.bp.blogspot.com/_uftQ_FJxp0k/TAfqNmBobsI/AAAAAAAAAWo/iPH2sKSRY38/w72-h72-p-k-no-nu/papo-nerd.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash e8489a963ddcaeeb9c75f51be1d972e5
6ed92c979b6dac37f028777fbe1e689bf4c4cfe7
f260d905cbab15ab95ae7f68d120eb633f45063f12fecbf05a79fe4a36d83d2f
GET /_uftQ_FJxp0k/TAfqNmBobsI/AAAAAAAAAWo/iPH2sKSRY38/w72-h72-p-k-no-nu/papo-nerd.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v16a"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="papo-nerd.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 2918
X-XSS-Protection: 0
2.bp.blogspot.com/_F18UPN9YSLo/S-SGJoo9G4I/AAAAAAAAA9w/GWQ0z2oXoU8/w72-h72-p-k-no-nu/marido_corno_thumb%5B5%5D.jpg
142.250.74.161200 OK 3.8 kB URL HTTP/1.1 2.bp.blogspot.com/_F18UPN9YSLo/S-SGJoo9G4I/AAAAAAAAA9w/GWQ0z2oXoU8/w72-h72-p-k-no-nu/marido_corno_thumb%5B5%5D.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 0ac849dd18bb1670d8b46deb28fe86b6
caad9d64e909241ebc31919ad16b7c6409be69d3
a3b08c0f333b56bfd8131387810b47ebdfbba6f6aae2d53de5151980a66283e8
GET /_F18UPN9YSLo/S-SGJoo9G4I/AAAAAAAAA9w/GWQ0z2oXoU8/w72-h72-p-k-no-nu/marido_corno_thumb%5B5%5D.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v3dc"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="marido_corno_thumb[5].jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 3816
X-XSS-Protection: 0
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4120
Expires: Mon, 05 Dec 2022 10:03:17 GMT
Date: Mon, 05 Dec 2022 08:54:37 GMT
Connection: keep-alive
4.bp.blogspot.com/_uftQ_FJxp0k/TBAR8-bqY_I/AAAAAAAAAfg/FiJ4-JQ2GXw/w72-h72-p-k-no-nu/Dicionario.jpg
142.250.74.161200 OK 1.9 kB URL HTTP/1.1 4.bp.blogspot.com/_uftQ_FJxp0k/TBAR8-bqY_I/AAAAAAAAAfg/FiJ4-JQ2GXw/w72-h72-p-k-no-nu/Dicionario.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 0b2565f7bf3799f75747356401813853
c5ec4ddd1036f33052729154e5f39a1c9bb8af36
845219d853eec3f038f480deaa9c9fc7d372a560cf1a3c4d772afc70eb05dd2f
GET /_uftQ_FJxp0k/TBAR8-bqY_I/AAAAAAAAAfg/FiJ4-JQ2GXw/w72-h72-p-k-no-nu/Dicionario.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v15ad"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Dicionario.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 1897
X-XSS-Protection: 0
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:01 GMT
age: 39096
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4120
Expires: Mon, 05 Dec 2022 10:03:17 GMT
Date: Mon, 05 Dec 2022 08:54:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:41 GMT
age: 39716
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15537f94-1f24-4010-9d46-d70fec20ced3.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15537f94-1f24-4010-9d46-d70fec20ced3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1be5ade2f8eb160f9974766374c9dd01
8d3d92355304ccfcd50ae96f55b2754220f05187
5087642c70cd92613c2a490b532fc7651c4b25f8712a59b4f7a178cc44cdf90f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15537f94-1f24-4010-9d46-d70fec20ced3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6827
x-amzn-requestid: d4dfc77c-65cc-46f1-b8a3-ea6cebd0976d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUYE2woAMFgPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-639ca0813c23b9cb75ff24c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lhweRJZbG0P_lxekUIz506RXW5f9iVQ1Cvfg-k3gJTWHIrzTu2uenQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 04:50:04 GMT
age: 14673
etag: "8d3d92355304ccfcd50ae96f55b2754220f05187"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
4.bp.blogspot.com/_PdzwCrB7c_s/TAuQacvVp9I/AAAAAAAAAPI/DwltIy-iARs/w72-h72-p-k-no-nu/Tatyana+Ali+-+Ashley+Banks+-+Um+maluco+no+peda%C3%A7o.jpg
142.250.74.161404 Not Found 1.7 kB URL HTTP/1.1 4.bp.blogspot.com/_PdzwCrB7c_s/TAuQacvVp9I/AAAAAAAAAPI/DwltIy-iARs/w72-h72-p-k-no-nu/Tatyana+Ali+-+Ashley+Banks+-+Um+maluco+no+peda%C3%A7o.jpg
IP 142.250.74.161:0
File type PNG image data, 72 x 72, 8-bit colormap, non-interlaced\012- data
Hash 58a17151a9a7dc2d32cedfff483923a8
a16dc81e6f06a4b14410119c5d02360276fcdc75
f7b3785f331b99dfd1cde553845fb0bfc5b1b4d48f1628aff98c0cd561ac041b
GET /_PdzwCrB7c_s/TAuQacvVp9I/AAAAAAAAAPI/DwltIy-iARs/w72-h72-p-k-no-nu/Tatyana+Ali+-+Ashley+Banks+-+Um+maluco+no+peda%C3%A7o.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Type: image/png
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 1742
X-XSS-Protection: 0
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f71032604eecccf0a81f323a5f96a400
f8866d4f3185bcf7871581d75339998b34d6cf6d
d053eedc717d7fd86e621ba948680be16538396d1ba9854b6816626d149b1c57
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6886
x-amzn-requestid: d721caf6-2252-4ede-9533-3d3fcd6cce0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpsw-FfRoAMFtOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d5b39-7644a195142f6c420ec7eac6;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 02:45:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RwhNdxS-EBTraqzS_TnCNXj3JXgz5NkO8oLyQaHOhHdtnvBbg4vsRQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 02:45:13 GMT
etag: "f8866d4f3185bcf7871581d75339998b34d6cf6d"
content-type: image/jpeg
age: 22164
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4120
Expires: Mon, 05 Dec 2022 10:03:17 GMT
Date: Mon, 05 Dec 2022 08:54:37 GMT
Connection: keep-alive
3.bp.blogspot.com/_C51UI7MpnjA/THHH5EdTfrI/AAAAAAAAAMQ/9C5wQid2F98/w72-h72-p-k-no-nu/homens-pelados-13-400x552.jpg
142.250.74.161200 OK 3.9 kB URL HTTP/1.1 3.bp.blogspot.com/_C51UI7MpnjA/THHH5EdTfrI/AAAAAAAAAMQ/9C5wQid2F98/w72-h72-p-k-no-nu/homens-pelados-13-400x552.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 15eeb76c6c09fcbae9bc6a560267a034
d65b23d0b2573d552775688b6baa4899ed395d38
e9a9be1bff0b8a3d4d6263c7ecb225724c2cf69208cf88145f71ba41e457bbd7
GET /_C51UI7MpnjA/THHH5EdTfrI/AAAAAAAAAMQ/9C5wQid2F98/w72-h72-p-k-no-nu/homens-pelados-13-400x552.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "vc4"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="homens-pelados-13-400x552.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 3894
X-XSS-Protection: 0
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4120
Expires: Mon, 05 Dec 2022 10:03:17 GMT
Date: Mon, 05 Dec 2022 08:54:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8ugcixaNsXG-AIHYCfoyOWa5zowv2lb4qwWc8o5_7SQc_0w5HW4mBw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:52:48 GMT
age: 39709
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
2.bp.blogspot.com/_HmtxTVm6GPM/SU-oPDa0kyI/AAAAAAAADVo/T828hFTctKA/w72-h72-p-k-no-nu/Homens+gostosos+fotos.jpg
142.250.74.161200 OK 3.1 kB URL HTTP/1.1 2.bp.blogspot.com/_HmtxTVm6GPM/SU-oPDa0kyI/AAAAAAAADVo/T828hFTctKA/w72-h72-p-k-no-nu/Homens+gostosos+fotos.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 61542d304d342dd63033f124c736aa36
094d6efc012c7925a3ab47066e91b4079fd8f0b1
0358a4064c1fa4361379402549b9cdff5cb1b1659c55af6ffbc293faae84c633
GET /_HmtxTVm6GPM/SU-oPDa0kyI/AAAAAAAADVo/T828hFTctKA/w72-h72-p-k-no-nu/Homens+gostosos+fotos.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "vd5a"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Homens gostosos fotos.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 3089
X-XSS-Protection: 0
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 0cdea572-aab4-4d52-948b-976170a787a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uLHQZoAMF4hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1327-7948052f39c4f6071b4a0e0d;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vhtd0Bo5kTQySEn0vD_RJin0usoC7GQvK74fhVtrtZNEy64_vrWQNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:46 GMT
age: 40131
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ee57dec2ce4dd3816b409e9f2c22b61c
c8e98ed47c5a5389abc9bb1b4c9e4ad5b90fb1c9
fde487451b2172e311ad0e41c90d2efa310e27b622cb5193ba2b2c84c8903c8b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FDE487451B2172E311AD0E41C90D2EFA310E27B622CB5193BA2B2C84C8903C8B"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6617
Expires: Mon, 05 Dec 2022 10:44:54 GMT
Date: Mon, 05 Dec 2022 08:54:37 GMT
Connection: keep-alive
1.bp.blogspot.com/-Ip3BiSUukfk/Tise6gJCYkI/AAAAAAAAAUg/KoCPP_q-h1I/s1600/Background.png
142.250.74.161200 OK 3.1 kB URL HTTP/1.1 1.bp.blogspot.com/-Ip3BiSUukfk/Tise6gJCYkI/AAAAAAAAAUg/KoCPP_q-h1I/s1600/Background.png
IP 142.250.74.161:0
File type PNG image data, 32 x 500, 8-bit/color RGB, non-interlaced\012- data
Hash d6a154e50b5922d1f6e4bf1202953700
d31ebf9277569e500fc1adc77448b77c4eafb190
88f171e1e3474f426119159dfc023e38cf94b4b3f2b07f38cd999a291c9f51eb
GET /-Ip3BiSUukfk/Tise6gJCYkI/AAAAAAAAAUg/KoCPP_q-h1I/s1600/Background.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v148"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Background.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 3075
X-XSS-Protection: 0
cleverjump.org/counter.js
217.23.10.44200 OK 5.6 kB URL HTTP/1.1 cleverjump.org/counter.js
IP 217.23.10.44:0
ASN #49981 WorldStream B.V.
