tmearn.com/35VvXi
172.67.137.133301 Moved Permanently 0 B IP 172.67.137.133:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /35VvXi HTTP/1.1
Host: tmearn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 19 Nov 2022 04:45:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 19 Nov 2022 05:45:15 GMT
Location: https://tmearn.com/35VvXi
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2iM6uKIuikE8XoyomshfzaNx4Omv3ohX1SwMxb2aj8rL42xoVgMpJw0bi1a8PWPgcb3fTn6%2FgAHnpy8GgFsLpQF5KLNLrscCBqCMkDIjb6Qt87ZVL3Sk0tUHY3CG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76c64b9aaac10b31-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7799
Expires: Sat, 19 Nov 2022 06:55:14 GMT
Date: Sat, 19 Nov 2022 04:45:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6404
Cache-Control: max-age=113556
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:15 GMT
Etag: "63775eeb-1d7"
Expires: Sun, 20 Nov 2022 12:17:51 GMT
Last-Modified: Fri, 18 Nov 2022 10:31:07 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 19 Nov 2022 04:44:52 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 23
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a38b6dd8a4cc335c026aebf2ed348b6
8a386e0ccb0ca4dc502746c45b2ebc3aa3f83cf8
8b4040a645cec1841a00a22765eb3a74978559daf15c54bd4b41b6b48aab7f95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10129
Expires: Sat, 19 Nov 2022 07:34:04 GMT
Date: Sat, 19 Nov 2022 04:45:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hyYQl6zfVMb6HdZp08CZ/Vo6U2XcjMqTxEibLFMd12XVfn20yxJ+/5DRO6zEhOLBCH9Wd779k2LEb78x6UjV1g==
x-amz-request-id: 0NQJQXJJS669AYJN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 19 Nov 2022 04:15:52 GMT
age: 1763
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2e1fe174ce3dbdbba9949bdc6fea9612
2ee90a19652492237fd9c8f2d504c398725dfa80
fe18bf34db605d4866a94fdaeea41e195b318baa4484e465614d1869cc52d093
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=156091
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:15 GMT
Etag: "63781e16-117"
Expires: Mon, 21 Nov 2022 00:06:46 GMT
Last-Modified: Sat, 19 Nov 2022 00:06:46 GMT
Server: nginx
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 19 Nov 2022 04:45:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2e1fe174ce3dbdbba9949bdc6fea9612
2ee90a19652492237fd9c8f2d504c398725dfa80
fe18bf34db605d4866a94fdaeea41e195b318baa4484e465614d1869cc52d093
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=156091
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:15 GMT
Etag: "63781e16-117"
Expires: Mon, 21 Nov 2022 00:06:46 GMT
Last-Modified: Sat, 19 Nov 2022 00:06:46 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 32e7e5a5e4c3b1f1b812ac3edb5d5806
175fa0dca618bc5b06347cdb0d3cafc5ba0346d3
d44028f4ce33e5ae79d2129a2379516669f3af67321a812687ceeca2f29f222b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D44028F4CE33E5AE79D2129A2379516669F3AF67321A812687CEECA2F29F222B"
Last-Modified: Wed, 16 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5269
Expires: Sat, 19 Nov 2022 06:13:04 GMT
Date: Sat, 19 Nov 2022 04:45:15 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 19 Nov 2022 04:44:49 GMT
cache-control: public,max-age=3600
age: 27
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 32e7e5a5e4c3b1f1b812ac3edb5d5806
175fa0dca618bc5b06347cdb0d3cafc5ba0346d3
d44028f4ce33e5ae79d2129a2379516669f3af67321a812687ceeca2f29f222b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D44028F4CE33E5AE79D2129A2379516669F3AF67321A812687CEECA2F29F222B"
Last-Modified: Wed, 16 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5268
Expires: Sat, 19 Nov 2022 06:13:04 GMT
Date: Sat, 19 Nov 2022 04:45:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4257
Cache-Control: max-age=106357
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 10:17:53 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
code.jquery.com/jquery-1.12.0.min.js
69.16.175.10200 OK 34 kB URL HTTP/2 code.jquery.com/jquery-1.12.0.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32060)
Hash e0865bea5b028ce4d913dc4d6166c751
b2df1f4068ce3040ba56512e7fa7674db72f8fcb
0dbb35dfe27885f4ab7cb2f5f3b6894d0fe03f691e4612cec613bd6a74193337
GET /jquery-1.12.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:16 GMT
content-encoding: gzip
content-length: 33820
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-17c52"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1668833116.dop225.sk1.t,1668833116.cds218.sk1.hn,1668833116.cds229.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f17b03be491bcd758ad58f33ac7c094c
c02829213f2c3afc21026a24b413585804ba17de
e4085af005b24bc39492d37826b238a7e32d85037c9dcfc658171e73325ec0d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 2.0 kB IP 142.250.74.35:0
Hash 250f5b97cb7229a61b53fd257bfefc2e
5b03a5132f38ba22b94b892f543342c0380e5b88
19b2492a755df480a045a24b207fe242394547c58d369ee56ac8a0705edb6ce9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 5e884c53db72411f06e2209d005f7586
6e1049a7fc26d6a3259a97bfca9dc6ba7b0dd5af
2965603dd297987ffa36ffd33c133f2c6a67fa6df1551554160b65ce804b0198
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 22 kB IP 142.250.74.35:0
Hash f838aaec3bf17d9c6544487e120ddc2c
6e57204ae5858dc836955c02c7893f537544ac98
a381577fde3a4776c694821503646ce0e671766889a64d9cab1276217af15a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff5bd85c5f9c825c8214fa1f642a7fb6
f2179f77fba32b0b11a78f63ebe8e4c68247d38d
a3147df0e5455b5820c97aa0cf2d300160188513cf55a1475bd516396e77b357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3147DF0E5455B5820C97AA0CF2D300160188513CF55A1475BD516396E77B357"
Last-Modified: Fri, 18 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4282
Expires: Sat, 19 Nov 2022 05:56:38 GMT
Date: Sat, 19 Nov 2022 04:45:16 GMT
Connection: keep-alive
www.google.com/recaptcha/api.js?onload=loadCaptcha&render=explicit
142.250.74.164200 OK 574 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=loadCaptcha&render=explicit
IP 142.250.74.164:0
File type ASCII text, with very long lines (906), with no line terminators
Hash 35ba813b923d084f7bd4ab6cb52ba5af
0403c455a4ff965460cbf20cafbcaeee90540385
567da270e8a1ff1779fa45dd7e2ef0910b790c2f72f790bc939d818d6d331390
GET /recaptcha/api.js?onload=loadCaptcha&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 19 Nov 2022 04:45:16 GMT
date: Sat, 19 Nov 2022 04:45:16 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 574
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js
142.250.74.164200 OK 553 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 1309ff133720d219cc98090d66a051ed
b96fc5a893e42be16d687d7abdecdb13d348a019
358683c66634ea5ee3021c93111d8621d583880bcbbfadf3ec2ff87a15ea1038
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 19 Nov 2022 04:45:16 GMT
date: Sat, 19 Nov 2022 04:45:16 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-233612758-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-233612758-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash eba3652dfd7bddaa3ecae1506d1f15ce
633021e58f1c4a89558498ae1f9d4c7b17a2e889
7c8ad6e5aded5e1b5e28756a36d2ee07b79875a1ae1e1e907726388429b7adfe
GET /gtag/js?id=UA-233612758-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 19 Nov 2022 04:45:16 GMT
expires: Sat, 19 Nov 2022 04:45:16 GMT
cache-control: private, max-age=900
last-modified: Sat, 19 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43681
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
roucoutaivers.com/1clkn/28562
172.255.6.57200 OK 26 B URL HTTP/1.1 roucoutaivers.com/1clkn/28562
IP 172.255.6.57:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
Analyzer Verdict Alert quad9 Sinkholed
GET /1clkn/28562 HTTP/1.1
Host: roucoutaivers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 19 Nov 2022 04:45:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 20-Nov-2022 04:45:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sun, 20-Nov-2022 04:45:16 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 1.3 kB IP 142.250.74.35:0
File type Applesoft BASIC program data, first line number 91\012- data
Hash 3e54b6874f097b11d18afbd93d889072
2e1313daecab4dad9728fe7ab264316165bb33ce
6973e16e77411e18803a1cfef7ae14850d094af21c8d0e8d246dc25b0583c472
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 33 kB IP 142.250.74.35:0
Hash 30a98c4e1552df0d25ea856426ae8448
2bb19c0de2e8bcb4ee0602bcb5f2f6afae4cb33d
eaf377ad132df4b4e2a9dbcd1d16e3dd6529102da1368054011e0e6638f592bb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash a00fff9dd1711061b285e2136c973d13
66548ac11fc58024c6994539ab81804add41d2f2
4b87c5468c15817686a8497324c2a06d18fd5574141aa0476bf98aa3b8395a8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9d500ceab2c3668502f0d94b87e47e71
ff949c40be1267b07be40542f2daac9757d31af3
49949af8aa2e892df12d10abf55bd82f16654fafa05a606ce59e5459613c7646
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3903
Cache-Control: max-age=147037
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Etag: "6377eb7a-117"
Expires: Sun, 20 Nov 2022 21:35:53 GMT
Last-Modified: Fri, 18 Nov 2022 20:30:50 GMT
Server: ECS (amb/6B99)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c87979fe737c90ca31db9d6759c8d650
164b978e16c16a2d83707588e336974181ed5d14
99319ec85d6b8be6abe7f6249f614d05a36bb7068dec94efe5b0dac75d244f95
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "99319EC85D6B8BE6ABE7F6249F614D05A36BB7068DEC94EFE5B0DAC75D244F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4254
Expires: Sat, 19 Nov 2022 05:56:10 GMT
Date: Sat, 19 Nov 2022 04:45:16 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d3c8eef7b4f35b5fe83d96776ec8bd56
9be693972c7bda0266fa84e46c3b7090101d566b
ff4d639013521f97e437f545264e7961b5664b094d8c538ea98df3196797a161
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FF4D639013521F97E437F545264E7961B5664B094D8C538EA98DF3196797A161"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8656
Expires: Sat, 19 Nov 2022 07:09:32 GMT
Date: Sat, 19 Nov 2022 04:45:16 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d3c8eef7b4f35b5fe83d96776ec8bd56
9be693972c7bda0266fa84e46c3b7090101d566b
ff4d639013521f97e437f545264e7961b5664b094d8c538ea98df3196797a161
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FF4D639013521F97E437F545264E7961B5664B094D8C538EA98DF3196797A161"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8730
Expires: Sat, 19 Nov 2022 07:10:46 GMT
Date: Sat, 19 Nov 2022 04:45:16 GMT
Connection: keep-alive
push.services.mozilla.com/
54.187.71.185101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.71.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8ySggTc0ZU4vnC40S0omuQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /tXNoDEHa+8zCzWuNI1ECWW8oX0=
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 582 B IP 142.250.74.35:0
Hash ba308717bd7c5a1a499a89fd883ad1ef
7e005d8b9f12c481f5efb97e898beb33276a1d5b
6a5e9ce01556b33ae5238df39aa43d7ad9529f3951c03f3b6ac6fb9de0a69c55
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
216.58.207.195200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 21224, version 1.0\012- data
Hash 13bdfb843f942ccd9f485eb6c0bc1934
2bad44362ff7569f24f2a3df2521b27a97ec1297
7a291479495fbb281655d5e870c6d118dc6b7ed18e8c235aef5974c1e9de4e6c
GET /s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21224
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Nov 2022 23:13:49 GMT
expires: Wed, 15 Nov 2023 23:13:49 GMT
cache-control: public, max-age=31536000
age: 279087
last-modified: Tue, 19 Apr 2022 18:04:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833114469
172.67.70.145301 Moved Permanently 472 B URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833114469
IP 172.67.70.145:0
Hash c58de690a701dea26333a42815dc3003
91d9e60c285f6578b5d814901a90f52cafbb8790
179d035993138ec5fdb0b2bf1987888f751903e959af09e335ada210be842ca6
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833114469 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 19 Nov 2022 04:45:16 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Sat, 19 Nov 2022 05:45:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EoskPwNSRk5Ixcj2XdbpMkhdYFYFM8gFzOYzbQ3aBzdZORndceY0H3dKi2vowAZtVsp3%2BUFE9MAWs6hgark4bN4SeLYMrWFHGNzUytUXXy9F5JYe%2FpQ4AfRkj7q1axCzLquQqCeW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64ba2acd00b59-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9d500ceab2c3668502f0d94b87e47e71
ff949c40be1267b07be40542f2daac9757d31af3
49949af8aa2e892df12d10abf55bd82f16654fafa05a606ce59e5459613c7646
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:16 GMT
Etag: "6377eb7a-117"
Server: ECS (amb/6B72)
Content-Length: 279
mahimeta.com/networks/tag.js?cache=1668833114
172.67.154.3200 OK 24 kB URL HTTP/2 mahimeta.com/networks/tag.js?cache=1668833114
IP 172.67.154.3:0
File type ASCII text, with very long lines (429)
Hash fd42578c9e1e43d7d1d8d33d084dda82
9e66bd2be4a6df33898a8ef4b044d74ba9b402e1
27acc4106dc07014b4ed00977c7bcab9064c326f87c515949d9909df75e5ee37
GET /networks/tag.js?cache=1668833114 HTTP/1.1
Host: mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:16 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 26 Aug 2022 12:40:56 GMT
etag: W/"6308bf58-271a6"
expires: Mon, 19 Dec 2022 04:45:16 GMT
cache-control: public, max-age=2592000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3HIPmrsbbVdZ65f0wMbYuHcxmREvu1I%2FbDSjwuqHMT0GQ8lauuR61MD81lA%2BWdGspoXZpgyg9y1v7b4%2FL4i8HzEnU3SC4nAoj8gTghzCH5V5y0kduwQ8i4GN3jgVnBQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64ba29f3bb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0bc0607a1fd34c6f1e4ded9379fffa47
e7cad90b57a6701cb0527f710c8071546a9e1566
6fbaa3ff50f2560d58eacd7a5f36d29de32c9feb1f3a84b266de56f293ec6670
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6FBAA3FF50F2560D58EACD7A5F36D29DE32C9FEB1F3A84B266DE56F293EC6670"
Last-Modified: Fri, 18 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9102
Expires: Sat, 19 Nov 2022 07:16:58 GMT
Date: Sat, 19 Nov 2022 04:45:16 GMT
Connection: keep-alive
plungebriefinggladly.com/7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js
192.243.61.227200 OK 21 kB URL HTTP/1.1 plungebriefinggladly.com/7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60191), with no line terminators
Hash 5c10ae0d07cd0c44be3fd12462cbf117
0031bdee6de85fbd00e26c6a39f1fb666ffe5cbb
aaa9a8f2b789bf5cc77d931c075f388cb6ab76e0d5325615c852a08ca3cf06bb
GET /7e/1d/8f/7e1d8f1ae70c40a4c328807cbe5300ca.js HTTP/1.1
Host: plungebriefinggladly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 04:45:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2d3f069d52603a76ed989fc3ff031c76
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash f0a7ae5fe0c925b0517f6494ff5a5d5c
ceda7ce395748306376df68d7d33a4b4ca775afc
fe329b0ac99808d05d1db86e9825270536e66e85b2860eed3b5f0087d99f3753
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=120711
Date: Sat, 19 Nov 2022 04:45:17 GMT
Etag: "63778916-1d7"
Expires: Sun, 20 Nov 2022 14:17:08 GMT
Last-Modified: Fri, 18 Nov 2022 13:31:02 GMT
Server: ECS (nyb/1D29)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: nFZp4JDwlez3UH9b8wNN7nMnSpPLLa7ycyIBn1juMwDSIj8GcwTY1Q==
Age: 2766
simplewebanalysis.com/stats
18.195.188.15200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.195.188.15:0
File type ASCII text, with no line terminators
Hash bbb24953f8bd26532118d2c0f8c47a1c
54557fbd53c9ac61cc20de138502364bb92b4251
c07b18b11d3d2f9f8797f1a61859c3d635e71633f1dc19b1fcbcafc6d1b98443
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:17 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://blogmado.com
access-control-allow-credentials: true
set-cookie: uid_id2=16f42744-ea4c-46eb-ae4d-df0656030786:1:1; expires=Tue, 16 Nov 2032 04:45:17 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e49845c488d250b950ee3cdea4062144
79c82d3d9089063a38594bf14a35ebfae5285d38
16a725bbeb2eceaafdaa44cc1ba6222eaecd63d4e0508cd4c830e1aed904baac
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 04:45:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 17 Nov 2022 00:04:32 GMT
Expires: Thu, 24 Nov 2022 00:04:31 GMT
Etag: "79c82d3d9089063a38594bf14a35ebfae5285d38"
Cache-Control: max-age=414553,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76c64ba8ac8eb4ff-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 905df2288ce4da17b97590ffed7ce16d
2a632641f66366a9eda190c85fd065bf9bd1f812
a0d7c6e0e519fe4d42ff020e17f609c1dc3f93f38cc51058de2a2fd12729b6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0D7C6E0E519FE4D42FF020E17F609C1DC3F93F38CC51058DE2A2FD12729B6FA"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2475
Expires: Sat, 19 Nov 2022 05:26:32 GMT
Date: Sat, 19 Nov 2022 04:45:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 905df2288ce4da17b97590ffed7ce16d
2a632641f66366a9eda190c85fd065bf9bd1f812
a0d7c6e0e519fe4d42ff020e17f609c1dc3f93f38cc51058de2a2fd12729b6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0D7C6E0E519FE4D42FF020E17F609C1DC3F93F38CC51058DE2A2FD12729B6FA"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2475
Expires: Sat, 19 Nov 2022 05:26:32 GMT
Date: Sat, 19 Nov 2022 04:45:17 GMT
Connection: keep-alive
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833115184
172.67.70.145301 Moved Permanently 767 B URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833115184
IP 172.67.70.145:0
Hash 8db72d40f2e8e4be5e837981f0f8976f
9c7b92455944825353f40f4465873c910a850f21
7ba78a8c87f2ad7f42b2eba593f3a5fa865b4bded4ea3e4146baa4ccaa3c2443
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833115184 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 19 Nov 2022 04:45:17 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Sat, 19 Nov 2022 05:45:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnX4fTH8nPuhizXOyd8vo4RZY%2FVX%2B3mamEDCED0%2B6nvUZMnwvKZvKtvTd2MoIui1Eyx3nD22yI1r1kDQ6lNfk6xTVTswzoQakxt0NRtV3Y6%2FM0VH7TGfJkldbd%2BVcsRmvS7hZF5q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64ba68e330b59-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7171
Expires: Sat, 19 Nov 2022 06:44:48 GMT
Date: Sat, 19 Nov 2022 04:45:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7171
Expires: Sat, 19 Nov 2022 06:44:48 GMT
Date: Sat, 19 Nov 2022 04:45:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8e6500-1e65-47d6-8a04-7ea6b08f0532.png
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8e6500-1e65-47d6-8a04-7ea6b08f0532.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8628b828c4eb5e7f0b2040f2cbdd28b4
24eb5561b870e3259771b21aeb762de9f93add2a
9fe5b3cb0a09230d2c447e42ea408765513856c21c93c74f53688b7f81813de1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe8e6500-1e65-47d6-8a04-7ea6b08f0532.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7461
x-amzn-requestid: ae7de919-a9b7-458f-adba-1f1a3e351d15