File type ASCII text, with CRLF line terminators
Hash 83126dc4af783a2179ab362a5bbec530
b1fe91477d92ab09066f28ddda5b31a4bf0f1689
cb1ef4607e93916a5dd30beae4617069924cb5f10edb65d8f93468c3fbdc1dc4
GET /counter.js HTTP/1.1
Host: cleverjump.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Mon, 05 Dec 2022 08:54:37 GMT
Content-Type: application/javascript
Content-Length: 5571
Last-Modified: Wed, 20 Jan 2021 12:50:32 GMT
Connection: keep-alive
ETag: "60082718-15c3"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
2.bp.blogspot.com/-0kPuUDPY8yI/TisfG5X4G7I/AAAAAAAAAU0/om6iYQcpVfE/s1600/barra+de+cima.png
142.250.74.161200 OK 452 B URL HTTP/1.1 2.bp.blogspot.com/-0kPuUDPY8yI/TisfG5X4G7I/AAAAAAAAAU0/om6iYQcpVfE/s1600/barra+de+cima.png
IP 142.250.74.161:0
File type PNG image data, 960 x 36, 8-bit/color RGBA, non-interlaced\012- data
Hash c7bc5e11911ad47364d52fd28c64b067
2e3d22c02530e2d0626a6690730bbe36d23029e7
deb011df74db0a5b99bdb42978485b9a42e3a53ca3f44df0cc9dd0d297fe3435
GET /-0kPuUDPY8yI/TisfG5X4G7I/AAAAAAAAAU0/om6iYQcpVfE/s1600/barra+de+cima.png HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v14d"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="barra de cima.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 452
X-XSS-Protection: 0
fonts.gstatic.com/s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
142.250.74.163200 OK 20 kB URL HTTP/1.1 fonts.gstatic.com/s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 19860, version 1.0\012- data
Hash a95e391373ad634c3b7dbaf77de3f40e
ddc4638bc28c21a400fcd2df94448743f198a257
fa3d5a0422c9b413abb4c78f8ff80de8a8ed58766f7110c82febf5296e899b47
GET /s/playfairdisplay/v30/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ocionometro.blogspot.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 19860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 29 Nov 2022 14:44:43 GMT
Expires: Wed, 29 Nov 2023 14:44:43 GMT
Cache-Control: public, max-age=31536000
Age: 497394
Last-Modified: Mon, 18 Jul 2022 19:06:33 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/shadowsintolight/v15/UqyNK9UOIntux_czAvDQx_ZcHqZXBNQzdcD5.woff2
142.250.74.163200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/shadowsintolight/v15/UqyNK9UOIntux_czAvDQx_ZcHqZXBNQzdcD5.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 16296, version 1.0\012- data
Hash ab4a2c11e0a08a8b4fa7846c2adcc173
86304ab63791be3a22e5eb673245bca6351774a2
2498c027559c4ae9a920e18e30031193148983e7ea195416d62c5d0ea2eaa3ac
GET /s/shadowsintolight/v15/UqyNK9UOIntux_czAvDQx_ZcHqZXBNQzdcD5.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ocionometro.blogspot.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 16296
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 01 Dec 2022 14:08:56 GMT
Expires: Fri, 01 Dec 2023 14:08:56 GMT
Cache-Control: public, max-age=31536000
Age: 326741
Last-Modified: Wed, 27 Apr 2022 15:55:58 GMT
Content-Type: font/woff2
1.bp.blogspot.com/-HWvxhKOSLjs/Thda3CiMqlI/AAAAAAAAB_w/99fdZWrEBSk/s000/facebook.png
142.250.74.161200 OK 1.2 kB URL HTTP/1.1 1.bp.blogspot.com/-HWvxhKOSLjs/Thda3CiMqlI/AAAAAAAAB_w/99fdZWrEBSk/s000/facebook.png
IP 142.250.74.161:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash df6f71bbde40ec7ba578ffe6b2700b3a
f1784c3cf61dff868bfe28b5b9b6c94b0ce74a20
f061b00e6cb2661c79bdebb1cf33b8c4c063a32d3ecd358bc6e19c36502760ab
GET /-HWvxhKOSLjs/Thda3CiMqlI/AAAAAAAAB_w/99fdZWrEBSk/s000/facebook.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v7fc"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="facebook.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 1153
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5670c32d73c3d5771a2d9396774a7eb9
3fb62916ff54f22a011e11730ba87fea48e5d239
062531ed89864b713048421c9639d4a6249e92f33ef4177206f1deb5d85a8757
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
4.bp.blogspot.com/-W3LKYxSqmAk/Thda2wH5KzI/AAAAAAAAB_s/fGMXLFCazsI/s000/twitter.png
142.250.74.161200 OK 1.2 kB URL HTTP/1.1 4.bp.blogspot.com/-W3LKYxSqmAk/Thda2wH5KzI/AAAAAAAAB_s/fGMXLFCazsI/s000/twitter.png
IP 142.250.74.161:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash bb2e1028db52ab3ea27d6b208e553966
bab86921a09a80fbd256d0ac81b913c1f5e00088
89a5a44ecf6d76334bc04d7d19c4acff382d2d094a97d84eca0fd2c6bec23d9d
GET /-W3LKYxSqmAk/Thda2wH5KzI/AAAAAAAAB_s/fGMXLFCazsI/s000/twitter.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v7fb"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="twitter.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 1183
X-XSS-Protection: 0
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_with_ama_fy2021.js?client=pub-9412315152295430&plah=ocionometro.blogspot.com
216.58.207.226200 OK 119 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211150101/show_ads_impl_with_ama_fy2021.js?client=pub-9412315152295430&plah=ocionometro.blogspot.com
IP 216.58.207.226:0
File type ASCII text, with very long lines (6148)
Size 119 kB (119174 bytes)
Hash a42e964aca4a0e09249df557c73b94f8
464970d4ba1a9691aed5a56d2ee2c6927b33add0
d834466789b3cfc4504c0651e46913cc875554a420c88ae4efd7a83fbee86327
GET /pagead/managed/js/adsense/m202211150101/show_ads_impl_with_ama_fy2021.js?client=pub-9412315152295430&plah=ocionometro.blogspot.com HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 05 Dec 2022 08:54:37 GMT
expires: Mon, 05 Dec 2022 08:54:37 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 906544984421775577
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 119174
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
2.bp.blogspot.com/_uftQ_FJxp0k/TBgRFqIFgvI/AAAAAAAAAi8/8NB72q8qfW0/s640/hg.jpg
142.250.74.161200 OK 86 kB URL HTTP/1.1 2.bp.blogspot.com/_uftQ_FJxp0k/TBgRFqIFgvI/AAAAAAAAAi8/8NB72q8qfW0/s640/hg.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 587x640, components 3\012- data
Hash 121ae30ba270dcb32f7cc878d795061c
543e376713fef991bf32aecaa3badcba85c6b1ba
5fdccbd2808caf5ad4b325f4b5b18031799621198d424622db63d3802822192c
GET /_uftQ_FJxp0k/TBgRFqIFgvI/AAAAAAAAAi8/8NB72q8qfW0/s640/hg.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v22f"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="hg.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 85539
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5670c32d73c3d5771a2d9396774a7eb9
3fb62916ff54f22a011e11730ba87fea48e5d239
062531ed89864b713048421c9639d4a6249e92f33ef4177206f1deb5d85a8757
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1.bp.blogspot.com/-OcKzPao4LxY/Thda2HPazdI/AAAAAAAAB_k/piDTr_8z8l0/s000/search.png
142.250.74.161200 OK 1.2 kB URL HTTP/1.1 1.bp.blogspot.com/-OcKzPao4LxY/Thda2HPazdI/AAAAAAAAB_k/piDTr_8z8l0/s000/search.png
IP 142.250.74.161:0
File type PNG image data, 174 x 23, 8-bit/color RGBA, non-interlaced\012- data
Hash df9536b427418a4ffa21182f328e331e
95039111c9ac8a6756f670f5a05048a8946b6282
6df83bd679df0f8362f891a69164f31524500901554ad576e4dfc462ce7ff9d8
GET /-OcKzPao4LxY/Thda2HPazdI/AAAAAAAAB_k/piDTr_8z8l0/s000/search.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v7f9"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="search.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 1228
X-XSS-Protection: 0
3.bp.blogspot.com/-RWfs7_shynA/TisfI30RpDI/AAAAAAAAAVE/JUgg4BBa0F8/s1600/Menu.png
142.250.74.161200 OK 762 B URL HTTP/1.1 3.bp.blogspot.com/-RWfs7_shynA/TisfI30RpDI/AAAAAAAAAVE/JUgg4BBa0F8/s1600/Menu.png
IP 142.250.74.161:0
File type PNG image data, 960 x 49, 8-bit/color RGBA, non-interlaced\012- data
Hash 6ee337c879153d9f1eac6d76d79a8e5a
33f223457a5a7e94d2df7460cd294c0c6fb01a85
c7c7fd453b86a23f90f5c0a3e04680ca016d24611e463c17f49ded1ffefea79b
GET /-RWfs7_shynA/TisfI30RpDI/AAAAAAAAAVE/JUgg4BBa0F8/s1600/Menu.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v151"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Menu.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 762
X-XSS-Protection: 0
2.bp.blogspot.com/-XIL8s4X02jo/TiseeXTbzpI/AAAAAAAAAUc/wY8KMLxxraw/s1600/Tracinho+vermelho.png
142.250.74.161200 OK 251 B URL HTTP/1.1 2.bp.blogspot.com/-XIL8s4X02jo/TiseeXTbzpI/AAAAAAAAAUc/wY8KMLxxraw/s1600/Tracinho+vermelho.png
IP 142.250.74.161:0
File type PNG image data, 960 x 5, 8-bit/color RGBA, non-interlaced\012- data
Hash 389a9260af737d78d0bd55077d0aaccc
42ced04cd189af4decbc5a79dd9cee46a18f60ca
ebd744c5835db6b5033059cb048e8d67486a430aae209fd80eb927a441588d58
GET /-XIL8s4X02jo/TiseeXTbzpI/AAAAAAAAAUc/wY8KMLxxraw/s1600/Tracinho+vermelho.png HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v147"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Tracinho vermelho.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 251
X-XSS-Protection: 0
2.bp.blogspot.com/-_IPX_IZLFIs/Thda1RXmoaI/AAAAAAAAB_c/LrnvVKMW5NY/s000/1276330011_tags.png
142.250.74.161200 OK 769 B URL HTTP/1.1 2.bp.blogspot.com/-_IPX_IZLFIs/Thda1RXmoaI/AAAAAAAAB_c/LrnvVKMW5NY/s000/1276330011_tags.png
IP 142.250.74.161:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 7a5daed680d735388ad22035dc2dbd7d
c3b1f1494710e1eefeedd218e9d912e18f5ed78e
e6ced0fa54f257a9b98fa436566e088b35cdbf70916d6a70a9a0b5992aa7b0c4
GET /-_IPX_IZLFIs/Thda1RXmoaI/AAAAAAAAB_c/LrnvVKMW5NY/s000/1276330011_tags.png HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v7f7"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="1276330011_tags.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 769
X-XSS-Protection: 0
1.bp.blogspot.com/-TPHYgsmOir4/Thda0_Ty8EI/AAAAAAAAB_Q/g91MOOFxDfk/s000/1276328132_date.png
142.250.74.161200 OK 866 B URL HTTP/1.1 1.bp.blogspot.com/-TPHYgsmOir4/Thda0_Ty8EI/AAAAAAAAB_Q/g91MOOFxDfk/s000/1276328132_date.png
IP 142.250.74.161:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b78db23c35039f1e94b815d17ca36e17
6d8e343c7bc7495325fe162489a00ccddf8c9db1
c4f31f3f72f35a2b4cc27c001f3a7543133d4a61047c48e76eeadfd4527d7bc1
GET /-TPHYgsmOir4/Thda0_Ty8EI/AAAAAAAAB_Q/g91MOOFxDfk/s000/1276328132_date.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v7f4"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="1276328132_date.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 866
X-XSS-Protection: 0
ocionometro.blogspot.com/b/stats?style=WHITE_TRANSPARENT&timeRange=ALL_TIME&token=APq4FmDSTFRvWBIcivDbRWDZfGhj7UrKhhqzzJ7H0SGRAeKwITSXKSisW-zAcBVpfWHFg8NFJqdBye2ToyPZJ121VP3eFe_evA
172.217.21.161200 OK 247 B URL HTTP/1.1 ocionometro.blogspot.com/b/stats?style=WHITE_TRANSPARENT&timeRange=ALL_TIME&token=APq4FmDSTFRvWBIcivDbRWDZfGhj7UrKhhqzzJ7H0SGRAeKwITSXKSisW-zAcBVpfWHFg8NFJqdBye2ToyPZJ121VP3eFe_evA
IP 172.217.21.161:0
File type JSON data\012- , ASCII text, with very long lines (389), with no line terminators
Hash 4b007cfbdbde8a09293fe96fa6e54569
7af96908f3ead25e9fbe55504f1e82423a2ba3b1
d7f53803a306b9a18cc32ba2e4b873fd70e83cfd7293b3b31bcb079cdbd59b55
GET /b/stats?style=WHITE_TRANSPARENT&timeRange=ALL_TIME&token=APq4FmDSTFRvWBIcivDbRWDZfGhj7UrKhhqzzJ7H0SGRAeKwITSXKSisW-zAcBVpfWHFg8NFJqdBye2ToyPZJ121VP3eFe_evA HTTP/1.1
Host: ocionometro.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/2010/06/mudanca-de-sexo.html
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 05 Dec 2022 08:54:37 GMT
Expires: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 247
Server: GSE
1.bp.blogspot.com/-_e-zyK07nGo/Thda1NofMII/AAAAAAAAB_U/RR0Dna0JSnA/s000/aaa.png
142.250.74.161200 OK 430 B URL HTTP/1.1 1.bp.blogspot.com/-_e-zyK07nGo/Thda1NofMII/AAAAAAAAB_U/RR0Dna0JSnA/s000/aaa.png
IP 142.250.74.161:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 4a8dff410b988cf74426c0bd7b01f77b
07be357b74a2639421c47297a498b70ec70cd84a
6645b7c567eda3a6979a97e1571c1d3e3830fea89fa1cbf1d0858c514dfc31c2
GET /-_e-zyK07nGo/Thda1NofMII/AAAAAAAAB_U/RR0Dna0JSnA/s000/aaa.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v7f5"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="aaa.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 430
X-XSS-Protection: 0
cleverjump.org/hit?z0;s1280*1024*24;fzV65EHirjjXasiHvvxr0RfpH027zF7;cshb2;r;uhttp%3A%2F%2Focionometro.blogspot.com%2F2010%2F06%2Fmudanca-de-sexo.html;hMudan%C3%A7a%20de%20sexo%3F%20%7C%20.;0.9981940402324975
217.23.10.44200 OK 0 B URL HTTP/1.1 cleverjump.org/hit?z0;s1280*1024*24;fzV65EHirjjXasiHvvxr0RfpH027zF7;cshb2;r;uhttp%3A%2F%2Focionometro.blogspot.com%2F2010%2F06%2Fmudanca-de-sexo.html;hMudan%C3%A7a%20de%20sexo%3F%20%7C%20.;0.9981940402324975
IP 217.23.10.44:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hit?z0;s1280*1024*24;fzV65EHirjjXasiHvvxr0RfpH027zF7;cshb2;r;uhttp%3A%2F%2Focionometro.blogspot.com%2F2010%2F06%2Fmudanca-de-sexo.html;hMudan%C3%A7a%20de%20sexo%3F%20%7C%20.;0.9981940402324975 HTTP/1.1
Host: cleverjump.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Mon, 05 Dec 2022 08:54:37 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
P3P: CP=CleverJump
Set-Cookie: _cjuh=Dh5WdzZedWf7sQqjBzs7OGtIU4L7YM; expires=Tue, 05-Dec-2023 08:54:37 GMT; Max-Age=31536000; path=/hit; httponly; SameSite=None; Secure
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9d69ff04990cf145fb9c990ef594df3c
620b60961007c43da93fd24ff8bfade06943b926
aa36a39ff7e1724a518c35f6dcd1e9a8ff0526b9a57aecc097cfb7e38cdab728
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dl.dropbox.com/u/1944060/cd.js
162.125.71.15404 Not Found 4.2 kB URL HTTP/2 dl.dropbox.com/u/1944060/cd.js
IP 162.125.71.15:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (23665)
Hash f897700409fd949b941309bead7a1b19
a6ae129d45c1e6ddf8d9e13313b1c397f38bd68b
e14a578dd2c6e9401f219764ab9647febd521bc497c84a019747bfceb9699b62
GET /u/1944060/cd.js HTTP/1.1
Host: dl.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ocionometro.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
date: Mon, 05 Dec 2022 08:54:36 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: remote
x-dropbox-request-id: 3a38cfae51ee4e718826a5a90a954623
X-Firefox-Spdy: h2
4.bp.blogspot.com/-9A1gEsepZvQ/TisfLXMEoAI/AAAAAAAAAVc/itE8C3g78T4/s1600/Sidebar.jpg
142.250.74.161200 OK 11 kB URL HTTP/1.1 4.bp.blogspot.com/-9A1gEsepZvQ/TisfLXMEoAI/AAAAAAAAAVc/itE8C3g78T4/s1600/Sidebar.jpg
IP 142.250.74.161:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], baseline, precision 8, 317x42, components 3\012- data
Hash 16179d1061e4189c13da40d79e99fd92
e3fe09eeaed1ec83e9f8344ebd7a06bd2e132193
7360b9e21d81b5c99da7b77854165010a53b702b5c511ea9ead6cef202565c12
GET /-9A1gEsepZvQ/TisfLXMEoAI/AAAAAAAAAVc/itE8C3g78T4/s1600/Sidebar.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v157"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Sidebar.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 11224
X-XSS-Protection: 0
4.bp.blogspot.com/-6uW4Z-YH2zQ/TisfHECmd_I/AAAAAAAAAU4/MqPDeLJsXrE/s1600/Footer.png
142.250.74.161200 OK 448 B URL HTTP/1.1 4.bp.blogspot.com/-6uW4Z-YH2zQ/TisfHECmd_I/AAAAAAAAAU4/MqPDeLJsXrE/s1600/Footer.png
IP 142.250.74.161:0
File type PNG image data, 960 x 8, 8-bit/color RGBA, non-interlaced\012- data
Hash a07099c974e6f873399ea8a4bea2d3fc
2af9dd5d86b18e9e3933721d02d795acc3fc0c36
345e4b83e0ed697d52c55bca990bca9705b437137a80844e29bdac6e3721eb15
GET /-6uW4Z-YH2zQ/TisfHECmd_I/AAAAAAAAAU4/MqPDeLJsXrE/s1600/Footer.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v14e"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Footer.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 448
X-XSS-Protection: 0
accounts.google.com/ServiceLogin?passive=true&continue=http://draft.blogger.com/followers.g?blogID%3D82753832166054357%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D7756024933865535676%26origin%3Dhttp://ocionometro.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&followup=http://draft.blogger.com/followers.g?blogID%3D82753832166054357%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D7756024933865535676%26origin%3Dhttp://ocionometro.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&go=true
142.250.74.109302 Found 488 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=http://draft.blogger.com/followers.g?blogID%3D82753832166054357%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D7756024933865535676%26origin%3Dhttp://ocionometro.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&followup=http://draft.blogger.com/followers.g?blogID%3D82753832166054357%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D7756024933865535676%26origin%3Dhttp://ocionometro.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&go=true
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (533)
Hash 07f18f997ccdf054e73f6be33e92065b
239398845eb30793129354fdce53535cab55e2fe
011e72f943cfa1550d62d056ead55b0eabbf5ffc774c8ba629044c549b14d5fa
GET /ServiceLogin?passive=true&continue=http://draft.blogger.com/followers.g?blogID%3D82753832166054357%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D7756024933865535676%26origin%3Dhttp://ocionometro.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&followup=http://draft.blogger.com/followers.g?blogID%3D82753832166054357%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D7756024933865535676%26origin%3Dhttp://ocionometro.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&go=true HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ocionometro.blogspot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Dec 2022 08:54:37 GMT
location: http://draft.blogger.com/followers.g?blogID=82753832166054357&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50&pageSize=21&postID=7756024933865535676&origin=http%3A%2F%2Focionometro.blogspot.com%2F&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__&bpli=1
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Qp267p8aJN5unsAjn8faXA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 488
server: GSE
set-cookie: __Host-GAPS=1:V7VBt9bC3cNetgVb7glz1d7hYkKSvg:bb2w5QljoCQNNMvo;Path=/;Expires=Wed, 04-Dec-2024 08:54:37 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dicasdownload.net/imagen-template-blogger/ucc.js
190.2.139.23200 OK 7.1 kB URL HTTP/1.1 dicasdownload.net/imagen-template-blogger/ucc.js
IP 190.2.139.23:0
ASN #49981 WorldStream B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (16952)
Hash 6e97622ba9bbf2a6d02e6bf5751ae7da
3e6fd0830f1df07c0c57309dc74a0d44c5689787
19905af2b08e666a7be669d08978fa4c134f33b401a30a507afe8c3517b2c9df
Analyzer Verdict Alert fortinet Malware
GET /imagen-template-blogger/ucc.js HTTP/1.1
Host: dicasdownload.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 05 Dec 2022 08:54:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
X-Powered-By: PHP/7.2.34
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 181b661534dc3f6bbe887293452f685b
bf4e024b51870992b7b41ee50e570bebf4705bfb
4d7472e9a604e69e65040a318534883d14275d6ef7e19c6eb42a8a25099d8eeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 917d281ca22c901597795b51fd9df338
be0e026d76f26092edfc1f67ea98ddc4a539439a
5f47f5ac32d4c80f29c4a69a830ec9427dd0055fc57973f01f73ec22503cd30c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8ead0ac4ce19cef2471bae0458759d89
af02fd3fcd2e10cfa2458407c0c2e59a43e18517
507b93c64bab73e393cf8d8131415ef4d4b01e65e0f2ab73597715197845e75e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=ocionometro.blogspot.com&callback=_gfp_s_&client=ca-pub-9412315152295430&gpid_exp=1
216.58.207.194200 OK 253 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=ocionometro.blogspot.com&callback=_gfp_s_&client=ca-pub-9412315152295430&gpid_exp=1
IP 216.58.207.194:0
File type ASCII text, with very long lines (391), with no line terminators
Hash bc50d82faf9bda1c8ea4706ae569bc04
b9f1b61adcb9f4b1785e5da0d6a99085d473e2fe
79e351fb8ae7929ee4436416449c2f0c8ae9d8184a4898f52bb51a30b9ec9cd0
GET /gampad/cookie.js?domain=ocionometro.blogspot.com&callback=_gfp_s_&client=ca-pub-9412315152295430&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 05 Dec 2022 08:54:37 GMT
server: cafe
cache-control: private
content-length: 253
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=ocionometro.blogspot.com
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=ocionometro.blogspot.com
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=ocionometro.blogspot.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 05 Dec 2022 08:54:37 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=ocionometro.blogspot.com
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=ocionometro.blogspot.com
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=ocionometro.blogspot.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 05 Dec 2022 08:54:37 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 181b661534dc3f6bbe887293452f685b
bf4e024b51870992b7b41ee50e570bebf4705bfb
4d7472e9a604e69e65040a318534883d14275d6ef7e19c6eb42a8a25099d8eeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 917d281ca22c901597795b51fd9df338
be0e026d76f26092edfc1f67ea98ddc4a539439a
5f47f5ac32d4c80f29c4a69a830ec9427dd0055fc57973f01f73ec22503cd30c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
draft.blogger.com/followers.g?blogID=82753832166054357&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50&pageSize=21&postID=7756024933865535676&origin=http%3A%2F%2Focionometro.blogspot.com%2F&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__&bpli=1
142.250.74.41302 Moved Temporarily 476 B URL HTTP/1.1 draft.blogger.com/followers.g?blogID=82753832166054357&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50&pageSize=21&postID=7756024933865535676&origin=http%3A%2F%2Focionometro.blogspot.com%2F&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__&bpli=1
IP 142.250.74.41:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (506)
Hash 78b3fbed6476d2717d479644e419ab7b
0a361857c39cc0e8f5b07488056bba86d7a6a66d
3fe8838ea2c8be59e6b3157dffb7e12e5e6a715b593ca53f464f126629440cf7
GET /followers.g?blogID=82753832166054357&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50&pageSize=21&postID=7756024933865535676&origin=http%3A%2F%2Focionometro.blogspot.com%2F&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__&bpli=1 HTTP/1.1
Host: draft.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ocionometro.blogspot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: https://draft.blogger.com/followers.g?blogID=82753832166054357&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByMzMzMzMzMiByM4RjMxMTAqByNGRkZGRkYyByMwMDAwMDA6ByMzMzMzMzNCByM4RjMxMTBKByNmZmZmZmZSByM4RjMxMTBaC3RyYW5zcGFyZW50&pageSize=21&postID=7756024933865535676&origin=http://ocionometro.blogspot.com/&usegapi=1&jsh=m;/_/scs/abc-static/_/js/k%3Dgapi.lb.en.geaHZXF2-fw.O/d%3D1/rs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%3D__features__&bpli=1
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 05 Dec 2022 08:54:37 GMT
Expires: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 476
Server: GSE
cleverjump.org/hit/get-uid.php
217.23.10.44200 OK 30 B URL HTTP/1.1 cleverjump.org/hit/get-uid.php
IP 217.23.10.44:0
ASN #49981 WorldStream B.V.