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: byQ5xFjGoAMFoyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63772ea4-604387bb655a23910115a550;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 07:05:08 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6q5TLsKBBbSGK13y0DJU8A6S6P8OURYCLlTWiCAU1Wgj93gTMLjX0w==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 07:06:32 GMT
age: 77925
etag: "24eb5561b870e3259771b21aeb762de9f93add2a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7171
Expires: Sat, 19 Nov 2022 06:44:48 GMT
Date: Sat, 19 Nov 2022 04:45:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7171
Expires: Sat, 19 Nov 2022 06:44:48 GMT
Date: Sat, 19 Nov 2022 04:45:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9472302a-1f5a-4747-8dae-6de1346c8e14.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9472302a-1f5a-4747-8dae-6de1346c8e14.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1b428c8fece61cb8500ff6f6152efcc0
2667b5a57a13817a95e2e82b0f96dc3456afca00
53403b823626d7cd0b88f33e924b55274c7283397075d074303faaf4eaafdc49
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9472302a-1f5a-4747-8dae-6de1346c8e14.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9235
x-amzn-requestid: 01e6ce53-df49-40c9-8002-4f063d085898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: beZlTE9oIAMFkPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636f3c88-6470fa1b7a9ad45e63fc485c;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 06:26:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1HrMFgOYkXaPg5VO1MRTQSNNf0JN9GL5PfLk-STEWg-1h01SmSs4wg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 12:39:59 GMT
age: 57918
etag: "2667b5a57a13817a95e2e82b0f96dc3456afca00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
6.adsco.re/
104.17.166.186200 OK 0 B IP 104.17.166.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:17 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://blogmado.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64ba9cb6db506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7171
Expires: Sat, 19 Nov 2022 06:44:48 GMT
Date: Sat, 19 Nov 2022 04:45:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06c6e720bc9900b38e88cd72f739603e
22884cbc78622d6f78c1c3397c9b440946144a99
8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G_b9L1-WBsD1eh58iF6Cwh8ij3yZVOei6oIUjwdoKQzHLayBLJdv0A==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 16:26:42 GMT
age: 44315
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99adbe1a-32fb-4a64-9117-f96ee1afb7bb.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99adbe1a-32fb-4a64-9117-f96ee1afb7bb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0c554f29d106d9edb3d8f371da0001e8
9818266c238affe1641d95079b7e789ac50f33ca
ff96bc987cf34aea763294cf58629424acca08d260d04961298b8d36abf0c3c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99adbe1a-32fb-4a64-9117-f96ee1afb7bb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4626
x-amzn-requestid: 896eb034-f9a8-4eb1-b6b8-2c9b8d55a735
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QQwH53IAMFWGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6b-137296670ccf91b000097780;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: cLrC88yGRLTEyc2Lqei4wk7N_nhz7_85rNF8X_CceRCMrDbYMQ-1jg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 25732
etag: "9818266c238affe1641d95079b7e789ac50f33ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833114468
172.67.70.145301 Moved Permanently 32 kB URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833114468
IP 172.67.70.145:0
Hash acc048057561e112cd2b72354aa0c761
9bbb4e6b5826058ae46343f7ac9c77a937ddb309
98b36d2d53e0438c00b233b4f0214d7ff6f97e030f398e9f64103b4b1b436971
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833114468 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 19 Nov 2022 04:45:16 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Sat, 19 Nov 2022 05:45:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BwRTPTVyvcylw2topZaDjMJbrx9BxJJuMiAjaFaMJyoJWam1A9Y9AlxHbde8ZuzVAigb%2F7arREtdKypJtjGPBjiQIyz9sBkcdZgNfCIPPXGKaNjcBX8F4qIT9BJ3hatmY2ZyMRcO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64ba2acd10b59-OSL
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6865a9f2-7103-433d-8ba8-2a1cca0f76d1.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6865a9f2-7103-433d-8ba8-2a1cca0f76d1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b834de670098398062ac06865cfa82a4
6b50f4fdc7d7dcbb11d8739b71e8e1eecec047b4
9eefe7101330de28d8d0fdb3f17a5453f3368324fbacb9f3a36826f76b7c9bde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6865a9f2-7103-433d-8ba8-2a1cca0f76d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5226
x-amzn-requestid: c0655cd4-83f6-4c7c-97b6-2847f38df126
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRwFPwoAMFV5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa71-5f7eca026395cbe72daed116;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:41 GMT
x-amz-cf-pop: SEA19-C3, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gSAFmiB37Xf-Ytu7_BEwytLEY9rflh0ruTy-mU3vHQlS9Amx90qUcg==
via: 1.1 2c6b5dd77f1abe60653ce0454f344b64.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 25732
etag: "6b50f4fdc7d7dcbb11d8739b71e8e1eecec047b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 04:45:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://blogmado.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
grewquartersupporting.com/pixel/purst?dl=0&th=0&sc=0&rs=1943&rd=1943&fd=911&bv=22.10.v.9&tmpl=70
173.233.137.36200 OK 0 B URL HTTP/1.1 grewquartersupporting.com/pixel/purst?dl=0&th=0&sc=0&rs=1943&rd=1943&fd=911&bv=22.10.v.9&tmpl=70
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1943&rd=1943&fd=911&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: grewquartersupporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Nov 2022 04:45:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
grewquartersupporting.com/01/ff/d3/01ffd36dfbce3d569baf8d846cd7bc65.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 grewquartersupporting.com/01/ff/d3/01ffd36dfbce3d569baf8d846cd7bc65.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37114), with no line terminators
Hash fec8cc0b4abfb55f500a6a0d995666ca
0affa4ab4e384438e9f28ab96f8c4f9f2d0d4e76
f79468e4bc850e6644481d9ff34c437aef62094f1fa0dce4f0ff8eab362ddf91
Analyzer Verdict Alert quad9 Sinkholed
GET /01/ff/d3/01ffd36dfbce3d569baf8d846cd7bc65.js HTTP/1.1
Host: grewquartersupporting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Nov 2022 04:45:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 980ebd78024ee0298de27fff4584a915
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
18.195.188.15200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.195.188.15:0
File type ASCII text, with no line terminators
Hash bbb24953f8bd26532118d2c0f8c47a1c
54557fbd53c9ac61cc20de138502364bb92b4251
c07b18b11d3d2f9f8797f1a61859c3d635e71633f1dc19b1fcbcafc6d1b98443
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: uid_id2=16f42744-ea4c-46eb-ae4d-df0656030786:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:17 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://blogmado.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 42c3cabf1bc529a5163b2d18017c0946
6c9cae9b7d6a9054e897b818d7f3906b9769e12e
13e4fe314a9597b136d65f82114dc19bc3bedb4d856cc729d456d83f2b512f87
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13E4FE314A9597B136D65F82114DC19BC3BEDB4D856CC729D456D83F2B512F87"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20152
Expires: Sat, 19 Nov 2022 10:21:09 GMT
Date: Sat, 19 Nov 2022 04:45:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash caec4a1a26fd07aa93b58ad4b9acbfbc
48d64fc3ff12e2ee9830b7bde835ffeca3bc81c4
6d9c743445b0fd01f831a54a62dca46f4f64de8260d5d84973c273e3f5d20253
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D9C743445B0FD01F831A54A62DCA46F4F64DE8260D5D84973C273E3F5D20253"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13034
Expires: Sat, 19 Nov 2022 08:22:32 GMT
Date: Sat, 19 Nov 2022 04:45:18 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash feeedf735976d13a4cb0648a74ba1337
e08afef917f85ae74a98eb4a4c0c164b0dc6a5e5
3fc6baf04bc6b7b7ac11e80c1c8f3d3a8bc9d0c08628dd9816343d5e5aa23a6e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3FC6BAF04BC6B7B7AC11E80C1C8F3D3A8BC9D0C08628DD9816343D5E5AA23A6E"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11151
Expires: Sat, 19 Nov 2022 07:51:09 GMT
Date: Sat, 19 Nov 2022 04:45:18 GMT
Connection: keep-alive
e1668wg9tigz.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 e1668wg9tigz.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: e1668wg9tigz.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 04:45:18 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
adserve.mahimeta.com/networks/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&size=Responsive&placement=inline&adId=mMTag_Responsive_31402556&screenWidth=1280&screenHeight=939&keywordViolation=false&blockedKeywords=&autoBlock=false&timezone=0&currTime=04:45&desktop=728x90&tablet=336x280&mobile=300x250&time_exceeded=false&page_categories=&thin_content_count=100
104.21.13.2200 OK 1.2 kB URL HTTP/2 adserve.mahimeta.com/networks/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&size=Responsive&placement=inline&adId=mMTag_Responsive_31402556&screenWidth=1280&screenHeight=939&keywordViolation=false&blockedKeywords=&autoBlock=false&timezone=0&currTime=04:45&desktop=728x90&tablet=336x280&mobile=300x250&time_exceeded=false&page_categories=&thin_content_count=100
IP 104.21.13.2:0