File type ASCII text, with no line terminators
Hash ea9030f602ea856974b3059e51382459
d598c1ca7ff11b850eec667ca9327da997ce05d1
e2f672c5e9409db8cca1700b1dc1dbc76c7474ea98af7b2eba13c9959292d35d
Analyzer Verdict Alert fortinet Malware
GET /hit/get-uid.php HTTP/1.1
Host: cleverjump.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ocionometro.blogspot.com
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Cookie: _cjuh=Dh5WdzZedWf7sQqjBzs7OGtIU4L7YM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Mon, 05 Dec 2022 08:54:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
Access-Control-Allow-Origin: http://ocionometro.blogspot.com
Access-Control-Allow-Credentials: true
dl.dropbox.com/u/1944599/page.nav123.js
162.125.71.15404 Not Found 4.3 kB URL HTTP/2 dl.dropbox.com/u/1944599/page.nav123.js
IP 162.125.71.15:0
Hash 9ee045d1913a5586d44ffd6502f99f1d
d16198eab0d16a71c931393aa7c15b574a9c390d
193140e5667da45df2bf93a19c608d792d4159123d92924e19df7898cdae1a75
GET /u/1944599/page.nav123.js HTTP/1.1
Host: dl.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ocionometro.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
date: Mon, 05 Dec 2022 08:54:37 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: remote
x-dropbox-request-id: d97b44f654a5441c9d8263e38890f1fa
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7889b2bc6f932635fcaa5092a121abfd
cc1ed134e94daf140a77f71b8da33fefd495595e
c948939c415ef40a400e2be440171a10f55c821003fc4f5b67a2de73e00b5688
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7889b2bc6f932635fcaa5092a121abfd
cc1ed134e94daf140a77f71b8da33fefd495595e
c948939c415ef40a400e2be440171a10f55c821003fc4f5b67a2de73e00b5688
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js
216.58.211.1200 OK 7.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js
IP 216.58.211.1:0
File type ASCII text, with very long lines (1540)
Hash d22e40b1bc4f1b0f1727b96a0f32f7dd
57030c5040f0013120cca1e77fe38af35d4610e0
6f6d3797f9b19ffcd2f416a7566a58cf70fd4fb0ab17dec03fa5b690c6939494
GET /pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 7458
x-xss-protection: 0
date: Mon, 05 Dec 2022 05:12:02 GMT
expires: Mon, 19 Dec 2022 05:12:02 GMT
cache-control: public, max-age=1209600
age: 13355
etag: 16870613375306414947
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js
216.58.211.1200 OK 1.2 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js
IP 216.58.211.1:0
File type ASCII text, with very long lines (1054)
Hash 169edf919beed1ee17c8a752ef12132e
b7fbae15ed7789984ee59618845b914aae37bf3e
2bcf9aebfd80a2558d54f39de59542c3df52610616fb2e4380d9f3d976cc13fc
GET /pagead/js/r20221110/r20110914/client/window_focus_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1236
x-xss-protection: 0
date: Mon, 05 Dec 2022 05:12:16 GMT
expires: Mon, 19 Dec 2022 05:12:16 GMT
cache-control: public, max-age=1209600
age: 13341
etag: 15004572836499977866
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
216.58.211.2200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 216.58.211.2:0
File type ASCII text, with very long lines (3505)
Hash ca57a2dee741fcb5c26204d54254d941
8c9ad16e50db0a268ecdd55a4bdcbb43d320a96b
0bd2d4c3f5c52381fa0a7ce37bc60fcc9f94e4ffbf643c94559f9ad2fa1c646a
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 48508
date: Mon, 05 Dec 2022 08:54:37 GMT
expires: Mon, 05 Dec 2022 08:54:37 GMT
cache-control: private, max-age=3000
etag: "1669811598765935"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 594e945d8b9dc0bdeb0d0d642ed003d6
646720b2f827af5fab8070a628576ae43a01ad09
d06a89242923ccf43740a1149dee517153483b05449aa0402c45bfd126a17048
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5080
Cache-Control: max-age=143002
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:37 GMT
Etag: "638d298f-139"
Expires: Wed, 07 Dec 2022 00:37:59 GMT
Last-Modified: Sun, 04 Dec 2022 23:13:19 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e388f1ab4ec88104f57cf23944ee684
39178c45ed645709cc388d5790b1b58a3272a62f
e33b88f6f77d90b65a8fed943a45623e51f1efbdae401a1652f24be68408dba0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 951899738210b4e73e821fe5c4a4c55f
b0b369c38a8431c1688152bb1fc56d80de1f5a37
43a0bfab009cbba919c151e02143651adc3c81ce1ae7bd3a49a6eced6d456f2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 951899738210b4e73e821fe5c4a4c55f
b0b369c38a8431c1688152bb1fc56d80de1f5a37
43a0bfab009cbba919c151e02143651adc3c81ce1ae7bd3a49a6eced6d456f2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 2a6ecfc91fa59f0a40496b027183fb51
776f7453f5d2635db03ff8917b5bd21fa77891a1
2beb8a209b1b547c1feab1dd40a50b60b7c1ba7b2e223263f5732f18aeb031f5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5055
Cache-Control: max-age=171762
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Etag: "638d9a01-13a"
Expires: Wed, 07 Dec 2022 08:37:20 GMT
Last-Modified: Mon, 05 Dec 2022 07:13:05 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314
www.google.com/s2/photos/public/AIbEiAIAAABDCLzh0cOdpfqmLiILdmNhcmRfcGhvdG8qKDQwNzQ3YmNhYzBmNDBhNWI4NzQyOTU1MTYzZjc4MDdhMWYwNmViMGMwAUcnotAp3zfTJifRBoInn2PXT3Zu
216.58.211.4302 Found 0 B URL HTTP/2 www.google.com/s2/photos/public/AIbEiAIAAABDCLzh0cOdpfqmLiILdmNhcmRfcGhvdG8qKDQwNzQ3YmNhYzBmNDBhNWI4NzQyOTU1MTYzZjc4MDdhMWYwNmViMGMwAUcnotAp3zfTJifRBoInn2PXT3Zu
IP 216.58.211.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s2/photos/public/AIbEiAIAAABDCLzh0cOdpfqmLiILdmNhcmRfcGhvdG8qKDQwNzQ3YmNhYzBmNDBhNWI4NzQyOTU1MTYzZjc4MDdhMWYwNmViMGMwAUcnotAp3zfTJifRBoInn2PXT3Zu HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: application/binary
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Dec 2022 08:54:38 GMT
location: https://lh3.googleusercontent.com/a-/AD5-WCmq3sbyXC6npeuFB-AfDay989p6bkEbUGak2NS5FGY=s96-p
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: script-src 'nonce-1pPeQZlKPaB0ny_uEynCgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /s2/_/SocialGraphPhotosSouffle/cspreport/allowlist, require-trusted-types-for 'script';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=lsYPp16zHSfsMY0wJ349zFiVmRqVOA92WYB7oETc-50ACjazpCfRpNNfkVW16LbRI1p2gRtlMFk7CAGFkA6cCRPd2ieWOlEnzTLw7-i8OUkv3iLtkRX6x0Ib46N-4i53Sdf6aaDnlD0r_3oGPtl-BA2VYGjk5lezGklL3axY2g8; expires=Tue, 06-Jun-2023 08:54:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e388f1ab4ec88104f57cf23944ee684
39178c45ed645709cc388d5790b1b58a3272a62f
e33b88f6f77d90b65a8fed943a45623e51f1efbdae401a1652f24be68408dba0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/s2/photos/public/AIbEiAIAAABECMrLlIaBzoSY3QEiC3ZjYXJkX3Bob3RvKihmYzU4MDNiYTg0M2MxZmQ0NDFmZWY3YjQ1MDU3ZWUwNDA2M2I0MDZmMAECLOA-6obXoqeZyemXS6nLa5sTjg
216.58.211.4302 Found 0 B URL HTTP/2 www.google.com/s2/photos/public/AIbEiAIAAABECMrLlIaBzoSY3QEiC3ZjYXJkX3Bob3RvKihmYzU4MDNiYTg0M2MxZmQ0NDFmZWY3YjQ1MDU3ZWUwNDA2M2I0MDZmMAECLOA-6obXoqeZyemXS6nLa5sTjg
IP 216.58.211.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s2/photos/public/AIbEiAIAAABECMrLlIaBzoSY3QEiC3ZjYXJkX3Bob3RvKihmYzU4MDNiYTg0M2MxZmQ0NDFmZWY3YjQ1MDU3ZWUwNDA2M2I0MDZmMAECLOA-6obXoqeZyemXS6nLa5sTjg HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: application/binary
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Dec 2022 08:54:38 GMT
location: https://lh3.googleusercontent.com/a-/AD5-WCnmdaHGiiqvKEcNYFZs7XQLLOKjgvQjmMEVDfSZ=s96-p
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-eOFeRXEke4NIrhSPxM5T7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /s2/_/SocialGraphPhotosSouffle/cspreport/allowlist, require-trusted-types-for 'script';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=QUcc9xJzVzvut4cHkTEvHUc69rH4gbk0N0aTEGevkw_XZ107bsk2-pa-XvkFY6xIHu3s8cvFiYt1b9fopphSS8jDufMlOXW1ax5NNaTIbVD2xXxMTLtiS9I1jZ3MBGp1Oh4FfvHiHdwVFsPTl_Qnw6E7MrCU10CBuYHx-VUjwCg; expires=Tue, 06-Jun-2023 08:54:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/s2/photos/public/AIbEiAIAAABECKXs4rHM2ueJtgEiC3ZjYXJkX3Bob3RvKihlNTgxMzAzODI1ZDk2N2NiOTdiOTBhZGYyODFkZGQ0ZjUzNDVmNzhhMAGdf-fZ9B-63-xZqC4tf_4-U-0TgA
216.58.211.4302 Found 0 B URL HTTP/2 www.google.com/s2/photos/public/AIbEiAIAAABECKXs4rHM2ueJtgEiC3ZjYXJkX3Bob3RvKihlNTgxMzAzODI1ZDk2N2NiOTdiOTBhZGYyODFkZGQ0ZjUzNDVmNzhhMAGdf-fZ9B-63-xZqC4tf_4-U-0TgA
IP 216.58.211.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s2/photos/public/AIbEiAIAAABECKXs4rHM2ueJtgEiC3ZjYXJkX3Bob3RvKihlNTgxMzAzODI1ZDk2N2NiOTdiOTBhZGYyODFkZGQ0ZjUzNDVmNzhhMAGdf-fZ9B-63-xZqC4tf_4-U-0TgA HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: application/binary
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Dec 2022 08:54:38 GMT
location: https://lh3.googleusercontent.com/a-/AD5-WCkOFhWzCW2Ofkm4DmYGcT0ytn_4jxc5WHh0nomYZA=s96-p
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: script-src 'nonce-C2bRUjhQUuJxcWc14ivygA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /s2/_/SocialGraphPhotosSouffle/cspreport/allowlist, require-trusted-types-for 'script';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=fBaIJFCg1Al2Yevi0ja4iyNoV4XMUK5VkCQ1bFb04pjD3gGM6bNUFdA-KAKHRS_6pZb14pBRM4G3OUbOrMeF_5ioQmTrdwxtyJNlrAW8aimZQdLqLZv6fgxQKdzQqBJ2cu0k42xLA8XGjYnP8c2KZ7cPmVLM0QR-2Qmrh00g4Wg; expires=Tue, 06-Jun-2023 08:54:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kPjTDrOzWaAB2ASdg2ICAgAAAJE1-v2czlJiEM2xjWMb1n94bYm-E5MfPgASAAA&wp=Y42xzQAKU8gCHkkxAA4knXTXmtPjz_vYYymNKg
178.250.0.129200 OK 0 B URL HTTP/2 rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kPjTDrOzWaAB2ASdg2ICAgAAAJE1-v2czlJiEM2xjWMb1n94bYm-E5MfPgASAAA&wp=Y42xzQAKU8gCHkkxAA4knXTXmtPjz_vYYymNKg
IP 178.250.0.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /google/auction/notify?profile=14&payload=kPjTDrOzWaAB2ASdg2ICAgAAAJE1-v2czlJiEM2xjWMb1n94bYm-E5MfPgASAAA&wp=Y42xzQAKU8gCHkkxAA4knXTXmtPjz_vYYymNKg HTTP/1.1
Host: rtb.fr.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server-processing-duration-in-ticks: 208230
date: Mon, 05 Dec 2022 08:54:37 GMT
server: Kestrel
content-length: 0
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.google.com/s2/photos/public/AIbEiAIAAABDCKCZjMLOxJCNKSILdmNhcmRfcGhvdG8qKDhiZjBiMDgyZmUzODU5Y2Q5N2VhZTQ1Nzc1ZmMxZjM5M2Y4NDIxNWUwATmqCImGeAR8IzWR2DNKgTbaD5Hv
216.58.211.4302 Found 0 B URL HTTP/2 www.google.com/s2/photos/public/AIbEiAIAAABDCKCZjMLOxJCNKSILdmNhcmRfcGhvdG8qKDhiZjBiMDgyZmUzODU5Y2Q5N2VhZTQ1Nzc1ZmMxZjM5M2Y4NDIxNWUwATmqCImGeAR8IzWR2DNKgTbaD5Hv
IP 216.58.211.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s2/photos/public/AIbEiAIAAABDCKCZjMLOxJCNKSILdmNhcmRfcGhvdG8qKDhiZjBiMDgyZmUzODU5Y2Q5N2VhZTQ1Nzc1ZmMxZjM5M2Y4NDIxNWUwATmqCImGeAR8IzWR2DNKgTbaD5Hv HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: application/binary
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Dec 2022 08:54:38 GMT
location: https://lh3.googleusercontent.com/a-/AD5-WCnnsw4Uh3jkBqycVygttQZYXZDUVVIC_ubRMK8aozk=s96-p
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport, script-src 'nonce--5AE4lfDU9BU4xLfUBhwxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /s2/_/SocialGraphPhotosSouffle/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=cLNSf9dDmKgtPnz2u4Ox4XbIMB9_zis2-S2oN4kFJJxx6MDqj5FL3fQ-lrpVIdU4nnIB4AwcYVM2TKU8_XKzB1e99GwSQle0Kkuu0-2ugS-nar9rWcLqpgaIy3bGV62j8HQhUvffMUTULkp3ygOEU2HFYXrm6CFuVOW_5iTAQBk; expires=Tue, 06-Jun-2023 08:54:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1245db08bc06bdc452fdb41b8e959f26
ba2fa041fbea0e124b6fd418724a46225fac0089
d591926f6495b722a0b545d292f16a342cba87889fd7d4f5ca448c3613760be6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6266
Cache-Control: max-age=134091
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Etag: "638d021f-116"
Expires: Tue, 06 Dec 2022 22:09:29 GMT
Last-Modified: Sun, 04 Dec 2022 20:25:03 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278
www.google.com/s2/photos/public/AIbEiAIAAABDCKmy0OesnPjTYSILdmNhcmRfcGhvdG8qKGI1ZDdjYzQ0ZGM0N2Q4OGFlYTdkNWUzMTNhZTAyNjc3MzNhYzI0MTQwAUhmfl5HzT1dq8jCaSq2C4hAH9Bz
216.58.211.4302 Found 0 B URL HTTP/2 www.google.com/s2/photos/public/AIbEiAIAAABDCKmy0OesnPjTYSILdmNhcmRfcGhvdG8qKGI1ZDdjYzQ0ZGM0N2Q4OGFlYTdkNWUzMTNhZTAyNjc3MzNhYzI0MTQwAUhmfl5HzT1dq8jCaSq2C4hAH9Bz
IP 216.58.211.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s2/photos/public/AIbEiAIAAABDCKmy0OesnPjTYSILdmNhcmRfcGhvdG8qKGI1ZDdjYzQ0ZGM0N2Q4OGFlYTdkNWUzMTNhZTAyNjc3MzNhYzI0MTQwAUhmfl5HzT1dq8jCaSq2C4hAH9Bz HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: application/binary
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Dec 2022 08:54:38 GMT
location: https://lh3.googleusercontent.com/a-/AD5-WCnm9AaOlaHe351SxkeDU6AntaVXEm0-HLBK8t52hg=s96-p
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: script-src 'nonce-Two-4ffbAeZ2MkosrHDbdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /s2/_/SocialGraphPhotosSouffle/cspreport/allowlist, require-trusted-types-for 'script';report-uri /s2/_/SocialGraphPhotosSouffle/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=UluQZ7YemCskdGD-S_Zj2CTK1C86Zz1KQwrqiMo3cR9naBATthaLrYraA4SmH9zRrT2mpui-3dp7IHKpCq5Ny7FgiSQ2LRDi3ftVU28Tp8vtpDFuP3UtsLcBj2k8GWOWXF_ckhC0KUSzGW7fPlCaUsvRyaGIvlPT3oCkiVwV470; expires=Tue, 06-Jun-2023 08:54:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
104.17.24.14200 OK 4.4 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (2171)
Hash 44c72b9bddfecacc9114e84d685dd085
38f3ff57b9b64a38fc2153eb30564b7fc1c86349
c82afd4f2d89288b4b79244f0c24264810b11326670710ac8e28e7bfc87c7991
GET /ajax/libs/webfont/1.6.28/webfontloader.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 4420
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04030-30d9"
last-modified: Mon, 04 May 2020 16:17:52 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 311190
expires: Sat, 25 Nov 2023 08:54:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kJboDL83AtaZtF9UX3y1JQqeVoL841p6QsQpJojW26QOMRfRnjw4vH7niYyx%2F3xk2jMApJs6oEo0AoPTF2%2FxdQz1g3DVPF14Uqp29DCIXFCyAS2spApQiFBQStGWMT%2Bng7HIlMSq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 774b8ee95bdcb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 7d6fc12b56a98cf23a1ffc768497aea2
9c4b8f5a3332d37a08a9cc0aaa73e13318fbadba
f793f10b9b4276c9b38dc2752938f50937208e94b7f9d76e180003e80d9d6700
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6012
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Last-Modified: Mon, 05 Dec 2022 07:14:26 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 7d6fc12b56a98cf23a1ffc768497aea2
9c4b8f5a3332d37a08a9cc0aaa73e13318fbadba
f793f10b9b4276c9b38dc2752938f50937208e94b7f9d76e180003e80d9d6700
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6012
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Last-Modified: Mon, 05 Dec 2022 07:14:26 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1245db08bc06bdc452fdb41b8e959f26
ba2fa041fbea0e124b6fd418724a46225fac0089
d591926f6495b722a0b545d292f16a342cba87889fd7d4f5ca448c3613760be6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5944
Cache-Control: max-age=133769
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Etag: "638d021f-116"
Expires: Tue, 06 Dec 2022 22:04:07 GMT
Last-Modified: Sun, 04 Dec 2022 20:25:03 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
static.criteo.net/design/dt/0c622d256dee425682575f30240ec196_gotham-black-regular.woff
178.250.2.130200 OK 26 kB URL HTTP/2 static.criteo.net/design/dt/0c622d256dee425682575f30240ec196_gotham-black-regular.woff
IP 178.250.2.130:0
File type Web Open Font Format, TrueType, length 26324, version 1.0\012- data
Hash 9acd111085f701eaf4fea7135f15ffa7
176a9dd986032b3647d1a40458db1db7d965f8bc
5a4a3459c15a5266e888bb12bbe9041b0f72aed89306411a5d5e69e7a1aa9f4d
GET /design/dt/0c622d256dee425682575f30240ec196_gotham-black-regular.woff HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: text/plain; charset=UTF-8
content-length: 26324
last-modified: Mon, 06 Jul 2020 12:19:39 GMT
etag: "5f0316db-66d4"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/design/dt/c05716d7ca7548d789c4d0b3d5042816_gotham-black-italic.woff
178.250.2.130200 OK 17 kB URL HTTP/2 static.criteo.net/design/dt/c05716d7ca7548d789c4d0b3d5042816_gotham-black-italic.woff
IP 178.250.2.130:0
File type Web Open Font Format, CFF, length 17120, version 1.0\012- data
Hash f683179206a26fcb9ef35c6d14f6f7c7
c6da815fa6502dd63eb2606efd112fdd1eb9e79e
a26a23639f1408dca8879503cd479d3f823b085b727437c9d66c33ca3f75c08f
GET /design/dt/c05716d7ca7548d789c4d0b3d5042816_gotham-black-italic.woff HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: text/plain; charset=UTF-8
content-length: 17120
last-modified: Mon, 06 Jul 2020 12:19:39 GMT
etag: "5f0316db-42e0"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/design/dt/4ef456fb9fb14ec5a2da96fe450c24b3_homepagebaukasten-bold.woff
178.250.2.130200 OK 20 kB URL HTTP/2 static.criteo.net/design/dt/4ef456fb9fb14ec5a2da96fe450c24b3_homepagebaukasten-bold.woff
IP 178.250.2.130:0
File type Web Open Font Format, CFF, length 19492, version 1.0\012- data
Hash fe16408343054418c53b45c76a1892f2
b2f898a889e2164ba7bb7d6676b5a294eb97817b
3b42d14795d22866ea7e9bd3b4259fa75e510bcbbf7ab1861acb9ce2290128f2
GET /design/dt/4ef456fb9fb14ec5a2da96fe450c24b3_homepagebaukasten-bold.woff HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: text/plain; charset=UTF-8
content-length: 19492
last-modified: Mon, 06 Jul 2020 12:29:00 GMT
etag: "5f03190c-4c24"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/back_button2.svg
178.250.2.130200 OK 293 B URL HTTP/2 static.criteo.net/flash/icon/back_button2.svg
IP 178.250.2.130:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with CRLF line terminators
Hash d9f776bdc698e1bc9c6a1977218019cd
5763cfb5ac79adf0fa7f03a82bad04eea2dca243
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
GET /flash/icon/back_button2.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: image/svg+xml
content-length: 293
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
etag: "626a59dc-125"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/close_button.svg
178.250.2.130200 OK 308 B URL HTTP/2 static.criteo.net/flash/icon/close_button.svg
IP 178.250.2.130:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with CRLF line terminators
Hash 1bfe2e290ec4440da74a2e2c249eae2b
0b888a3f9e27d1554f2e21d51e7a1c223d00dbd4
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
GET /flash/icon/close_button.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: image/svg+xml
content-length: 308
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
etag: "5e46a5e4-134"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 0346d7fd06e31723aa4d91b652637808
13791c6b65cf8dbd68515e18eda658c41148855c
1fb355bd160bac617153c0a5a0a25807ce1fee3779a2a49c1c2fea23b1373680
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5726
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Last-Modified: Mon, 05 Dec 2022 07:19:12 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 0346d7fd06e31723aa4d91b652637808
13791c6b65cf8dbd68515e18eda658c41148855c
1fb355bd160bac617153c0a5a0a25807ce1fee3779a2a49c1c2fea23b1373680
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5691
Cache-Control: max-age=101841
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Etag: "638c8664-139"
Expires: Tue, 06 Dec 2022 13:11:59 GMT
Last-Modified: Sun, 04 Dec 2022 11:37:08 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 0346d7fd06e31723aa4d91b652637808
13791c6b65cf8dbd68515e18eda658c41148855c
1fb355bd160bac617153c0a5a0a25807ce1fee3779a2a49c1c2fea23b1373680
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5726
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Last-Modified: Mon, 05 Dec 2022 07:19:12 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
www.baixandojogosgratis.com/
74.206.228.78200 OK 255 B URL HTTP/1.1 www.baixandojogosgratis.com/
IP 74.206.228.78:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash f058430a1a40a4da24427cf59eb9cf74
f8b4b4b19484c1f70b8ec2caa804acc38edc97e4
258f6c8b6df07ff1dabddf325706aaa8bc8e854c36d49922f2b8314bda9caa5d
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.baixandojogosgratis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Mon, 05 Dec 2022 08:54:38 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
1.bp.blogspot.com/-2LVkrvJs330/T5gZZKmiH_I/AAAAAAAAABI/JD9MVa8A4yY/s45-c/Sharingan.jpg
142.250.74.161200 OK 1.6 kB URL HTTP/2 1.bp.blogspot.com/-2LVkrvJs330/T5gZZKmiH_I/AAAAAAAAABI/JD9MVa8A4yY/s45-c/Sharingan.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 45x45, components 3\012- data
Hash 6582640792634a54a2d93b0d253bae63
3d15f21d955c422b1c443c2418bdc63e483bbc92
3707c30073c4b39d78557ce950b36b17faf75f1632c09b7450ea75fd76f38476
GET /-2LVkrvJs330/T5gZZKmiH_I/AAAAAAAAABI/JD9MVa8A4yY/s45-c/Sharingan.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v12"
expires: Tue, 06 Dec 2022 08:54:38 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Sharingan.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 08:54:38 GMT
server: fife
content-length: 1637
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=23519&q=80&r=0&u=https%3A%2F%2Fpierce-images.imgix.net%2Fimages%2Ff%2Fc%2F7%2F9%2Ffc79b1a857fc18b9a7c48b0abdbf13a1a0c3ac79_2_PIA_73938_0_10.png%3Fcb%3D202249&v=3&w=800&s=8MUPa1oHwYRNjN_WyOccE_fd&b=400
178.250.0.139200 OK 17 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=23519&q=80&r=0&u=https%3A%2F%2Fpierce-images.imgix.net%2Fimages%2Ff%2Fc%2F7%2F9%2Ffc79b1a857fc18b9a7c48b0abdbf13a1a0c3ac79_2_PIA_73938_0_10.png%3Fcb%3D202249&v=3&w=800&s=8MUPa1oHwYRNjN_WyOccE_fd&b=400
IP 178.250.0.139:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 178c5e385a9ed02d5875442d32270f11
2c251aefd49e71e3b79eeb30d3635f2517f8cdba
b41a23920209dfe68b30262f235397abc4f7701965b9b8c76acf865c1d9435a4