File type HTML document, ASCII text, with CRLF, LF line terminators
Hash 259b760607f8350bc8811aa4feeebcff
db49372d31a0f67e93a666fd4d5ec5fbaccfec9a
55b56c75e5d41a90c6d051e5dfe441d168699212ff82e0ec6f662c5560578853
POST /networks/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&size=Responsive&placement=inline&adId=mMTag_Responsive_31402556&screenWidth=1280&screenHeight=939&keywordViolation=false&blockedKeywords=&autoBlock=false&timezone=0&currTime=04:45&desktop=728x90&tablet=336x280&mobile=300x250&time_exceeded=false&page_categories=&thin_content_count=100 HTTP/1.1
Host: adserve.mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4991
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:17 GMT
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token
cache-control: no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x8Mg8eA78aoAbekqbsrHRDfEgJokI%2FrgQaWtE7kHah95v%2Bv2O76OFsTCAZ83%2BSIKLaEVNZPJ3VcJSpmkxEWSlhuP83lKFeZJvVDyg2hGJLIzw%2BBrVtm%2BNfVd%2FEv%2BerhvIFapxU57sA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64ba7fe8eb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash feeedf735976d13a4cb0648a74ba1337
e08afef917f85ae74a98eb4a4c0c164b0dc6a5e5
3fc6baf04bc6b7b7ac11e80c1c8f3d3a8bc9d0c08628dd9816343d5e5aa23a6e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3FC6BAF04BC6B7B7AC11E80C1C8F3D3A8BC9D0C08628DD9816343D5E5AA23A6E"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11151
Expires: Sat, 19 Nov 2022 07:51:09 GMT
Date: Sat, 19 Nov 2022 04:45:18 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 19 Nov 2022 04:41:09 GMT
expires: Sat, 19 Nov 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 249
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 53d56fb68da96a50df543c9c9fb58f52
d802493bcf8c683b1ac73b035c51cd02b907a251
68b4e1c61fb6285a348937a2f6f81000f7979d90dd2882d5933fc4e64af68158
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
friendshipmale.com/sfp.js
172.64.141.24200 OK 190 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.141.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size 190 kB (190095 bytes)
Hash 80e46dec7a92fddfb02f0554d1275c72
58217319b70106a1e589b03b8701ddd1e62591e5
7390dc362fecfae92a4714fadcf4ec1e57666def0ec3e94c2d6a62f338a4bc5b
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:18 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 2f7cefbf85c709503245c2b6a5590cc9
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 19 Nov 2022 04:45:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2wHZHCieaomm6OjhthaSihRZnGHBmIa36HK0MsBLwYzJEcxfnQVWOKzfexnM2esRdAfaGfq1ojp2%2FqozN2aQVnRUNr0OOe%2BmmNca2MAwQal2YT8k0GnGN3jDQvwNYonNAWivr7Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64babbf19770d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adsco.re/p
162.252.214.5200 OK 169 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash 9982a659a1378091f3a6137718e1f49f
b524d9ccf76f466611a69a0290b1dbc1d0eb5a18
41d127231750605bce36b3688484ca9ad65d31f91897ed4cd29311b6c98c30ea
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1943
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 04:45:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://blogmado.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
securepubads.g.doubleclick.net/tag/js/gpt.js
216.58.207.194200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 216.58.207.194:0
File type ASCII text, with very long lines (40310)
Hash c33528918caf443c4e63cdd06a65a919
b43feffb0e131fed2f9203277dbcb25ac0402c81
ed9b82268014ffe2c0b2ce882b1aa261afebc6c312876327d0e0a802b61bbfd8
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27247
date: Sat, 19 Nov 2022 04:45:18 GMT
expires: Sat, 19 Nov 2022 04:45:18 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1396 / 479 of 1000 / last-modified: 1668812924"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&a=220242359&t=pageview&_s=1&dl=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&ul=en-us&de=UTF-8&dt=When%20Is%20The%20Right%20Time%20to%20Buy%20A%20Health%20Insurance%20Policy%3F%20%E2%80%93%20Blog%20mado&sd=24-bit&sr=1280x1024&vp=1268x898&je=0&_u=YEBAAUABAAAAACAAI~&jid=1990574552&gjid=904900792&cid=1761522739.1668833116&tid=UA-233612758-1&_gid=1333547344.1668833116&_r=1>m=2oub90&z=1244434050
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=220242359&t=pageview&_s=1&dl=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&ul=en-us&de=UTF-8&dt=When%20Is%20The%20Right%20Time%20to%20Buy%20A%20Health%20Insurance%20Policy%3F%20%E2%80%93%20Blog%20mado&sd=24-bit&sr=1280x1024&vp=1268x898&je=0&_u=YEBAAUABAAAAACAAI~&jid=1990574552&gjid=904900792&cid=1761522739.1668833116&tid=UA-233612758-1&_gid=1333547344.1668833116&_r=1>m=2oub90&z=1244434050
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=220242359&t=pageview&_s=1&dl=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&ul=en-us&de=UTF-8&dt=When%20Is%20The%20Right%20Time%20to%20Buy%20A%20Health%20Insurance%20Policy%3F%20%E2%80%93%20Blog%20mado&sd=24-bit&sr=1280x1024&vp=1268x898&je=0&_u=YEBAAUABAAAAACAAI~&jid=1990574552&gjid=904900792&cid=1761522739.1668833116&tid=UA-233612758-1&_gid=1333547344.1668833116&_r=1>m=2oub90&z=1244434050 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://blogmado.com
date: Sat, 19 Nov 2022 04:45:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 53d56fb68da96a50df543c9c9fb58f52
d802493bcf8c683b1ac73b035c51cd02b907a251
68b4e1c61fb6285a348937a2f6f81000f7979d90dd2882d5933fc4e64af68158
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 257cfb4c7a9a248c9e294ea11edbd18e
2a9cd486ce92b779f8bd6783d56bb9a99e41ce3d
c720a1c0f2713568d2459bda9528d152ec740a7947de930edcccea789b9cc4e8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C720A1C0F2713568D2459BDA9528D152EC740A7947DE930EDCCCEA789B9CC4E8"
Last-Modified: Fri, 18 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6302
Expires: Sat, 19 Nov 2022 06:30:20 GMT
Date: Sat, 19 Nov 2022 04:45:18 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ed24b14eb4296399669d1b5bfbe51031
d0b93938b670004b809ebb95aad8d90d50230a51
f09d0510c7f135dacb89605369babbc26c9729e6292d6a0d032e53605642533b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 04:45:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 17 Nov 2022 05:30:47 GMT
Expires: Thu, 24 Nov 2022 05:30:46 GMT
Etag: "d0b93938b670004b809ebb95aad8d90d50230a51"
Cache-Control: max-age=434127,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76c64bafbf32b4ff-OSL
xadsmart.com/k.aspx?_=BAYAY3hfXgFjeF9egAGBAsAAIIr53zoWCdJv_tEGMK4QRHsQAoCJWJyVFCqzOEqEn0C_wQBHMEUCICzevwsqq1H3GPzLsgyQRKqNzzwbkon2Av9ThGfxjel1AiEA8bHzViK5ae0LKJ4MU2XoMCub4gEx_WifpCEyeCGwSO8&v=4&gCsuEpln=4792524&minBid=&MDZbQKtC=0,0&cAtGIOhY=&fusAqZnP=&s=1280,1024,1,1280,1024,0
104.153.197.251200 OK 44 B URL HTTP/2 xadsmart.com/k.aspx?_=BAYAY3hfXgFjeF9egAGBAsAAIIr53zoWCdJv_tEGMK4QRHsQAoCJWJyVFCqzOEqEn0C_wQBHMEUCICzevwsqq1H3GPzLsgyQRKqNzzwbkon2Av9ThGfxjel1AiEA8bHzViK5ae0LKJ4MU2XoMCub4gEx_WifpCEyeCGwSO8&v=4&gCsuEpln=4792524&minBid=&MDZbQKtC=0,0&cAtGIOhY=&fusAqZnP=&s=1280,1024,1,1280,1024,0
IP 104.153.197.251:0
File type ASCII text, with no line terminators
Hash d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /k.aspx?_=BAYAY3hfXgFjeF9egAGBAsAAIIr53zoWCdJv_tEGMK4QRHsQAoCJWJyVFCqzOEqEn0C_wQBHMEUCICzevwsqq1H3GPzLsgyQRKqNzzwbkon2Av9ThGfxjel1AiEA8bHzViK5ae0LKJ4MU2XoMCub4gEx_WifpCEyeCGwSO8&v=4&gCsuEpln=4792524&minBid=&MDZbQKtC=0,0&cAtGIOhY=&fusAqZnP=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: xadsmart.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Sat, 19 Nov 2022 04:45:18 GMT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 12 Nov 2022 12:31:58 GMT
expires: Sun, 12 Nov 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 576800
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 171e99401a03ac56348a71acd0cb591c
9da7aeb0926dceb3cf8010bf3765671893dcc56d
a1fa21acea72085edd05b58a0519959dcc40a9fb88f3535e6a6724ef4efaa067
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1FA21ACEA72085EDD05B58A0519959DCC40A9FB88F3535E6A6724EF4EFAA067"
Last-Modified: Fri, 18 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8239
Expires: Sat, 19 Nov 2022 07:02:37 GMT
Date: Sat, 19 Nov 2022 04:45:18 GMT
Connection: keep-alive
e1668wg9tigz.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 e1668wg9tigz.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: e1668wg9tigz.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 04:45:18 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f3b1d0042dde3a7cc0f3c9a298949354
5643577b85e8c0d80cf8a5c94262727138b8d001
3efe18400af9e79682d4505e35b7b2debe378453facc569dbb575b6ba849d874
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash a00fff9dd1711061b285e2136c973d13
66548ac11fc58024c6994539ab81804add41d2f2
4b87c5468c15817686a8497324c2a06d18fd5574141aa0476bf98aa3b8395a8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=blogmado.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=blogmado.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=blogmado.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 19 Nov 2022 04:45:19 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=blogmado.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=blogmado.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=blogmado.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 19 Nov 2022 04:45:19 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f3b1d0042dde3a7cc0f3c9a298949354
5643577b85e8c0d80cf8a5c94262727138b8d001