GET /img/img?c=3&cq=256&h=800&m=0&partner=23519&q=80&r=0&u=https%3A%2F%2Fpierce-images.imgix.net%2Fimages%2Ff%2Fc%2F7%2F9%2Ffc79b1a857fc18b9a7c48b0abdbf13a1a0c3ac79_2_PIA_73938_0_10.png%3Fcb%3D202249&v=3&w=800&s=8MUPa1oHwYRNjN_WyOccE_fd&b=400 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31530607
expires: Tue, 05 Dec 2023 07:24:45 GMT
date: Mon, 05 Dec 2022 08:54:38 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 16812
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?h=108&m=0&partner=23519&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F23519%2F221201%2F78224789e70d41118d050b40be08cca7_sledstore-logo.png&v=3&w=316&s=KhsM2v7Hmt7jyb0bw5NNU4P1
178.250.0.139200 OK 7.3 kB URL HTTP/2 pix.eu.criteo.net/img/img?h=108&m=0&partner=23519&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F23519%2F221201%2F78224789e70d41118d050b40be08cca7_sledstore-logo.png&v=3&w=316&s=KhsM2v7Hmt7jyb0bw5NNU4P1
IP 178.250.0.139:0
File type PNG image data, 316 x 91, 8-bit/color RGBA, non-interlaced\012- data
Hash 6e2b8b70bd167e89b456e9c2036e8034
b28a4842dcbd2af2047a4ffd6d32c2af0e583b34
dd37516a4133ee83e158fcd5652f07ceaea8d9ae422e6c8e0b3293b30b933354
GET /img/img?h=108&m=0&partner=23519&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F23519%2F221201%2F78224789e70d41118d050b40be08cca7_sledstore-logo.png&v=3&w=316&s=KhsM2v7Hmt7jyb0bw5NNU4P1 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=30789530
expires: Sun, 26 Nov 2023 17:33:28 GMT
date: Mon, 05 Dec 2022 08:54:37 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 7290
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/png
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=23519&q=80&r=0&u=https%3A%2F%2Fpierce-images.imgix.net%2Fimages%2Fd%2F6%2Fa%2F1%2Fd6a1cd0ae8f66971c14753f24e7d5439714d3edb_3_PIA_175702_0_10ab.png%3Fcb%3D202249&v=3&w=800&s=_RNFAMxo0BBfgm7Qxd6wDyog&b=400
178.250.0.139200 OK 23 kB URL HTTP/2 pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=23519&q=80&r=0&u=https%3A%2F%2Fpierce-images.imgix.net%2Fimages%2Fd%2F6%2Fa%2F1%2Fd6a1cd0ae8f66971c14753f24e7d5439714d3edb_3_PIA_175702_0_10ab.png%3Fcb%3D202249&v=3&w=800&s=_RNFAMxo0BBfgm7Qxd6wDyog&b=400
IP 178.250.0.139:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash dd0a1c840e987576c4524c173f5ba558
661ab4b71e1ccdd618b4273038c2952415caa5c9
ed06f20190828ef63326ca239cfd61cf4049a1c7162640d1059427a5c97f11e2
GET /img/img?c=3&cq=256&h=800&m=0&partner=23519&q=80&r=0&u=https%3A%2F%2Fpierce-images.imgix.net%2Fimages%2Fd%2F6%2Fa%2F1%2Fd6a1cd0ae8f66971c14753f24e7d5439714d3edb_3_PIA_175702_0_10ab.png%3Fcb%3D202249&v=3&w=800&s=_RNFAMxo0BBfgm7Qxd6wDyog&b=400 HTTP/1.1
Host: pix.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31530610
expires: Tue, 05 Dec 2023 07:24:48 GMT
date: Mon, 05 Dec 2022 08:54:37 GMT
server: Finatra
cross-origin-resource-policy: cross-origin
content-length: 23428
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
content-type: image/webp
timing-allow-origin: *
vary: Origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
2.bp.blogspot.com/_dfferQWZjXY/TOB78Oc7_lI/AAAAAAAAAAw/7zJc4yoBiss/S45-s45-c/page.jpg
142.250.74.161200 OK 1.5 kB URL HTTP/2 2.bp.blogspot.com/_dfferQWZjXY/TOB78Oc7_lI/AAAAAAAAAAw/7zJc4yoBiss/S45-s45-c/page.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 45x45, components 3\012- data
Hash f5886fff148d0a41b772cf1f29bf9ddf
35aa110a8a6095724cd8582e6792d7301f65f68e
b11c45b1df1354b62bf1845d120d026ab1e910d3be294d6ba47710c1810ef2a0
GET /_dfferQWZjXY/TOB78Oc7_lI/AAAAAAAAAAw/7zJc4yoBiss/S45-s45-c/page.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "vc"
expires: Tue, 06 Dec 2022 08:54:38 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="page.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 08:54:38 GMT
server: fife
content-length: 1548
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocionometro.blogspot.com/favicon.ico
172.217.21.161200 OK 412 B URL HTTP/1.1 ocionometro.blogspot.com/favicon.ico
IP 172.217.21.161:0
File type MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Hash 501c61a70f5c41181aa050d9110909ca
5b985d5671a7caf686fdfb1df13488c4407f6c9f
c4aaf001607ee331f6871b4dbbf45942b1e197726714fd106e46d70cc10ee97e
GET /favicon.ico HTTP/1.1
Host: ocionometro.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/2010/06/mudanca-de-sexo.html
Cookie: cj_uid=
HTTP/1.1 200 OK
Content-Type: image/x-icon; charset=UTF-8
Expires: Mon, 05 Dec 2022 08:54:38 GMT
Date: Mon, 05 Dec 2022 08:54:38 GMT
Cache-Control: private, max-age=86400
Last-Modified: Sat, 26 Nov 2022 10:44:54 GMT
ETag: W/"5430fc94eb38bb2ffa0a66ba2b34ffca753d71946d3d2a81e1fdc0dc49375eeb"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE
1.bp.blogspot.com/_XouXoHodfME/THwHHBWO4DI/AAAAAAAAAEg/Tqejpo7hN_o/S45-s45-c/a%2Bmenina%2B2%2Bcontato%2Bmodified_.png
142.250.74.161200 OK 3.4 kB URL HTTP/2 1.bp.blogspot.com/_XouXoHodfME/THwHHBWO4DI/AAAAAAAAAEg/Tqejpo7hN_o/S45-s45-c/a%2Bmenina%2B2%2Bcontato%2Bmodified_.png
IP 142.250.74.161:0
File type PNG image data, 45 x 45, 8-bit/color RGB, non-interlaced\012- data
Hash d1e15984aa90b57d4c62d700d6ff4709
468f7e38aac843e28a8ea1cff6f0abc03555bb3c
f37e74547cf147e889b53ca04437345a98b90c94138cac204d03a13f01398ede
GET /_XouXoHodfME/THwHHBWO4DI/AAAAAAAAAEg/Tqejpo7hN_o/S45-s45-c/a%2Bmenina%2B2%2Bcontato%2Bmodified_.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v48"
expires: Tue, 06 Dec 2022 08:54:38 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="a+menina+2+contato+modified_.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 08:54:38 GMT
server: fife
content-length: 3412
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 951899738210b4e73e821fe5c4a4c55f
b0b369c38a8431c1688152bb1fc56d80de1f5a37
43a0bfab009cbba919c151e02143651adc3c81ce1ae7bd3a49a6eced6d456f2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 08:54:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2.bp.blogspot.com/-7JSHoqIaN8k/WIosAmjboGI/AAAAAAAASDQ/N7R8xSIazToe7vvbq1oTAqywQoWumC02ACK4B/s45-c/*
142.250.74.161200 OK 1.8 kB URL HTTP/2 2.bp.blogspot.com/-7JSHoqIaN8k/WIosAmjboGI/AAAAAAAASDQ/N7R8xSIazToe7vvbq1oTAqywQoWumC02ACK4B/s45-c/*
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 45x45, components 3\012- data
Hash 46d2e3a138a0ea5ab5590f3763182360
bc9531dd31798cb24a8072332ecf610ab2641f47
0fd3bad62c609d4912806d27cb79c9ac563ec89f78749d6fd9a1dbe8012ae9f6
GET /-7JSHoqIaN8k/WIosAmjboGI/AAAAAAAASDQ/N7R8xSIazToe7vvbq1oTAqywQoWumC02ACK4B/s45-c/* HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v4835"
expires: Tue, 06 Dec 2022 08:54:38 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="*.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 08:54:38 GMT
server: fife
content-length: 1812
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
3.bp.blogspot.com/_Lz0tVJMZF_E/TDHp2EMTXLI/AAAAAAAAAAk/BtIIHCUaij4/S45-s45-c/ln.jpg
142.250.74.161200 OK 1.6 kB URL HTTP/2 3.bp.blogspot.com/_Lz0tVJMZF_E/TDHp2EMTXLI/AAAAAAAAAAk/BtIIHCUaij4/S45-s45-c/ln.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 45x45, components 3\012- data
Hash 1a488e24666a45660ad9e3bf863f387b
4fb60f7de59d98acdb85cd23536b8a710b8880f0
1b1a8d9590527782df471ec1f3b038c9286c7a8f895c70a03a3a2027a6c4c7bd
GET /_Lz0tVJMZF_E/TDHp2EMTXLI/AAAAAAAAAAk/BtIIHCUaij4/S45-s45-c/ln.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://draft.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v9"
expires: Tue, 06 Dec 2022 08:54:38 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="ln.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Mon, 05 Dec 2022 08:54:38 GMT
server: fife
content-length: 1593
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
csm.eu.criteo.net/all?cppv=3&cpp=HczCvf1k50RVpCyNK3aCSzwG0rkGeYyYbdhh5rCXqNrMe-ItR9C57dj8tUid_H1VqAh4pZ4t3yDHm3XMprk3nb13dqjyB-n2zIaau1O_gFhyRCsPozRNb-jjQ6tBFR8SJkiy0ph_Yr9lbQd2FR9-96Kbj1iXEhhWtn5oga2wD8vmRFN4CJcu_5dXlzhYZqEhoRHYiQ_imw0z4aki2Y_h2akMoWb0tOraqMpo3JXLRUF53B2WTbUTr0gJpCaoz9dCuRQuIg&sds=2&rev=83599&sendBeacon=true
178.250.0.162200 OK 0 B URL HTTP/2 csm.eu.criteo.net/all?cppv=3&cpp=HczCvf1k50RVpCyNK3aCSzwG0rkGeYyYbdhh5rCXqNrMe-ItR9C57dj8tUid_H1VqAh4pZ4t3yDHm3XMprk3nb13dqjyB-n2zIaau1O_gFhyRCsPozRNb-jjQ6tBFR8SJkiy0ph_Yr9lbQd2FR9-96Kbj1iXEhhWtn5oga2wD8vmRFN4CJcu_5dXlzhYZqEhoRHYiQ_imw0z4aki2Y_h2akMoWb0tOraqMpo3JXLRUF53B2WTbUTr0gJpCaoz9dCuRQuIg&sds=2&rev=83599&sendBeacon=true
IP 178.250.0.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /all?cppv=3&cpp=HczCvf1k50RVpCyNK3aCSzwG0rkGeYyYbdhh5rCXqNrMe-ItR9C57dj8tUid_H1VqAh4pZ4t3yDHm3XMprk3nb13dqjyB-n2zIaau1O_gFhyRCsPozRNb-jjQ6tBFR8SJkiy0ph_Yr9lbQd2FR9-96Kbj1iXEhhWtn5oga2wD8vmRFN4CJcu_5dXlzhYZqEhoRHYiQ_imw0z4aki2Y_h2akMoWb0tOraqMpo3JXLRUF53B2WTbUTr0gJpCaoz9dCuRQuIg&sds=2&rev=83599&sendBeacon=true HTTP/1.1
Host: csm.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 35
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 08:54:37 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
baixandojogosgratis.com/
173.239.8.164200 OK 181 B IP 173.239.8.164:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 4fa035fc93dead1c4e23e17ee6b6e557
3c1ad473ca819b651966f08716c21bae2d389cb1
f9b9d0f4a3bf1c571354bafcce76a7f8cf99040e4d6d27121d27eb8723d59044
Analyzer Verdict Alert fortinet Malware
POST / HTTP/1.1
Host: baixandojogosgratis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Origin: http://www.baixandojogosgratis.com
Connection: keep-alive
Referer: http://www.baixandojogosgratis.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Dec 2022 08:54:39 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6MSwidHMiOjE2NzAyMzA0NzksImhhc2giOiI3NDBmNTY1NyJ9;Expires=Mon, 05-Dec-2022 09:54:39 GMT;Max-Age=3600
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
cleverjump.org/unload
217.23.10.44200 OK 0 B IP 217.23.10.44:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /unload HTTP/1.1
Host: cleverjump.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 48
Origin: http://ocionometro.blogspot.com
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Mon, 05 Dec 2022 08:54:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.34
q1.quotes.com/737cb66c-747a-11ed-94e6-034057c1b79f
5.79.68.236200 OK 170 B URL HTTP/1.1 q1.quotes.com/737cb66c-747a-11ed-94e6-034057c1b79f
IP 5.79.68.236:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 4272aed226de9b72a00ef5f53a7db839
7a4a3c2256b10f468a9e58c33ef2b2b17ab3f9af
ca9709b95160d31d0d84a6b6f9fe44eeb57d8035b2409ff63ef50106c0840124
GET /737cb66c-747a-11ed-94e6-034057c1b79f HTTP/1.1
Host: q1.quotes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://baixandojogosgratis.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 170
content-type: text/html; charset=utf-8
date: Mon, 05 Dec 2022 08:54:39 GMT
server: nginx