3efe18400af9e79682d4505e35b7b2debe378453facc569dbb575b6ba849d874
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
48c196d7cef73578f1a4d9c39543b32c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
142.250.74.65200 OK 2.7 kB URL HTTP/2 48c196d7cef73578f1a4d9c39543b32c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html?n=1 HTTP/1.1
Host: 48c196d7cef73578f1a4d9c39543b32c.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sat, 19 Nov 2022 04:45:19 GMT
expires: Sun, 19 Nov 2023 04:45:19 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
revoketypes.com/sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65&uuid=16f42744-ea4c-46eb-ae4d-df0656030786%3A1%3A1
192.243.59.13200 OK 4.2 kB URL HTTP/1.1 revoketypes.com/sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65&uuid=16f42744-ea4c-46eb-ae4d-df0656030786%3A1%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5777), with no line terminators
Hash 7df97c6e4a29656101e063d829079e06
81576b383977a6a47738d55e7ec71c1e7484931a
6dbe5a37562ecd657ff967c1bd4c7e7472f9f40d39db71f78b2148e39f8a2616
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=01ffd36dfbce3d569baf8d846cd7bc65&uuid=16f42744-ea4c-46eb-ae4d-df0656030786%3A1%3A1 HTTP/1.1
Host: revoketypes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 19 Nov 2022 04:45:19 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://blogmado.com
Access-Control-Allow-Origin: https://blogmado.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16650200; expires=Sun, 20 Nov 2022 04:45:19 GMT; secure; SameSite=None
uid_id2=16f42744-ea4c-46eb-ae4d-df0656030786:1:1; expires=Sat, 26 Nov 2022 04:45:19 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 20 Nov 2022 04:45:19 GMT; secure; SameSite=None
uncs=1; expires=Sun, 20 Nov 2022 04:45:19 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 20 Nov 2022 04:45:19 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 20 Nov 2022 04:45:19 GMT; secure; SameSite=None
slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]; expires=Sat, 19 Nov 2022 04:45:24 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 78e2dd07c4d562def7f0b278afad24dc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
142.250.74.66200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env
IP 142.250.74.66:0
File type JSON data\012- , ASCII text, with very long lines (14762), with no line terminators
Hash 078fdf92f940244a264ac78d02ca9414
5adc3ec932fb29c05d648b5de9b2b7c0fe44e950
b1da947765563a7a464891852f430fa2769be14d11b6c8792ee1eb0321a13c3a
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022111501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sat, 19 Nov 2022 04:45:19 GMT
server: cafe
content-length: 11140
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash da452d0de3f920e25397024207f8f7a6
a05a9e49418aa8a7bddc5855f078bcb2613a21bd
8dda38b3871cb82a5718520541c65929a8f9ebea1a07f76eb75fc175ee722dd1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4047
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Last-Modified: Sat, 19 Nov 2022 03:37:52 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 9237dcc9783d1cc6b44ea739945ed5ab
517ba765ee50e9bf6b26e28cf576f6377e123d1e
286cc7f1a83b4121dc6d8980315a872e0bd94383612b99ef62148948bb7c6c2c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
revoketypes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3l9%2BFz3oihcPyhw8KGwm3TM9X%2B5hMa6RYDYJuysRL0t99aRMdVdT1T09ySm4IHtQGPGgx84zyQbXVVzwJqJMRFwCwo4HzcH4LwjKHkVmMhB8oep933rew%2FM8b72%2Fl58SHzk9Wb9mdpTWdKFR9SsvbahEmMJVVm9WAr%2FqX65sqKQZXq70J5ftvRL4jar%2FcuUNybfMQs0PfD%2Fwg8qSsjIy%2FYUpCpXe7wTVjl8Na9WgEaJv%2F9u73IOjHkTvlDwDJcb%2F33z4AIqPkMRfXZVuKzPppdfjXNPMWPTE4VvJVmKKBPF5GVkPUXI4m4ZxY0I%2BvQCTHM4UwPT2JwrA1Jh4vwZgyeGMJljv4Iwp05AJmHgSRW8EqUdQdARubkOJRwTgAqtrSOK7q8YWdPsMpRN0TOYe%2FwVVjMnc788iib9c1KpfuWF0nimTOPSjEqo%2FguqOkOZHyHY8qOIIPHsPSvxMFh6vIIn315w2UOLkxaAZhbVWGM5LGvL5sCnZPJWhmBeR32w0%2FbrfajenFik1gopG0HIA6jzkk6M85JGHPPUQi5MKbXQi329FLKrX2yHnvF7nvNFuioaoh%2B3IR84nGgbI0gG4HoDbXaR2F1tqAJt%2FD7dZwgkPLiPoiRKFJCgcQUEJCkVQZARFrzwQ2tVceVdol7NglmuzXC%2BHJuvu0QOTdWVC9tJTcnFq3D9P%2FYYteVLxgygS9aaIGJd10Wh2GI3aoh02uWgx3mzAqRLKXZjK3Jls8YtLSNWYkG%2F%2BBqNHcPoIXF0EzZ8HLYatmg%2B6OQzbPnaSe1ksqU2q3MQQpkSazSHb9vb0KXluyqLDW5D8%2BMqPP33deftpBm5LpLbEu%2BoHgq6%2BM7xuCrJ%2F3RSOPFhLMxWrHTpZ7Y2MZnLu3ptyuzBWLF91g89e5RNgUt6%2FKV22QhOhkq4jny8qIaRdMpZL8u2y25BsPXebi7lN8nRl%2FbWl5Ti10jllkhGoetT6GFyNyRPXdqef9oUPHkLZEWxeIs6PySygzBF4uguXHl%2F55MO1Py6Ld%2BAMgdXnMyz1UOTl0NbY%2BaNWBFqe95SVcPLcAiaPv%2FvzDNtzd9C1Hmh2G0lcomdL9HQJqgdw%2Bf%2BGWWqPr%2FxSnwaY9oZMW2%2Bfaas%2FOrPWqZOKbER%2BJP2aZFGHRS3qi04UdhjtBLLFGjRA5sa8f%2BvWvwAAAP%2F%2FAQAA%2F%2F9zjEEZjAQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 revoketypes.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3l9%2BFz3oihcPyhw8KGwm3TM9X%2B5hMa6RYDYJuysRL0t99aRMdVdT1T09ySm4IHtQGPGgx84zyQbXVVzwJqJMRFwCwo4HzcH4LwjKHkVmMhB8oep933rew%2FM8b72%2Fl58SHzk9Wb9mdpTWdKFR9SsvbahEmMJVVm9WAr%2FqX65sqKQZXq70J5ftvRL4jar%2FcuUNybfMQs0PfD%2Fwg8qSsjIy%2FYUpCpXe7wTVjl8Na9WgEaJv%2F9u73IOjHkTvlDwDJcb%2F33z4AIqPkMRfXZVuKzPppdfjXNPMWPTE4VvJVmKKBPF5GVkPUXI4m4ZxY0I%2BvQCTHM4UwPT2JwrA1Jh4vwZgyeGMJljv4Iwp05AJmHgSRW8EqUdQdARubkOJRwTgAqtrSOK7q8YWdPsMpRN0TOYe%2FwVVjMnc788iib9c1KpfuWF0nimTOPSjEqo%2FguqOkOZHyHY8qOIIPHsPSvxMFh6vIIn315w2UOLkxaAZhbVWGM5LGvL5sCnZPJWhmBeR32w0%2FbrfajenFik1gopG0HIA6jzkk6M85JGHPPUQi5MKbXQi329FLKrX2yHnvF7nvNFuioaoh%2B3IR84nGgbI0gG4HoDbXaR2F1tqAJt%2FD7dZwgkPLiPoiRKFJCgcQUEJCkVQZARFrzwQ2tVceVdol7NglmuzXC%2BHJuvu0QOTdWVC9tJTcnFq3D9P%2FYYteVLxgygS9aaIGJd10Wh2GI3aoh02uWgx3mzAqRLKXZjK3Jls8YtLSNWYkG%2F%2BBqNHcPoIXF0EzZ8HLYatmg%2B6OQzbPnaSe1ksqU2q3MQQpkSazSHb9vb0KXluyqLDW5D8%2BMqPP33deftpBm5LpLbEu%2BoHgq6%2BM7xuCrJ%2F3RSOPFhLMxWrHTpZ7Y2MZnLu3ptyuzBWLF91g89e5RNgUt6%2FKV22QhOhkq4jny8qIaRdMpZL8u2y25BsPXebi7lN8nRl%2FbWl5Ti10jllkhGoetT6GFyNyRPXdqef9oUPHkLZEWxeIs6PySygzBF4uguXHl%2F55MO1Py6Ld%2BAMgdXnMyz1UOTl0NbY%2BaNWBFqe95SVcPLcAiaPv%2FvzDNtzd9C1Hmh2G0lcomdL9HQJqgdw%2Bf%2BGWWqPr%2FxSnwaY9oZMW2%2Bfaas%2FOrPWqZOKbER%2BJP2aZFGHRS3qi04UdhjtBLLFGjRA5sa8f%2BvWvwAAAP%2F%2FAQAA%2F%2F9zjEEZjAQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWskxRuu3l9%2BFz3oihcPyhw8KGwm3TM9X%2B5hMa6RYDYJuysRL0t99aRMdVdT1T09ySm4IHtQGPGgx84zyQbXVVzwJqJMRFwCwo4HzcH4LwjKHkVmMhB8oep933rew%2FM8b72%2Fl58SHzk9Wb9mdpTWdKFR9SsvbahEmMJVVm9WAr%2FqX65sqKQZXq70J5ftvRL4jar%2FcuUNybfMQs0PfD%2Fwg8qSsjIy%2FYUpCpXe7wTVjl8Na9WgEaJv%2F9u73IOjHkTvlDwDJcb%2F33z4AIqPkMRfXZVuKzPppdfjXNPMWPTE4VvJVmKKBPF5GVkPUXI4m4ZxY0I%2BvQCTHM4UwPT2JwrA1Jh4vwZgyeGMJljv4Iwp05AJmHgSRW8EqUdQdARubkOJRwTgAqtrSOK7q8YWdPsMpRN0TOYe%2FwVVjMnc788iib9c1KpfuWF0nimTOPSjEqo%2FguqOkOZHyHY8qOIIPHsPSvxMFh6vIIn315w2UOLkxaAZhbVWGM5LGvL5sCnZPJWhmBeR32w0%2FbrfajenFik1gopG0HIA6jzkk6M85JGHPPUQi5MKbXQi329FLKrX2yHnvF7nvNFuioaoh%2B3IR84nGgbI0gG4HoDbXaR2F1tqAJt%2FD7dZwgkPLiPoiRKFJCgcQUEJCkVQZARFrzwQ2tVceVdol7NglmuzXC%2BHJuvu0QOTdWVC9tJTcnFq3D9P%2FYYteVLxgygS9aaIGJd10Wh2GI3aoh02uWgx3mzAqRLKXZjK3Jls8YtLSNWYkG%2F%2BBqNHcPoIXF0EzZ8HLYatmg%2B6OQzbPnaSe1ksqU2q3MQQpkSazSHb9vb0KXluyqLDW5D8%2BMqPP33deftpBm5LpLbEu%2BoHgq6%2BM7xuCrJ%2F3RSOPFhLMxWrHTpZ7Y2MZnLu3ptyuzBWLF91g89e5RNgUt6%2FKV22QhOhkq4jny8qIaRdMpZL8u2y25BsPXebi7lN8nRl%2FbWl5Ti10jllkhGoetT6GFyNyRPXdqef9oUPHkLZEWxeIs6PySygzBF4uguXHl%2F55MO1Py6Ld%2BAMgdXnMyz1UOTl0NbY%2BaNWBFqe95SVcPLcAiaPv%2FvzDNtzd9C1Hmh2G0lcomdL9HQJqgdw%2Bf%2BGWWqPr%2FxSnwaY9oZMW2%2Bfaas%2FOrPWqZOKbER%2BJP2aZFGHRS3qi04UdhjtBLLFGjRA5sa8f%2BvWvwAAAP%2F%2FAQAA%2F%2F9zjEEZjAQAAA%3D%3D HTTP/1.1
Host: revoketypes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; uid_id2=16f42744-ea4c-46eb-ae4d-df0656030786:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 19 Nov 2022 04:45:19 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9f9f69760d1aec6ce1f9b344ac63b4b7
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09203fd1f4b4e1d4684b4cbf6244621c
ad49a3d18e122882cb580fd3740cb6e844be5734
c62c5b5050b96306336585361c95d889f8072fd40c0bca08560c5fd75c0bac09
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C62C5B5050B96306336585361C95D889F8072FD40C0BCA08560C5FD75C0BAC09"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3717
Expires: Sat, 19 Nov 2022 05:47:16 GMT
Date: Sat, 19 Nov 2022 04:45:19 GMT
Connection: keep-alive
revoketypes.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=55
192.243.59.13200 OK 0 B URL HTTP/1.1 revoketypes.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=55
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Findex.html&l=1525&fd=55 HTTP/1.1
Host: revoketypes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; uid_id2=16f42744-ea4c-46eb-ae4d-df0656030786:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 19 Nov 2022 04:45:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
googleads.g.doubleclick.net/xbbe/pixel?d=CNzg5AEQx97poAMYqK361QEwAQ&v=APEucNU2QMhZV4Ht9vPb-ljCt3SNinyvnpNFreTtJP-HxGCEe5iMZgmRqA453TJ0n2501c74spBEKFV38MHQEzsNbPihueiLlj3mu66pkp0eRE-01awTEHK9ERu2hs-vXVRExBrHJQs4y-k-p_mOz6cefwnqjJxEDkNbXlqUKk01LFpG6ZdBYLI
142.250.74.130200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CNzg5AEQx97poAMYqK361QEwAQ&v=APEucNU2QMhZV4Ht9vPb-ljCt3SNinyvnpNFreTtJP-HxGCEe5iMZgmRqA453TJ0n2501c74spBEKFV38MHQEzsNbPihueiLlj3mu66pkp0eRE-01awTEHK9ERu2hs-vXVRExBrHJQs4y-k-p_mOz6cefwnqjJxEDkNbXlqUKk01LFpG6ZdBYLI
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CNzg5AEQx97poAMYqK361QEwAQ&v=APEucNU2QMhZV4Ht9vPb-ljCt3SNinyvnpNFreTtJP-HxGCEe5iMZgmRqA453TJ0n2501c74spBEKFV38MHQEzsNbPihueiLlj3mu66pkp0eRE-01awTEHK9ERu2hs-vXVRExBrHJQs4y-k-p_mOz6cefwnqjJxEDkNbXlqUKk01LFpG6ZdBYLI HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://48c196d7cef73578f1a4d9c39543b32c.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 19 Nov 2022 04:45:19 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 19-Nov-2022 05:00:19 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 19 Nov 2022 04:45:19 GMT
cache-control: private
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 287c3450393d5823c9208d65039b1293
64ec79be169d84c949943a88fa76e4cff17ea03d
7e4bec45e6eba3f5db587aa31c8e172622f991553c7427c861f373da6a18def9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 287c3450393d5823c9208d65039b1293
64ec79be169d84c949943a88fa76e4cff17ea03d
7e4bec45e6eba3f5db587aa31c8e172622f991553c7427c861f373da6a18def9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 287c3450393d5823c9208d65039b1293
64ec79be169d84c949943a88fa76e4cff17ea03d
7e4bec45e6eba3f5db587aa31c8e172622f991553c7427c861f373da6a18def9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ChobEaZf-zWJJFX4ZBpGj-fl7Zd51DOOoo29A1n_9uxPaIQ6X5gjPhBPf810eZ79EH_6qz95nkXM5C4zFCJ-_Ce-CMqA&cry=1&dbm_d=AKAmf-DpsCvlqPJrBQWXa7IU-gRbTYnjL3CJQ4bFIYoTRNW7eyGBP9KzH5SDKIN6sSBVF8d7OlMHExl9i5BElaVD3L420knb56BluK5Qf-MXTq6iLl8V2KxxDzQox8sSVou_wfLf6tkk-_4rEK_UyKB1hhlEx_u4XlfXD99cQdZvkREFbL8pvoiLtJN-YtsiZuDvhycKXjnDK0pH0Jum5n-c-zGt127JX31wHEjX-QKCV_f51rR-0H7PfmIo2fAg98H0MBlDIA7nrpzLIhB4GHJ7YvlrET6LGw11j_krUE3mWJtsBcHWvtPKmED_fuOQ1jFVq4ZB0hTqdvser90led4NQllrWVqJ57fPo5FtD3saPlDot6RSpI0W8-SpXwNjI1HIVqPZ2I85Jvu8byqsd86w2b4EjWZ67x0gvk3u41SmT2S9RWtMC69x5YHKOiRpWR_xsTSm0Q8vvJ3sEgAnR7Rtp_FTDO6NbmeiTsS1J83O_QgAd7TJesTeu9Tc5TK6EUNo5xNlWKT1GEk7O0NljCdtcH2eYI6xvY8IMtoraSpNzOGxqeBY6SgfMS8sdZcRTQrjL4dmtmkPPeKRLfgB4JGwWs11M8_QQAVOBLhkNwZi-IEluLaUYz6L8rEfyo90YTnKokRdxh7NVJavamrVirqcjud5p0A7RuQ3Rq5x7tIsKVO9y648tgEm3_V9BBAHAG6GE-8cdEbEJ-S8NR3VaLbvfw_EWb0HCOB4ILTm-dYRGWpqDu6cOE1jBWEcsL8PHLNbQONzw0FsmpiXfNKdwcH4yhpAx-1XkrM6qa9hshAzEyAso8tnuc6wHEFYBqVW9DRD1tbSRz324LWAgVCmrKxex6ute776_yNEsIyoirkA81UixyD3E68EwzzDLaAoYthHO6b5xD2LrtqD0TqVO4-S7VK5Fmv38upqJISmAXA2-a_HY3ASNHxAmZdOR0ITKdwZ5P8Gt2vtcbqhP1R1UPzGN1r2sNtnEpmgY_WpoCi0tYww7N80x_aHGy6lkepvrx1cPL6KO18OdwvUp2XKtEsMXJYonBKhlO6SYKNg9f5Ygj5xD5ucf6KE2x1BbrrasWit109T5b9kzL2S1IYFVYGEKUrgqxnUMdF-4JmbHhZiufAjBS3zbP4jXzepYNjkrKOFPcxDT6fw9q02f7LVILztFAq5XMuCoZkP7GPW9sPVGUT8KcpwNKwfVYsf84nPgFhSZ7gSM1Ne0AHlAIYLN0Tq2EdpM8QJdEgmbLPOP2fARRa13EzMMxYdma5bNpIa1eQyD9tC9cKQKlYB5kJwc__TuBlmM-I6bKWgCDCpREG4_b0HAqhxG0uQnK2qNqS3rkrcP8OjLoFrDfZhS-zxc7OkjNJHhaBe0gdM2MQDZ2bCYbfbK6cLeGx7FqMSudhxSg3szuJs9DvKuoiO9l2Os0ke3tSiU6BvG3k-DwWND9Un2lhDlpCgVG7A28ussVjYr0Cy9spWL6QCzdw1bsXVSALQ3hJ4xaevKqtQ7Mqr1chFPJKDjMrbOhAWIaoV1_n-tthOLB2eRd-Jyh52c_dCzLNhpUUNs3ihuJi1Yq5wS82NDO9hWfYXXaT01JF5HRAZUjRuWB1LDHhScaQ39IRfJs6OhD9eMsnEnlG-L9jyEIGGVD4S3nZhtXFGSTekCb0mb0yJBh4iMWjjCyPyu8cv0ieHHC-qroEl10YwpXnv_wlaqE9bgsdvklxM_Vgn0tpdm325PztH418vK_ngCDs4ZgYK03xrx77b2oJRc4DcXFv4uTCm_1E6M30s9nc7GMoO-i0_Cs3IcsG6RolKJ6a9hOCDu1unRoEuXdT8CxJn-c_3iKZsg44H2dAzoOE1M5HnuncT5htBIsp0mNQrCSFya95Do3GoJ_GFrre_UteTTYwkPwWEy_16RbWN2H_HYIb3OQAHLD6TQJ9nw921ca_Iak8L0r5hKIQKzGVczTvHMZ26DmNOtd5FIZU9gvVgycOjG-3mqU2YcrFTLp_BFbf8m0pUy8MrKriN3h7xFBZVIWGM3CpXDm7pIu1tY8iHdE29JpaNhowSxTkBC9eT_GcgNi-jWHvBIf5oeMW0umlyjysrxbv9GMmh0YgmvaXzjYhnJLRHKxGbBykCkHg1X_ALBaSDgCQH42HWwB8zr-zfCoQjEMvoBqg6_NTzrNVN-dFqdqJgoDyf3mCuImA9n_2Yrc5HtcCfAfmEggwIojvJxKsTNyBInINK7F0FiBSBhheBt9OYNl7LhploIXkNRuGzbZxNoMClyyl8YfCvYx2nlUhvhduc-vMbaAA3MiZDrZf6cmFiBF_qJrHXR5U0GBjDOpjef9JaUvDtzGZOUBBVUWQS-QxCzDDYpydFlN1YoAWRHaZkLsE04zmMRHZ_kk2aqq96J-j-oUXVOwansl4XOPSRqGrfhH5erBjD0lnCpAjfQet09_d1G_j5SLrO78SH2nuodEqHiCg0oOLabu7KWCaGuwJrxD1D35WsA1EYfHO7P9GX4A-Z9jgjhc4g0Y5lBr3YddaXRjdXGOagTXi91DQMp_rEHEpcdAQiYpIQCexLQctT1XDAtcmC5hcvGF3FLw-lhUAgYzYAHKko4x6sN-35Gz5zCTh3U8ZUFfPkJPrASm4WpdsXHq9wuxwShjqD9E3TjBT3xHaKPthcFsOvbmMBJoDwV2XrlgPygGVPAe9XiDS7vv2tvTp6Mbys2e0g4tDsZAL7x2ujR-j8yLeT9nIr6ewMOUhC04zu6mex4m52WBPFHsOEhydpmB9ZtGLuBN-buXHgwM3mXWhQ4Qr-8g5_8Nq3RY7920rxD8EkbtCZB176xhBqwS9uMwHE4cWvU62NkE3xm-nHMmhB1S7o9pI0NxqT8rB37PxozK2Bt9pBcJoGvTg5TkqE1WxLNgY88-qaSvxnQcrDN1MU9x5W1d8Ymhl1ftXZtOT4pciuJKFB2rpiGH0B0J8ex4IvbzJv94I2OWveIqq70kvO7-yaLHzxJcIsyLDS92tCQlzk2K0ZRqdYBay0AvqsiMwalm1APKI0LqP52hXakUIM0yxkdThmWHis9BhpLJyvwffARzSSZ5BrWvbJ9TJnVqBdBB0TfHaGuoBqp3Y6jJhm-zq7vMmq2bzUodRiJRQyE-xizurcuIOVK1fepDWEHa_NjqFPuJ5QD-sVFbNrroTxlngq4HctJLm9vr_hsdEk6cZ33Z3bP-4zc70JFQUz2uiEAf2v5Lj8DewiJyjSzXUEu3a0gCfBs8jqI7hIBakaYbNqoCkOd2nbSEV9lfgEgumx39TD68WnvaYBS59JSdzXjoY1DhNev97Su5Hksj3uGi-gRPRoCYR9hO85Ytwk18qxosvKUxYpFwsp7r4zrz3jcjQh6zvPI6NHlkt0vNY&cid=CAQSTADq26N9gbxJ15HcJbk4RPeMxayaDhT07OBFZb6CZLa-pxbckxQzeVCiwGZQwUAbid-p2EDwgTtLnQEOd6OZjWA3dY2k01ajiKYmMQEYASAT&rfl=1%2Chttps%253A%252F%252Fblogmado.com%252F%240
142.250.74.130200 OK 33 kB URL HTTP/2 googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ChobEaZf-zWJJFX4ZBpGj-fl7Zd51DOOoo29A1n_9uxPaIQ6X5gjPhBPf810eZ79EH_6qz95nkXM5C4zFCJ-_Ce-CMqA&cry=1&dbm_d=AKAmf-DpsCvlqPJrBQWXa7IU-gRbTYnjL3CJQ4bFIYoTRNW7eyGBP9KzH5SDKIN6sSBVF8d7OlMHExl9i5BElaVD3L420knb56BluK5Qf-MXTq6iLl8V2KxxDzQox8sSVou_wfLf6tkk-_4rEK_UyKB1hhlEx_u4XlfXD99cQdZvkREFbL8pvoiLtJN-YtsiZuDvhycKXjnDK0pH0Jum5n-c-zGt127JX31wHEjX-QKCV_f51rR-0H7PfmIo2fAg98H0MBlDIA7nrpzLIhB4GHJ7YvlrET6LGw11j_krUE3mWJtsBcHWvtPKmED_fuOQ1jFVq4ZB0hTqdvser90led4NQllrWVqJ57fPo5FtD3saPlDot6RSpI0W8-SpXwNjI1HIVqPZ2I85Jvu8byqsd86w2b4EjWZ67x0gvk3u41SmT2S9RWtMC69x5YHKOiRpWR_xsTSm0Q8vvJ3sEgAnR7Rtp_FTDO6NbmeiTsS1J83O_QgAd7TJesTeu9Tc5TK6EUNo5xNlWKT1GEk7O0NljCdtcH2eYI6xvY8IMtoraSpNzOGxqeBY6SgfMS8sdZcRTQrjL4dmtmkPPeKRLfgB4JGwWs11M8_QQAVOBLhkNwZi-IEluLaUYz6L8rEfyo90YTnKokRdxh7NVJavamrVirqcjud5p0A7RuQ3Rq5x7tIsKVO9y648tgEm3_V9BBAHAG6GE-8cdEbEJ-S8NR3VaLbvfw_EWb0HCOB4ILTm-dYRGWpqDu6cOE1jBWEcsL8PHLNbQONzw0FsmpiXfNKdwcH4yhpAx-1XkrM6qa9hshAzEyAso8tnuc6wHEFYBqVW9DRD1tbSRz324LWAgVCmrKxex6ute776_yNEsIyoirkA81UixyD3E68EwzzDLaAoYthHO6b5xD2LrtqD0TqVO4-S7VK5Fmv38upqJISmAXA2-a_HY3ASNHxAmZdOR0ITKdwZ5P8Gt2vtcbqhP1R1UPzGN1r2sNtnEpmgY_WpoCi0tYww7N80x_aHGy6lkepvrx1cPL6KO18OdwvUp2XKtEsMXJYonBKhlO6SYKNg9f5Ygj5xD5ucf6KE2x1BbrrasWit109T5b9kzL2S1IYFVYGEKUrgqxnUMdF-4JmbHhZiufAjBS3zbP4jXzepYNjkrKOFPcxDT6fw9q02f7LVILztFAq5XMuCoZkP7GPW9sPVGUT8KcpwNKwfVYsf84nPgFhSZ7gSM1Ne0AHlAIYLN0Tq2EdpM8QJdEgmbLPOP2fARRa13EzMMxYdma5bNpIa1eQyD9tC9cKQKlYB5kJwc__TuBlmM-I6bKWgCDCpREG4_b0HAqhxG0uQnK2qNqS3rkrcP8OjLoFrDfZhS-zxc7OkjNJHhaBe0gdM2MQDZ2bCYbfbK6cLeGx7FqMSudhxSg3szuJs9DvKuoiO9l2Os0ke3tSiU6BvG3k-DwWND9Un2lhDlpCgVG7A28ussVjYr0Cy9spWL6QCzdw1bsXVSALQ3hJ4xaevKqtQ7Mqr1chFPJKDjMrbOhAWIaoV1_n-tthOLB2eRd-Jyh52c_dCzLNhpUUNs3ihuJi1Yq5wS82NDO9hWfYXXaT01JF5HRAZUjRuWB1LDHhScaQ39IRfJs6OhD9eMsnEnlG-L9jyEIGGVD4S3nZhtXFGSTekCb0mb0yJBh4iMWjjCyPyu8cv0ieHHC-qroEl10YwpXnv_wlaqE9bgsdvklxM_Vgn0tpdm325PztH418vK_ngCDs4ZgYK03xrx77b2oJRc4DcXFv4uTCm_1E6M30s9nc7GMoO-i0_Cs3IcsG6RolKJ6a9hOCDu1unRoEuXdT8CxJn-c_3iKZsg44H2dAzoOE1M5HnuncT5htBIsp0mNQrCSFya95Do3GoJ_GFrre_UteTTYwkPwWEy_16RbWN2H_HYIb3OQAHLD6TQJ9nw921ca_Iak8L0r5hKIQKzGVczTvHMZ26DmNOtd5FIZU9gvVgycOjG-3mqU2YcrFTLp_BFbf8m0pUy8MrKriN3h7xFBZVIWGM3CpXDm7pIu1tY8iHdE29JpaNhowSxTkBC9eT_GcgNi-jWHvBIf5oeMW0umlyjysrxbv9GMmh0YgmvaXzjYhnJLRHKxGbBykCkHg1X_ALBaSDgCQH42HWwB8zr-zfCoQjEMvoBqg6_NTzrNVN-dFqdqJgoDyf3mCuImA9n_2Yrc5HtcCfAfmEggwIojvJxKsTNyBInINK7F0FiBSBhheBt9OYNl7LhploIXkNRuGzbZxNoMClyyl8YfCvYx2nlUhvhduc-vMbaAA3MiZDrZf6cmFiBF_qJrHXR5U0GBjDOpjef9JaUvDtzGZOUBBVUWQS-QxCzDDYpydFlN1YoAWRHaZkLsE04zmMRHZ_kk2aqq96J-j-oUXVOwansl4XOPSRqGrfhH5erBjD0lnCpAjfQet09_d1G_j5SLrO78SH2nuodEqHiCg0oOLabu7KWCaGuwJrxD1D35WsA1EYfHO7P9GX4A-Z9jgjhc4g0Y5lBr3YddaXRjdXGOagTXi91DQMp_rEHEpcdAQiYpIQCexLQctT1XDAtcmC5hcvGF3FLw-lhUAgYzYAHKko4x6sN-35Gz5zCTh3U8ZUFfPkJPrASm4WpdsXHq9wuxwShjqD9E3TjBT3xHaKPthcFsOvbmMBJoDwV2XrlgPygGVPAe9XiDS7vv2tvTp6Mbys2e0g4tDsZAL7x2ujR-j8yLeT9nIr6ewMOUhC04zu6mex4m52WBPFHsOEhydpmB9ZtGLuBN-buXHgwM3mXWhQ4Qr-8g5_8Nq3RY7920rxD8EkbtCZB176xhBqwS9uMwHE4cWvU62NkE3xm-nHMmhB1S7o9pI0NxqT8rB37PxozK2Bt9pBcJoGvTg5TkqE1WxLNgY88-qaSvxnQcrDN1MU9x5W1d8Ymhl1ftXZtOT4pciuJKFB2rpiGH0B0J8ex4IvbzJv94I2OWveIqq70kvO7-yaLHzxJcIsyLDS92tCQlzk2K0ZRqdYBay0AvqsiMwalm1APKI0LqP52hXakUIM0yxkdThmWHis9BhpLJyvwffARzSSZ5BrWvbJ9TJnVqBdBB0TfHaGuoBqp3Y6jJhm-zq7vMmq2bzUodRiJRQyE-xizurcuIOVK1fepDWEHa_NjqFPuJ5QD-sVFbNrroTxlngq4HctJLm9vr_hsdEk6cZ33Z3bP-4zc70JFQUz2uiEAf2v5Lj8DewiJyjSzXUEu3a0gCfBs8jqI7hIBakaYbNqoCkOd2nbSEV9lfgEgumx39TD68WnvaYBS59JSdzXjoY1DhNev97Su5Hksj3uGi-gRPRoCYR9hO85Ytwk18qxosvKUxYpFwsp7r4zrz3jcjQh6zvPI6NHlkt0vNY&cid=CAQSTADq26N9gbxJ15HcJbk4RPeMxayaDhT07OBFZb6CZLa-pxbckxQzeVCiwGZQwUAbid-p2EDwgTtLnQEOd6OZjWA3dY2k01ajiKYmMQEYASAT&rfl=1%2Chttps%253A%252F%252Fblogmado.com%252F%240
IP 142.250.74.130:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 90933b50d416f0bcc619a83eb60d84a5
b73da4a59daf42edc634449ae64f5166ddf86206
f0a5ede9006447c0794e09c457a0f5a3813471a4ed7337d538f4b9f876152701