csm.eu.criteo.net/all?cppv=3&cpp=HczCvf1k50RVpCyNK3aCSzwG0rkGeYyYbdhh5rCXqNrMe-ItR9C57dj8tUid_H1VqAh4pZ4t3yDHm3XMprk3nb13dqjyB-n2zIaau1O_gFhyRCsPozRNb-jjQ6tBFR8SJkiy0ph_Yr9lbQd2FR9-96Kbj1iXEhhWtn5oga2wD8vmRFN4CJcu_5dXlzhYZqEhoRHYiQ_imw0z4aki2Y_h2akMoWb0tOraqMpo3JXLRUF53B2WTbUTr0gJpCaoz9dCuRQuIg&sds=2&rev=83599&sendBeacon=true
178.250.0.162200 OK 0 B URL HTTP/2 csm.eu.criteo.net/all?cppv=3&cpp=HczCvf1k50RVpCyNK3aCSzwG0rkGeYyYbdhh5rCXqNrMe-ItR9C57dj8tUid_H1VqAh4pZ4t3yDHm3XMprk3nb13dqjyB-n2zIaau1O_gFhyRCsPozRNb-jjQ6tBFR8SJkiy0ph_Yr9lbQd2FR9-96Kbj1iXEhhWtn5oga2wD8vmRFN4CJcu_5dXlzhYZqEhoRHYiQ_imw0z4aki2Y_h2akMoWb0tOraqMpo3JXLRUF53B2WTbUTr0gJpCaoz9dCuRQuIg&sds=2&rev=83599&sendBeacon=true
IP 178.250.0.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /all?cppv=3&cpp=HczCvf1k50RVpCyNK3aCSzwG0rkGeYyYbdhh5rCXqNrMe-ItR9C57dj8tUid_H1VqAh4pZ4t3yDHm3XMprk3nb13dqjyB-n2zIaau1O_gFhyRCsPozRNb-jjQ6tBFR8SJkiy0ph_Yr9lbQd2FR9-96Kbj1iXEhhWtn5oga2wD8vmRFN4CJcu_5dXlzhYZqEhoRHYiQ_imw0z4aki2Y_h2akMoWb0tOraqMpo3JXLRUF53B2WTbUTr0gJpCaoz9dCuRQuIg&sds=2&rev=83599&sendBeacon=true HTTP/1.1
Host: csm.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 35
Origin: https://ads.eu.criteo.com
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 08:54:39 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
q1.quotes.com/737cb66c-747a-11ed-94e6-034057c1b79f?hr=1
5.79.68.236302 Found 11 B URL HTTP/1.1 q1.quotes.com/737cb66c-747a-11ed-94e6-034057c1b79f?hr=1
IP 5.79.68.236:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /737cb66c-747a-11ed-94e6-034057c1b79f?hr=1 HTTP/1.1
Host: q1.quotes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Mon, 05 Dec 2022 08:54:39 GMT
location: http://btpnav.com/click?data=S0dpMUVwTWFoRnFTTm5zZlliS3I2SFhSMUprWFFCeWphalkyUGtMYTRCMHo4WmpJVnpMWU5WMVRrbmVpZTJQZG9PTUlhSjhQOGF2MmxqNkVCcVZqbGNydGF0TFY2S2t0TEpOYXg0OHotbkR3MGFXOEVQeHFiTUtOMGs3R0djTG9RVFJ6T0tGZ216SGFQUnY0YTl5MFViQkwtSGNNdmNpZ3pYczNNc2tZRmF3MQ2&id=cdc4214a-22e6-4971-bc23-458374fe9ca8
server: nginx
btpnav.com/click?data=S0dpMUVwTWFoRnFTTm5zZlliS3I2SFhSMUprWFFCeWphalkyUGtMYTRCMHo4WmpJVnpMWU5WMVRrbmVpZTJQZG9PTUlhSjhQOGF2MmxqNkVCcVZqbGNydGF0TFY2S2t0TEpOYXg0OHotbkR3MGFXOEVQeHFiTUtOMGs3R0djTG9RVFJ6T0tGZ216SGFQUnY0YTl5MFViQkwtSGNNdmNpZ3pYczNNc2tZRmF3MQ2&id=cdc4214a-22e6-4971-bc23-458374fe9ca8
192.99.158.241200 OK 5.5 kB URL HTTP/1.1 btpnav.com/click?data=S0dpMUVwTWFoRnFTTm5zZlliS3I2SFhSMUprWFFCeWphalkyUGtMYTRCMHo4WmpJVnpMWU5WMVRrbmVpZTJQZG9PTUlhSjhQOGF2MmxqNkVCcVZqbGNydGF0TFY2S2t0TEpOYXg0OHotbkR3MGFXOEVQeHFiTUtOMGs3R0djTG9RVFJ6T0tGZ216SGFQUnY0YTl5MFViQkwtSGNNdmNpZ3pYczNNc2tZRmF3MQ2&id=cdc4214a-22e6-4971-bc23-458374fe9ca8
IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (349), with CRLF line terminators
Hash f3eda04864d64113f2ddf17756efbdd5
7722bc3c2eb3e18fae4a61975da96a2809fe8a38
debe179c3ed25aa3617d360e0823f8b0994b50b976763c86adc1bf26deb163c4
GET /click?data=S0dpMUVwTWFoRnFTTm5zZlliS3I2SFhSMUprWFFCeWphalkyUGtMYTRCMHo4WmpJVnpMWU5WMVRrbmVpZTJQZG9PTUlhSjhQOGF2MmxqNkVCcVZqbGNydGF0TFY2S2t0TEpOYXg0OHotbkR3MGFXOEVQeHFiTUtOMGs3R0djTG9RVFJ6T0tGZ216SGFQUnY0YTl5MFViQkwtSGNNdmNpZ3pYczNNc2tZRmF3MQ2&id=cdc4214a-22e6-4971-bc23-458374fe9ca8 HTTP/1.1
Host: btpnav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: bhrlNOQAAlbcIZM=bhrlNOQAAlbcIZM; path=/
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Mon, 05 Dec 2022 08:54:39 GMT
Content-Length: 5470
btpnav.com/Redirect/
192.99.158.241302 Found 270 B IP 192.99.158.241:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash fbcf6325bc5b01ee85e44f354e647468
86ea5768d1244850344465ca330d16080b8d274e
78328b8b42f8cf23101caf5abf3f1c4a1309457ce44d5ffafdf3f456f60ffee0
POST /Redirect/ HTTP/1.1
Host: btpnav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 358
Origin: http://btpnav.com
Connection: keep-alive
Referer: http://btpnav.com/click?data=S0dpMUVwTWFoRnFTTm5zZlliS3I2SFhSMUprWFFCeWphalkyUGtMYTRCMHo4WmpJVnpMWU5WMVRrbmVpZTJQZG9PTUlhSjhQOGF2MmxqNkVCcVZqbGNydGF0TFY2S2t0TEpOYXg0OHotbkR3MGFXOEVQeHFiTUtOMGs3R0djTG9RVFJ6T0tGZ216SGFQUnY0YTl5MFViQkwtSGNNdmNpZ3pYczNNc2tZRmF3MQ2&id=cdc4214a-22e6-4971-bc23-458374fe9ca8
Cookie: bhrlNOQAAlbcIZM=bhrlNOQAAlbcIZM
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://dipaka-ead.com/zcvisitor/738bfe65-747a-11ed-84ff-0a5af0e8e43f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Mon, 05 Dec 2022 08:54:39 GMT
Content-Length: 270
dipaka-ead.com/zcvisitor/738bfe65-747a-11ed-84ff-0a5af0e8e43f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
3.212.50.125200 1.1 kB URL HTTP/1.1 dipaka-ead.com/zcvisitor/738bfe65-747a-11ed-84ff-0a5af0e8e43f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8576f4d637039e14c1d7492df7228c36
7855e0c7208c1b151c250851f07420bda0d9f2c8
50f5418c791939467f9cf80ecf2cbf0c4b1c1febeb847cab2c3aeec6dca31d5a
GET /zcvisitor/738bfe65-747a-11ed-84ff-0a5af0e8e43f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97 HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://btpnav.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 05 Dec 2022 08:54:40 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: KmEjwrDb
dipaka-ead.com/zcredirect?visitid=738bfe65-747a-11ed-84ff-0a5af0e8e43f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
3.212.50.125200 516 B URL HTTP/1.1 dipaka-ead.com/zcredirect?visitid=738bfe65-747a-11ed-84ff-0a5af0e8e43f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4c9e023a4ab04669886440321f44de4e
5f2ffca246f76d2483f258e4961350e2d7781011
dc02ce8116612f10cc7afb701984001ee6b3f1f04f467dd2bb037f12de2923fa
GET /zcredirect?visitid=738bfe65-747a-11ed-84ff-0a5af0e8e43f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/738bfe65-747a-11ed-84ff-0a5af0e8e43f/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=e87e3540-17b8-11ed-9215-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Mon, 05 Dec 2022 08:54:40 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: EgYYyhUY
dipaka-ead.com/favicon.ico
3.212.50.125404 653 B URL HTTP/1.1 dipaka-ead.com/favicon.ico
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=738bfe65-747a-11ed-84ff-0a5af0e8e43f&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Mon, 05 Dec 2022 08:54:41 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: gtQLJhol
track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.001720&gio=zr738bfe65747a11ed84ff0a5af0e8e43f0340209054b94eb9ae0e55f0b7d264440694881f867550d398
35.180.17.130200 OK 312 B URL HTTP/2 track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.001720&gio=zr738bfe65747a11ed84ff0a5af0e8e43f0340209054b94eb9ae0e55f0b7d264440694881f867550d398
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash dd8ffe642fefeb683c9ba08aeb4edc93
3b28ff0e6e70b532004b64c4ec69776548ce3e17
9e8a67c17c8a78224f973be9537ea8530f80808408e7784ba04293395562865d
GET /tm.ashx?source=zp-1-1891178&det=0.001720&gio=zr738bfe65747a11ed84ff0a5af0e8e43f0340209054b94eb9ae0e55f0b7d264440694881f867550d398 HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Mon, 05 Dec 2022 08:54:40 GMT
content-length: 312
X-Firefox-Spdy: h2
track.domainparkingmanager.it/favicon.ico
35.180.17.130404 Not Found 1.2 kB URL HTTP/2 track.domainparkingmanager.it/favicon.ico
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
GET /favicon.ico HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.001720&gio=zr738bfe65747a11ed84ff0a5af0e8e43f0340209054b94eb9ae0e55f0b7d264440694881f867550d398
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Mon, 05 Dec 2022 08:54:40 GMT
content-length: 1245
X-Firefox-Spdy: h2
track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zr738bfe65747a11ed84ff0a5af0e8e43f0340209054b94eb9&cost=0.001720
35.180.17.130302 Found 158 B URL HTTP/2 track.domainparkingmanager.it/tm2.ashx?&source=zp-1-1891178&pubid=zr738bfe65747a11ed84ff0a5af0e8e43f0340209054b94eb9&cost=0.001720
IP 35.180.17.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash c184564c5f290572d03b0323eea4a55c
69da0e3bf633ce90de367906bec08827b7bf6bc4
12c579efcf0764649601111907e6c63bb7e31b074bc3c4fa78da027c7f1ef362
GET /tm2.ashx?&source=zp-1-1891178&pubid=zr738bfe65747a11ed84ff0a5af0e8e43f0340209054b94eb9&cost=0.001720 HTTP/1.1
Host: track.domainparkingmanager.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.domainparkingmanager.it/tm.ashx?source=zp-1-1891178&det=0.001720&gio=zr738bfe65747a11ed84ff0a5af0e8e43f0340209054b94eb9ae0e55f0b7d264440694881f867550d398
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
cache-control: private
content-type: text/html; charset=utf-8
location: https://service.no.like.it/in.ashx?c=1171
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Mon, 05 Dec 2022 08:54:40 GMT
content-length: 158
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7fc532130793b6456a61b3a9a9197505
76a0005b1f22f6e07dc62cedbcd067983f6eb193
cb8172661732e9446eeaeaa47fdb996f4dba4b07f33a9c9ec9392e48280500dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB8172661732E9446EEAEAA47FDB996F4DBA4B07F33A9C9EC9392E48280500DD"
Last-Modified: Sun, 04 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21548
Expires: Mon, 05 Dec 2022 14:53:49 GMT
Date: Mon, 05 Dec 2022 08:54:41 GMT
Connection: keep-alive
service.no.like.it/in.ashx?c=1171
35.180.205.178302 Found 189 B URL HTTP/2 service.no.like.it/in.ashx?c=1171
IP 35.180.205.178:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash fdfedac3ab7b380d7424ed88d2caaa36
1bae1f98229d84f9e19b7cad357d10f2f4ecbcaa
36a108b4dcf68393b869044c990fb9bc7cfee09c5a3f278d584d7ae44db2a211
GET /in.ashx?c=1171 HTTP/1.1
Host: service.no.like.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
location: https://no.like.it/Search?q=ranheim skole&country=no&language=no
server: Microsoft-IIS/10.0
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
set-cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=ranheim+skole&c=1171&logcookie=28379337; domain=no.like.it; expires=Mon, 05-Dec-2022 08:55:42 GMT; path=/; secure; SameSite=None
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Mon, 05 Dec 2022 08:54:42 GMT
content-length: 189
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d4b58980186fc4821ddf080af917b63
bda9dc7625038ac9f8ac293549512225e6b24895
faa31eeaa5b6d5c5f8a08699cc7e3f589a1117caa44f9c0c078b499ed6b94301
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAA31EEAA5B6D5C5F8A08699CC7E3F589A1117CAA44F9C0C078B499ED6B94301"
Last-Modified: Sun, 04 Dec 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8670
Expires: Mon, 05 Dec 2022 11:19:12 GMT
Date: Mon, 05 Dec 2022 08:54:42 GMT
Connection: keep-alive
no.like.it/Search?q=ranheim%20skole&country=no&language=no
185.25.205.112200 OK 0 B URL HTTP/2 no.like.it/Search?q=ranheim%20skole&country=no&language=no
IP 185.25.205.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Search?q=ranheim%20skole&country=no&language=no HTTP/1.1
Host: no.like.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://track.domainparkingmanager.it/
Connection: keep-alive