GET /dbm/ad?dbm_c=AKAmf-ChobEaZf-zWJJFX4ZBpGj-fl7Zd51DOOoo29A1n_9uxPaIQ6X5gjPhBPf810eZ79EH_6qz95nkXM5C4zFCJ-_Ce-CMqA&cry=1&dbm_d=AKAmf-DpsCvlqPJrBQWXa7IU-gRbTYnjL3CJQ4bFIYoTRNW7eyGBP9KzH5SDKIN6sSBVF8d7OlMHExl9i5BElaVD3L420knb56BluK5Qf-MXTq6iLl8V2KxxDzQox8sSVou_wfLf6tkk-_4rEK_UyKB1hhlEx_u4XlfXD99cQdZvkREFbL8pvoiLtJN-YtsiZuDvhycKXjnDK0pH0Jum5n-c-zGt127JX31wHEjX-QKCV_f51rR-0H7PfmIo2fAg98H0MBlDIA7nrpzLIhB4GHJ7YvlrET6LGw11j_krUE3mWJtsBcHWvtPKmED_fuOQ1jFVq4ZB0hTqdvser90led4NQllrWVqJ57fPo5FtD3saPlDot6RSpI0W8-SpXwNjI1HIVqPZ2I85Jvu8byqsd86w2b4EjWZ67x0gvk3u41SmT2S9RWtMC69x5YHKOiRpWR_xsTSm0Q8vvJ3sEgAnR7Rtp_FTDO6NbmeiTsS1J83O_QgAd7TJesTeu9Tc5TK6EUNo5xNlWKT1GEk7O0NljCdtcH2eYI6xvY8IMtoraSpNzOGxqeBY6SgfMS8sdZcRTQrjL4dmtmkPPeKRLfgB4JGwWs11M8_QQAVOBLhkNwZi-IEluLaUYz6L8rEfyo90YTnKokRdxh7NVJavamrVirqcjud5p0A7RuQ3Rq5x7tIsKVO9y648tgEm3_V9BBAHAG6GE-8cdEbEJ-S8NR3VaLbvfw_EWb0HCOB4ILTm-dYRGWpqDu6cOE1jBWEcsL8PHLNbQONzw0FsmpiXfNKdwcH4yhpAx-1XkrM6qa9hshAzEyAso8tnuc6wHEFYBqVW9DRD1tbSRz324LWAgVCmrKxex6ute776_yNEsIyoirkA81UixyD3E68EwzzDLaAoYthHO6b5xD2LrtqD0TqVO4-S7VK5Fmv38upqJISmAXA2-a_HY3ASNHxAmZdOR0ITKdwZ5P8Gt2vtcbqhP1R1UPzGN1r2sNtnEpmgY_WpoCi0tYww7N80x_aHGy6lkepvrx1cPL6KO18OdwvUp2XKtEsMXJYonBKhlO6SYKNg9f5Ygj5xD5ucf6KE2x1BbrrasWit109T5b9kzL2S1IYFVYGEKUrgqxnUMdF-4JmbHhZiufAjBS3zbP4jXzepYNjkrKOFPcxDT6fw9q02f7LVILztFAq5XMuCoZkP7GPW9sPVGUT8KcpwNKwfVYsf84nPgFhSZ7gSM1Ne0AHlAIYLN0Tq2EdpM8QJdEgmbLPOP2fARRa13EzMMxYdma5bNpIa1eQyD9tC9cKQKlYB5kJwc__TuBlmM-I6bKWgCDCpREG4_b0HAqhxG0uQnK2qNqS3rkrcP8OjLoFrDfZhS-zxc7OkjNJHhaBe0gdM2MQDZ2bCYbfbK6cLeGx7FqMSudhxSg3szuJs9DvKuoiO9l2Os0ke3tSiU6BvG3k-DwWND9Un2lhDlpCgVG7A28ussVjYr0Cy9spWL6QCzdw1bsXVSALQ3hJ4xaevKqtQ7Mqr1chFPJKDjMrbOhAWIaoV1_n-tthOLB2eRd-Jyh52c_dCzLNhpUUNs3ihuJi1Yq5wS82NDO9hWfYXXaT01JF5HRAZUjRuWB1LDHhScaQ39IRfJs6OhD9eMsnEnlG-L9jyEIGGVD4S3nZhtXFGSTekCb0mb0yJBh4iMWjjCyPyu8cv0ieHHC-qroEl10YwpXnv_wlaqE9bgsdvklxM_Vgn0tpdm325PztH418vK_ngCDs4ZgYK03xrx77b2oJRc4DcXFv4uTCm_1E6M30s9nc7GMoO-i0_Cs3IcsG6RolKJ6a9hOCDu1unRoEuXdT8CxJn-c_3iKZsg44H2dAzoOE1M5HnuncT5htBIsp0mNQrCSFya95Do3GoJ_GFrre_UteTTYwkPwWEy_16RbWN2H_HYIb3OQAHLD6TQJ9nw921ca_Iak8L0r5hKIQKzGVczTvHMZ26DmNOtd5FIZU9gvVgycOjG-3mqU2YcrFTLp_BFbf8m0pUy8MrKriN3h7xFBZVIWGM3CpXDm7pIu1tY8iHdE29JpaNhowSxTkBC9eT_GcgNi-jWHvBIf5oeMW0umlyjysrxbv9GMmh0YgmvaXzjYhnJLRHKxGbBykCkHg1X_ALBaSDgCQH42HWwB8zr-zfCoQjEMvoBqg6_NTzrNVN-dFqdqJgoDyf3mCuImA9n_2Yrc5HtcCfAfmEggwIojvJxKsTNyBInINK7F0FiBSBhheBt9OYNl7LhploIXkNRuGzbZxNoMClyyl8YfCvYx2nlUhvhduc-vMbaAA3MiZDrZf6cmFiBF_qJrHXR5U0GBjDOpjef9JaUvDtzGZOUBBVUWQS-QxCzDDYpydFlN1YoAWRHaZkLsE04zmMRHZ_kk2aqq96J-j-oUXVOwansl4XOPSRqGrfhH5erBjD0lnCpAjfQet09_d1G_j5SLrO78SH2nuodEqHiCg0oOLabu7KWCaGuwJrxD1D35WsA1EYfHO7P9GX4A-Z9jgjhc4g0Y5lBr3YddaXRjdXGOagTXi91DQMp_rEHEpcdAQiYpIQCexLQctT1XDAtcmC5hcvGF3FLw-lhUAgYzYAHKko4x6sN-35Gz5zCTh3U8ZUFfPkJPrASm4WpdsXHq9wuxwShjqD9E3TjBT3xHaKPthcFsOvbmMBJoDwV2XrlgPygGVPAe9XiDS7vv2tvTp6Mbys2e0g4tDsZAL7x2ujR-j8yLeT9nIr6ewMOUhC04zu6mex4m52WBPFHsOEhydpmB9ZtGLuBN-buXHgwM3mXWhQ4Qr-8g5_8Nq3RY7920rxD8EkbtCZB176xhBqwS9uMwHE4cWvU62NkE3xm-nHMmhB1S7o9pI0NxqT8rB37PxozK2Bt9pBcJoGvTg5TkqE1WxLNgY88-qaSvxnQcrDN1MU9x5W1d8Ymhl1ftXZtOT4pciuJKFB2rpiGH0B0J8ex4IvbzJv94I2OWveIqq70kvO7-yaLHzxJcIsyLDS92tCQlzk2K0ZRqdYBay0AvqsiMwalm1APKI0LqP52hXakUIM0yxkdThmWHis9BhpLJyvwffARzSSZ5BrWvbJ9TJnVqBdBB0TfHaGuoBqp3Y6jJhm-zq7vMmq2bzUodRiJRQyE-xizurcuIOVK1fepDWEHa_NjqFPuJ5QD-sVFbNrroTxlngq4HctJLm9vr_hsdEk6cZ33Z3bP-4zc70JFQUz2uiEAf2v5Lj8DewiJyjSzXUEu3a0gCfBs8jqI7hIBakaYbNqoCkOd2nbSEV9lfgEgumx39TD68WnvaYBS59JSdzXjoY1DhNev97Su5Hksj3uGi-gRPRoCYR9hO85Ytwk18qxosvKUxYpFwsp7r4zrz3jcjQh6zvPI6NHlkt0vNY&cid=CAQSTADq26N9gbxJ15HcJbk4RPeMxayaDhT07OBFZb6CZLa-pxbckxQzeVCiwGZQwUAbid-p2EDwgTtLnQEOd6OZjWA3dY2k01ajiKYmMQEYASAT&rfl=1%2Chttps%253A%252F%252Fblogmado.com%252F%240 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://48c196d7cef73578f1a4d9c39543b32c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 19 Nov 2022 04:45:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 33090
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 19-Nov-2022 05:00:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/close.png
172.64.109.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/close.png
IP 172.64.109.13:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/notifications/software/multi/browsers/ff/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:19 GMT
content-type: image/png
content-length: 5982
last-modified: Thu, 08 Sep 2022 07:49:57 GMT
etag: "63199ea5-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BEAU3VnfSIJyHcr3FsUWRk%2F0ENrNwKBPQkXLZEFGDCY56LNy9ysO8ruEDqMD5%2FXZtnPeNKZxTBeS%2Fb6PQviKenLITjqeTik%2BHUOqXLyM2EwAH%2B8rdAg0jtAbfudsNHkoNHKcQdsNsiJZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64bb578cb7403-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.162200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.162:0
File type ASCII text, with very long lines (3502)
Hash 297e24828abaf97fb29460fd75369140
e9e02d737f1bcf9874a55562edff5f795a1c170c
cdbe4e689ca060e94f00f0aa4c45a89efacddac90df42929ff42a3bff44a9d3e
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://48c196d7cef73578f1a4d9c39543b32c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 48265
date: Sat, 19 Nov 2022 04:45:19 GMT
expires: Sat, 19 Nov 2022 04:45:19 GMT
cache-control: private, max-age=3000
etag: "1668095300071091"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 287c3450393d5823c9208d65039b1293
64ec79be169d84c949943a88fa76e4cff17ea03d
7e4bec45e6eba3f5db587aa31c8e172622f991553c7427c861f373da6a18def9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 287c3450393d5823c9208d65039b1293
64ec79be169d84c949943a88fa76e4cff17ea03d
7e4bec45e6eba3f5db587aa31c8e172622f991553c7427c861f373da6a18def9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
142.250.74.1200 OK 62 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs
IP 142.250.74.1:0
File type Unicode text, UTF-8 text, with very long lines (65008)
Hash 190bcb4c44fd9e0e93baa80c9b2535b8
97bda56ddc8d6a00d19e1747d63325051f3fd144
b7677f820f06329e357561f570729fe4110af4ac5fb741b97567e20a0f533301
GET /rtv/012211060024000/amp4ads-v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 61592
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Nov 2022 18:08:54 GMT
expires: Tue, 14 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
etag: "a2fca7132416d151"
content-type: text/javascript; charset=UTF-8
age: 383785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
142.250.74.1200 OK 5.2 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs
IP 142.250.74.1:0
File type ASCII text, with very long lines (14697)
Hash ae1a9f090984c448deb0629cc2304ee3
e601825ccec746695f370ed68fa33325152e0d9f
6a947bfcdeea64faa6c795caea11ee09dbe00f5d4003b7b9d47e4945c05ac1e4
GET /rtv/012211060024000/v0/amp-ad-exit-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 5218
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Nov 2022 18:08:54 GMT
expires: Tue, 14 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
etag: "abd4378f71571d78"
content-type: text/javascript; charset=UTF-8
age: 383785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs
142.250.74.1200 OK 29 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs
IP 142.250.74.1:0
File type ASCII text, with very long lines (65534)
Hash c88b4e73b12307e42222d337bdd646a2
621233bf4e777b2d44b1bc143187111aca2fe718
ef6935537cd5a603b79bc98d4274b70ee5608955792523fc58e818c8ddbb7b48
GET /rtv/012211060024000/v0/amp-analytics-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 28809
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Nov 2022 18:08:54 GMT
expires: Tue, 14 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
etag: "dd6615029de85e23"
content-type: text/javascript; charset=UTF-8
age: 383785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs
142.250.74.1200 OK 1.9 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs
IP 142.250.74.1:0
File type ASCII text, with very long lines (5046)
Hash 669c8592ef8f63e7404e45dd6ca56b71
3f6753966361bb86594193009c9097612c361064
d174ae2c0722ab8d4bf736f0200dc5b15d288f9500a706bb161b64f5a3b74f01
GET /rtv/012211060024000/v0/amp-fit-text-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 1913
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Nov 2022 18:08:54 GMT
expires: Tue, 14 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
etag: "403438c4d550ee88"
content-type: text/javascript; charset=UTF-8
age: 383785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
142.250.74.1200 OK 13 kB URL HTTP/2 cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs
IP 142.250.74.1:0
File type Unicode text, UTF-8 text, with very long lines (41057)
Hash 2f873064835eed23708bde2a16830216
7559437b82b9b761e02549d8d51f9e3571e5ed2c
0f5d00ac674cc34652997f2e0dd7fb6eb1a5b22010989c35a81cd7a388c84fdd
GET /rtv/012211060024000/v0/amp-form-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 12946
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Nov 2022 18:08:54 GMT
expires: Tue, 14 Nov 2023 18:08:54 GMT
cache-control: public, max-age=31536000
etag: "0bacd3f1ce38a7db"
content-type: text/javascript; charset=UTF-8
age: 383785
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09203fd1f4b4e1d4684b4cbf6244621c
ad49a3d18e122882cb580fd3740cb6e844be5734
c62c5b5050b96306336585361c95d889f8072fd40c0bca08560c5fd75c0bac09
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C62C5B5050B96306336585361C95D889F8072FD40C0BCA08560C5FD75C0BAC09"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3717
Expires: Sat, 19 Nov 2022 05:47:16 GMT
Date: Sat, 19 Nov 2022 04:45:19 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 287c3450393d5823c9208d65039b1293
64ec79be169d84c949943a88fa76e4cff17ea03d
7e4bec45e6eba3f5db587aa31c8e172622f991553c7427c861f373da6a18def9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
px.netpub.media/iab?o=474&k=5&b=fetch&xx=15663b3c58a43d9a93f21c260527a47a&s=complete&g=1&p=601&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&e=0&w=14f9494694a9078dc2f4ae3c92e41760&z=1c2b3d8f5084c3670b0ffbd768d4c149&m=898&f=dfp&c=FR&q=320&i=1&a=true&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_6&v=1.6.0&x=netpub&r=100&yy=f34f336f7278c146e753e83ab53009ee&zz=a2302996a403f19e6e59ea1be534c7f07672dc1417748ef308fa580490652a4e&aa=5a4fc3df82df6af687e37ede081e671f5224a4c52beec2e57327aa7e874220a3&j=0&n=100&l=1268&t=1668833117728&h=0&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F