Cookie: clkmrctrvsprx=http://domainparking.io/out.aspx?keyword=ranheim+skole&c=1171&logcookie=28379337
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Mon, 05 Dec 2022 08:52:19 GMT
content-length: 0
X-Firefox-Spdy: h2
dl.dropbox.com/u/1944060/cd.js
162.125.71.15404 Not Found 0 B URL HTTP/2 dl.dropbox.com/u/1944060/cd.js
IP 162.125.71.15:0
GET /u/1944060/cd.js HTTP/1.1
Host: dl.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ocionometro.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
date: Mon, 05 Dec 2022 08:54:37 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: remote
x-dropbox-request-id: d20e78d76a6d478c90fbf93296e75da8
X-Firefox-Spdy: h2
2.bp.blogspot.com/-4k71L5alARk/TwRM6mQ5wgI/AAAAAAAADW4/Doxhf3kz6jI/s1600/Sem%2BT%25C3%25ADtulo-1.png
142.250.74.161200 OK 0 B URL HTTP/1.1 2.bp.blogspot.com/-4k71L5alARk/TwRM6mQ5wgI/AAAAAAAADW4/Doxhf3kz6jI/s1600/Sem%2BT%25C3%25ADtulo-1.png
IP 142.250.74.161:0
GET /-4k71L5alARk/TwRM6mQ5wgI/AAAAAAAADW4/Doxhf3kz6jI/s1600/Sem%2BT%25C3%25ADtulo-1.png HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "vd6e"
Expires: Tue, 06 Dec 2022 08:54:37 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Sem T_tulo-1.png";filename*=UTF-8''Sem%20T%C3%ADtulo-1.png
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 05 Dec 2022 08:54:37 GMT
Server: fife
Content-Length: 136310
X-XSS-Protection: 0
static.criteo.net/animejs/animejs.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/animejs/animejs.js
IP 178.250.2.130:0
GET /animejs/animejs.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: text/javascript
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
etag: W/"5c9a64eb-3181"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=g2xrb653B9rnuK1wYYK64mDFXJ5EsprQVuSBwZU01RnATfWOO0lY8fvRNeuXr6T54FEwIvOAEmZhR_TsQu0C8USaszbY3kbgeHDULS4_0YC2LgS4xoole9L-7ovbdl38HGNbeOIJZFlMYAYfPucnqERsmNOqXHGEcx3BAN7O8a-2OPtd0_Qa_I0hWG2-zWUNm6hRcvxNL5v0RUY3kJUZf0m7XIDL5_PgGPG6vewQTgpcbeVGWwI98rs7xkW4ZCbJ6sj-ugwvqZ-mtmkEv6nQheLgDQpQ1O3aHrbCrUiOKmWZd2T8Zmk6uUdon-rkoFLCMuCLFQNLHetS1R412Yt_FiMo9ulJxWs423W2JcjLt_5URoCXkFudaGTU1cEt4k0uaSaftxcfmCBTbbj4i653rAUCLEDiQII_1EghEZneWu6jHpiQ
178.250.0.160200 OK 0 B URL HTTP/2 cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=g2xrb653B9rnuK1wYYK64mDFXJ5EsprQVuSBwZU01RnATfWOO0lY8fvRNeuXr6T54FEwIvOAEmZhR_TsQu0C8USaszbY3kbgeHDULS4_0YC2LgS4xoole9L-7ovbdl38HGNbeOIJZFlMYAYfPucnqERsmNOqXHGEcx3BAN7O8a-2OPtd0_Qa_I0hWG2-zWUNm6hRcvxNL5v0RUY3kJUZf0m7XIDL5_PgGPG6vewQTgpcbeVGWwI98rs7xkW4ZCbJ6sj-ugwvqZ-mtmkEv6nQheLgDQpQ1O3aHrbCrUiOKmWZd2T8Zmk6uUdon-rkoFLCMuCLFQNLHetS1R412Yt_FiMo9ulJxWs423W2JcjLt_5URoCXkFudaGTU1cEt4k0uaSaftxcfmCBTbbj4i653rAUCLEDiQII_1EghEZneWu6jHpiQ
IP 178.250.0.160:0
GET /delivery/lg.php?cppv=3&cpp=g2xrb653B9rnuK1wYYK64mDFXJ5EsprQVuSBwZU01RnATfWOO0lY8fvRNeuXr6T54FEwIvOAEmZhR_TsQu0C8USaszbY3kbgeHDULS4_0YC2LgS4xoole9L-7ovbdl38HGNbeOIJZFlMYAYfPucnqERsmNOqXHGEcx3BAN7O8a-2OPtd0_Qa_I0hWG2-zWUNm6hRcvxNL5v0RUY3kJUZf0m7XIDL5_PgGPG6vewQTgpcbeVGWwI98rs7xkW4ZCbJ6sj-ugwvqZ-mtmkEv6nQheLgDQpQ1O3aHrbCrUiOKmWZd2T8Zmk6uUdon-rkoFLCMuCLFQNLHetS1R412Yt_FiMo9ulJxWs423W2JcjLt_5URoCXkFudaGTU1cEt4k0uaSaftxcfmCBTbbj4i653rAUCLEDiQII_1EghEZneWu6jHpiQ HTTP/1.1
Host: cat.fr.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 08:54:37 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 3095700
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/privacy_small.svg
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/flash/icon/privacy_small.svg
IP 178.250.2.130:0
GET /flash/icon/privacy_small.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: image/svg+xml
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
etag: W/"5e42ba84-6aa"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dl.dropbox.com/u/1944599/page.nav123.js
162.125.71.15404 Not Found 0 B URL HTTP/2 dl.dropbox.com/u/1944599/page.nav123.js
IP 162.125.71.15:0
GET /u/1944599/page.nav123.js HTTP/1.1
Host: dl.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ocionometro.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html
date: Mon, 05 Dec 2022 08:54:36 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: remote
x-dropbox-request-id: 87458801c9d34d828e34d8b2ea36b215
X-Firefox-Spdy: h2
dl.getdropbox.com/u/1944060/cd.js
162.125.71.21301 Moved Permanently 0 B URL HTTP/2 dl.getdropbox.com/u/1944060/cd.js
IP 162.125.71.21:0
GET /u/1944060/cd.js HTTP/1.1
Host: dl.getdropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://dl.dropbox.com/u/1944060/cd.js
x-dropbox-response-origin: local
date: Mon, 05 Dec 2022 08:54:36 GMT
server: envoy
x-dropbox-request-id: 7a07af606a1741bc81c6eae7b54a575c
X-Firefox-Spdy: h2
ads.eu.criteo.com/delivery/r/afr.php?z=Y42xzQAKU8gCHkkxAA4knXTXmtPjz_vYYymNKg&u=%7C%2BQ5xD7K3mXbbvulXZCtEnMkDM%2FnJ7UNPgzFW7TXpNaI%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_TyHgKyU7CHfZgbqOM091kA0dVFxhNqwEPRpzfA_LPpcr7BHo_gcrVNxEFle6v5PZ2BvP_lOjGQonCOsUoINWgDYcKAG4BvQILKyUKhj0Py41u5sA5PWuf986ocnf4L8XZxZF5NlXy8Gv_stARq_tzexbmKUuxE5P9W-LxhTEDM2bB2gc7ra4QjBx98-BxXYGbNrz2-OT2mPB9Oc-NF97nKGpynsPwcjXQZVr02nDMTysRfaovTjvTb3UYMMx-AI57wrR1og8qhAgHPShPdYZl3uQSxmLU_6QDUDoyJtjJ3fFQPZHsVzGctd19ce71-0SpemcxLubPexTJf0KLSVk3H2mwc_LKyziyH-DMhcoElSoSS2vcqmY5ArZe2DRdU8fxKGF2dj45tvn9zTvsesWVjWIojDAGM0gGKThN4b88PalaDCP-t-UAdvedjnz0nYHXgF_3_8g_hfCBCb1odXuAYyxlrk57Kd3PVf1m0tgwMxvNBWWWXYFsBE-R-7tk-h4wQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC0jABzbGNY8inKbGS-cAPncm4yAjJntKxXNWdkfdwwI23ARABIABgw4SAgJgYggEXY2EtcHViLTk0MTIzMTUxNTIyOTU0MzDIAQmpAkS_tBqXrLE-qAMBqgSUAk_QncmCHIBaypPesGdMrlxGJ3juwygWJWlURPWa3VqCDC8IPRH_0rQdNNqDj0VBQfz6mCm2V2x_o39q3INs0cRC_R5acS8vF2Yrulr-gqUWlkpDAseL76ArTZQCOxEz_eojWm2yjpBUnTPbEctsRWE8tkSLKftqOyD8LUZukg1Z8z1kicKDAL0w9ylCGgyIuv9AsP874eF3S0FedgikwxakpnlHBPeutIQjGR4fPGt9-PEhjs0UQo7c8F3WzqXYt9enl-5PR7ZlFNqLCjse9z-303Sr-ibHqdsqDeNBnarVqrgqLbJQK__A2HWTuYurSViRI1t1tUBAiBAQaecbjKRBGU6e7aH1oTMPDmOQ6WeCUG-5L4AG_I7IyL-t36wgoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1C81BlTfZQKHMIsqh6q5wpYTGxAQ%26client%3Dca-pub-9412315152295430%26adurl%3D
178.250.0.138200 OK 0 B URL HTTP/2 ads.eu.criteo.com/delivery/r/afr.php?z=Y42xzQAKU8gCHkkxAA4knXTXmtPjz_vYYymNKg&u=%7C%2BQ5xD7K3mXbbvulXZCtEnMkDM%2FnJ7UNPgzFW7TXpNaI%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_TyHgKyU7CHfZgbqOM091kA0dVFxhNqwEPRpzfA_LPpcr7BHo_gcrVNxEFle6v5PZ2BvP_lOjGQonCOsUoINWgDYcKAG4BvQILKyUKhj0Py41u5sA5PWuf986ocnf4L8XZxZF5NlXy8Gv_stARq_tzexbmKUuxE5P9W-LxhTEDM2bB2gc7ra4QjBx98-BxXYGbNrz2-OT2mPB9Oc-NF97nKGpynsPwcjXQZVr02nDMTysRfaovTjvTb3UYMMx-AI57wrR1og8qhAgHPShPdYZl3uQSxmLU_6QDUDoyJtjJ3fFQPZHsVzGctd19ce71-0SpemcxLubPexTJf0KLSVk3H2mwc_LKyziyH-DMhcoElSoSS2vcqmY5ArZe2DRdU8fxKGF2dj45tvn9zTvsesWVjWIojDAGM0gGKThN4b88PalaDCP-t-UAdvedjnz0nYHXgF_3_8g_hfCBCb1odXuAYyxlrk57Kd3PVf1m0tgwMxvNBWWWXYFsBE-R-7tk-h4wQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC0jABzbGNY8inKbGS-cAPncm4yAjJntKxXNWdkfdwwI23ARABIABgw4SAgJgYggEXY2EtcHViLTk0MTIzMTUxNTIyOTU0MzDIAQmpAkS_tBqXrLE-qAMBqgSUAk_QncmCHIBaypPesGdMrlxGJ3juwygWJWlURPWa3VqCDC8IPRH_0rQdNNqDj0VBQfz6mCm2V2x_o39q3INs0cRC_R5acS8vF2Yrulr-gqUWlkpDAseL76ArTZQCOxEz_eojWm2yjpBUnTPbEctsRWE8tkSLKftqOyD8LUZukg1Z8z1kicKDAL0w9ylCGgyIuv9AsP874eF3S0FedgikwxakpnlHBPeutIQjGR4fPGt9-PEhjs0UQo7c8F3WzqXYt9enl-5PR7ZlFNqLCjse9z-303Sr-ibHqdsqDeNBnarVqrgqLbJQK__A2HWTuYurSViRI1t1tUBAiBAQaecbjKRBGU6e7aH1oTMPDmOQ6WeCUG-5L4AG_I7IyL-t36wgoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1C81BlTfZQKHMIsqh6q5wpYTGxAQ%26client%3Dca-pub-9412315152295430%26adurl%3D
IP 178.250.0.138:0
GET /delivery/r/afr.php?z=Y42xzQAKU8gCHkkxAA4knXTXmtPjz_vYYymNKg&u=%7C%2BQ5xD7K3mXbbvulXZCtEnMkDM%2FnJ7UNPgzFW7TXpNaI%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIg_Yv4RnZRq4P_PySyhhQairi-eDLwKj_TyHgKyU7CHfZgbqOM091kA0dVFxhNqwEPRpzfA_LPpcr7BHo_gcrVNxEFle6v5PZ2BvP_lOjGQonCOsUoINWgDYcKAG4BvQILKyUKhj0Py41u5sA5PWuf986ocnf4L8XZxZF5NlXy8Gv_stARq_tzexbmKUuxE5P9W-LxhTEDM2bB2gc7ra4QjBx98-BxXYGbNrz2-OT2mPB9Oc-NF97nKGpynsPwcjXQZVr02nDMTysRfaovTjvTb3UYMMx-AI57wrR1og8qhAgHPShPdYZl3uQSxmLU_6QDUDoyJtjJ3fFQPZHsVzGctd19ce71-0SpemcxLubPexTJf0KLSVk3H2mwc_LKyziyH-DMhcoElSoSS2vcqmY5ArZe2DRdU8fxKGF2dj45tvn9zTvsesWVjWIojDAGM0gGKThN4b88PalaDCP-t-UAdvedjnz0nYHXgF_3_8g_hfCBCb1odXuAYyxlrk57Kd3PVf1m0tgwMxvNBWWWXYFsBE-R-7tk-h4wQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC0jABzbGNY8inKbGS-cAPncm4yAjJntKxXNWdkfdwwI23ARABIABgw4SAgJgYggEXY2EtcHViLTk0MTIzMTUxNTIyOTU0MzDIAQmpAkS_tBqXrLE-qAMBqgSUAk_QncmCHIBaypPesGdMrlxGJ3juwygWJWlURPWa3VqCDC8IPRH_0rQdNNqDj0VBQfz6mCm2V2x_o39q3INs0cRC_R5acS8vF2Yrulr-gqUWlkpDAseL76ArTZQCOxEz_eojWm2yjpBUnTPbEctsRWE8tkSLKftqOyD8LUZukg1Z8z1kicKDAL0w9ylCGgyIuv9AsP874eF3S0FedgikwxakpnlHBPeutIQjGR4fPGt9-PEhjs0UQo7c8F3WzqXYt9enl-5PR7ZlFNqLCjse9z-303Sr-ibHqdsqDeNBnarVqrgqLbJQK__A2HWTuYurSViRI1t1tUBAiBAQaecbjKRBGU6e7aH1oTMPDmOQ6WeCUG-5L4AG_I7IyL-t36wgoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1C81BlTfZQKHMIsqh6q5wpYTGxAQ%26client%3Dca-pub-9412315152295430%26adurl%3D HTTP/1.1
Host: ads.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 08:54:37 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=HczCvf1k50RVpCyNK3aCSzwG0rkGeYyYbdhh5rCXqNrMe-ItR9C57dj8tUid_H1VqAh4pZ4t3yDHm3XMprk3nb13dqjyB-n2zIaau1O_gFhyRCsPozRNb-jjQ6tBFR8SJkiy0ph_Yr9lbQd2FR9-96Kbj1iXEhhWtn5oga2wD8vmRFN4CJcu_5dXlzhYZqEhoRHYiQ_imw0z4aki2Y_h2akMoWb0tOraqMpo3JXLRUF53B2WTbUTr0gJpCaoz9dCuRQuIg"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 92179472
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/adchoices_en.svg
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/flash/icon/adchoices_en.svg
IP 178.250.2.130:0
GET /flash/icon/adchoices_en.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: image/svg+xml
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
etag: W/"5e42b9ee-759"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/privacy.svg
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/flash/icon/privacy.svg
IP 178.250.2.130:0
GET /flash/icon/privacy.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
etag: W/"5e4d1491-646"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
apis.google.com/js/platform.js
142.250.74.46200 OK 0 B URL HTTP/2 apis.google.com/js/platform.js
IP 142.250.74.46:0
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ocionometro.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Mon, 05 Dec 2022 08:54:36 GMT
expires: Mon, 05 Dec 2022 08:54:36 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.criteo.net/flash/icon/criteo_logo_2021.svg
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/flash/icon/criteo_logo_2021.svg
IP 178.250.2.130:0
GET /flash/icon/criteo_logo_2021.svg HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.eu.criteo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 08:54:38 GMT
content-type: image/svg+xml
last-modified: Thu, 27 May 2021 13:21:59 GMT
etag: W/"60af9cf7-891"
expires: Thu, 30 Nov 2023 08:54:38 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2