172.67.70.145200 OK 182 B URL HTTP/2 px.netpub.media/iab?o=474&k=5&b=fetch&xx=15663b3c58a43d9a93f21c260527a47a&s=complete&g=1&p=601&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&e=0&w=14f9494694a9078dc2f4ae3c92e41760&z=1c2b3d8f5084c3670b0ffbd768d4c149&m=898&f=dfp&c=FR&q=320&i=1&a=true&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_6&v=1.6.0&x=netpub&r=100&yy=f34f336f7278c146e753e83ab53009ee&zz=a2302996a403f19e6e59ea1be534c7f07672dc1417748ef308fa580490652a4e&aa=5a4fc3df82df6af687e37ede081e671f5224a4c52beec2e57327aa7e874220a3&j=0&n=100&l=1268&t=1668833117728&h=0&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 68afddc5fc6dff20732a10e111220622
eff6f5a1bc6cea1bdcb4b62b02d5c345a638c811
e2d9f74c1dc050a2bcd7d6b7a8803b1ec8387e4e4c3b85978742dc182d0b5383
GET /iab?o=474&k=5&b=fetch&xx=15663b3c58a43d9a93f21c260527a47a&s=complete&g=1&p=601&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&e=0&w=14f9494694a9078dc2f4ae3c92e41760&z=1c2b3d8f5084c3670b0ffbd768d4c149&m=898&f=dfp&c=FR&q=320&i=1&a=true&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_6&v=1.6.0&x=netpub&r=100&yy=f34f336f7278c146e753e83ab53009ee&zz=a2302996a403f19e6e59ea1be534c7f07672dc1417748ef308fa580490652a4e&aa=5a4fc3df82df6af687e37ede081e671f5224a4c52beec2e57327aa7e874220a3&j=0&n=100&l=1268&t=1668833117728&h=0&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:19 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wvkHy4En8UWNaGAaMzMouH6rHmqd9kJkIEgZWWKPtDFJ6o%2Ff%2BVWHiLEJhwQZRkv06GBAfk417DRZoS5qUvPRNTB1%2FW3J57TDJMwcvI7pqrUNJUHP4v7ASKFTKIlPwPxL6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64bb69b280b59-OSL
X-Firefox-Spdy: h2
revoketypes.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=362
192.243.59.13200 OK 0 B URL HTTP/1.1 revoketypes.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=362
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fcss%2Fstyle.css&l=3735&fd=362 HTTP/1.1
Host: revoketypes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; uid_id2=16f42744-ea4c-46eb-ae4d-df0656030786:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 19 Nov 2022 04:45:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/magic.css
172.64.109.13200 OK 3.4 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/magic.css
IP 172.64.109.13:0
Hash 99976b40cfbee5ada171e0a327c25dde
59da5cbb9ed3e7591295c3f4148438069a63b1aa
dac1a51ba31e63a5ba25fcbd6d1c9ad1c69f50c6bc046b0f5f02009bba2b2f5b
GET /sb/notifications/software/multi/browsers/ff/3/css/magic.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:19 GMT
content-type: text/css
last-modified: Thu, 08 Sep 2022 07:49:55 GMT
etag: W/"63199ea3-b0c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0BfGOV6XNzrLfIr3KxFKYtGL5HoAjtBghP%2FvlU4IkExhpkK6U4r6BDkWnh5c9NnL%2BRkpx3NxhDAPfwfjlC2I%2BGW98RBayLh0VTjwamikRPAe0Ug0Olu0WA8dRmr7jD0nn457LNg1jW1N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64bb578c47403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1f35203e647097801695fad87f09fb44
91fdb8cc7ca06c6ce32bf0f34d5613dae26582a7
b989b86a3747feb7355723140ff09f0ad76b66edf017b5880eb287e55ce83fc0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B989B86A3747FEB7355723140FF09F0AD76B66EDF017B5880EB287E55CE83FC0"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6365
Expires: Sat, 19 Nov 2022 06:31:25 GMT
Date: Sat, 19 Nov 2022 04:45:20 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/update-icon.png
172.64.109.13200 OK 175 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/img/update-icon.png
IP 172.64.109.13:0
File type PNG image data, 452 x 453, 8-bit/color RGBA, non-interlaced\012- data
Size 175 kB (174730 bytes)
Hash 85bc2f8a287afa33ac84c90178055d00
c98e7ebd06397a77a20607f55fe4ebf1b57ca334
85d20d101efc753f9b0619a33901e1689d1e0c11a46bf6d6d657c1393542cc30
GET /sb/notifications/software/multi/browsers/ff/3/img/update-icon.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:20 GMT
content-type: image/png
content-length: 174730
last-modified: Thu, 08 Sep 2022 07:49:58 GMT
etag: "63199ea6-2aa8a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l6PVxCYiQf6Hlq5Q0dZ2lprLnm02LoAC%2BLu0qEndj5AJSvAZYusfkBXmKmct%2B%2FVCXINFXinb2YfD40rA9rGx9nWsplNNNk%2BKYgiBdc1JE7%2BAzqIBhbD64mEfbRCug%2FuQUJ4jVTjiXbNq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64bb578cc7403-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=16f42744-ea4c-46eb-ae4d-df0656030786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=16f42744-ea4c-46eb-ae4d-df0656030786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=16f42744-ea4c-46eb-ae4d-df0656030786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=01ffd36dfbce3d569baf8d846cd7bc65&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 04:45:20 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9fab6f724dc836a20c4b688f5f00614b
Strict-Transport-Security: max-age=0; includeSubdomains
px.netpub.media/iab?l=1268&o=454&v=1.6.0&r=300&c=FR&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&z=1c2b3d8f5084c3670b0ffbd768d4c149&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=0&yy=441caf19b459c0357a9f96d60b566e6c&m=898&p=438&t=1668833118132&a=true&i=1&zz=59d79e37b1097c19ba46486ba269b28f8d8612026a33fd9c9b0af6ab13f3e616&aa=16321753645e64c2b00f56db2260b9b17a159c86dc773ec5601fd34eb1efc02e&e=0&b=static&g=0&s=complete&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&n=100&q=360&x=netpub
172.67.70.145200 OK 8.4 kB URL HTTP/2 px.netpub.media/iab?l=1268&o=454&v=1.6.0&r=300&c=FR&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&z=1c2b3d8f5084c3670b0ffbd768d4c149&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=0&yy=441caf19b459c0357a9f96d60b566e6c&m=898&p=438&t=1668833118132&a=true&i=1&zz=59d79e37b1097c19ba46486ba269b28f8d8612026a33fd9c9b0af6ab13f3e616&aa=16321753645e64c2b00f56db2260b9b17a159c86dc773ec5601fd34eb1efc02e&e=0&b=static&g=0&s=complete&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&n=100&q=360&x=netpub
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 3fee40a92d86011771a136d7a490b583
09dc5f77ddfdf323be2fb20831d93454172ce8e7
83782f3af82adc4aefb232d109062aa24a0b94df0f4e5537398e22c4d275e232
GET /iab?l=1268&o=454&v=1.6.0&r=300&c=FR&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&z=1c2b3d8f5084c3670b0ffbd768d4c149&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=0&yy=441caf19b459c0357a9f96d60b566e6c&m=898&p=438&t=1668833118132&a=true&i=1&zz=59d79e37b1097c19ba46486ba269b28f8d8612026a33fd9c9b0af6ab13f3e616&aa=16321753645e64c2b00f56db2260b9b17a159c86dc773ec5601fd34eb1efc02e&e=0&b=static&g=0&s=complete&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&n=100&q=360&x=netpub HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:20 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E82NCaHWy5xrK4qJv3jb6YzbYpdWtw8nWxX1dzscBvQFMC7rLCwgZREaj8KQAEApiB5p8Bm0%2FGWYc0QT%2BgHvf2NuS5Fo9HIM9Mi%2Bdzzxs87dZ5dhGJVv0C0j8q%2F1saUW5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64bb91be30b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?z=1c2b3d8f5084c3670b0ffbd768d4c149&c=FR&q=300&aa=ec6845b2374fe7d3f9270552f1a05ded3b1a68221597e4d3e2e90babf21bde23&b=embed&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&k=4&y=%2F112081842%2C22620349674%2Fblogmado.com_300x250_banner2_marco2&g=1&l=1268&x=netpub&xx=f89e668722348d1b1d1ea79f6e599d31&w=14f9494694a9078dc2f4ae3c92e41760&yy=234f3fd5f395a12d9a72baaa86622449&a=true&f=dfp&p=2239&s=complete&h=0&n=100&t=1668833118201&v=1.6.0&m=898&e=0&j=0&o=827.5&r=250&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&zz=77413f43f2a9c12117925ea79667dff531356ccf86f94cb9e7d38ea10e5f43f7&i=1
172.67.70.145200 OK 182 B URL HTTP/2 px.netpub.media/iab?z=1c2b3d8f5084c3670b0ffbd768d4c149&c=FR&q=300&aa=ec6845b2374fe7d3f9270552f1a05ded3b1a68221597e4d3e2e90babf21bde23&b=embed&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&k=4&y=%2F112081842%2C22620349674%2Fblogmado.com_300x250_banner2_marco2&g=1&l=1268&x=netpub&xx=f89e668722348d1b1d1ea79f6e599d31&w=14f9494694a9078dc2f4ae3c92e41760&yy=234f3fd5f395a12d9a72baaa86622449&a=true&f=dfp&p=2239&s=complete&h=0&n=100&t=1668833118201&v=1.6.0&m=898&e=0&j=0&o=827.5&r=250&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&zz=77413f43f2a9c12117925ea79667dff531356ccf86f94cb9e7d38ea10e5f43f7&i=1
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 68afddc5fc6dff20732a10e111220622
eff6f5a1bc6cea1bdcb4b62b02d5c345a638c811
e2d9f74c1dc050a2bcd7d6b7a8803b1ec8387e4e4c3b85978742dc182d0b5383
GET /iab?z=1c2b3d8f5084c3670b0ffbd768d4c149&c=FR&q=300&aa=ec6845b2374fe7d3f9270552f1a05ded3b1a68221597e4d3e2e90babf21bde23&b=embed&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&k=4&y=%2F112081842%2C22620349674%2Fblogmado.com_300x250_banner2_marco2&g=1&l=1268&x=netpub&xx=f89e668722348d1b1d1ea79f6e599d31&w=14f9494694a9078dc2f4ae3c92e41760&yy=234f3fd5f395a12d9a72baaa86622449&a=true&f=dfp&p=2239&s=complete&h=0&n=100&t=1668833118201&v=1.6.0&m=898&e=0&j=0&o=827.5&r=250&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&zz=77413f43f2a9c12117925ea79667dff531356ccf86f94cb9e7d38ea10e5f43f7&i=1 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:20 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDBO71iI3t7A8ervGv2B5MIczQYpGNaSmud%2BZU3Wlr0c%2BiLioxhbbOdIleblcox4zbmwyuQPk0NEjSvhiGJV2QAlUxpPGYIzUaPE3A%2FCSlU9jRpBdE4GZwoqlHH%2Fga6t%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64bb97c020b59-OSL
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=16f42744-ea4c-46eb-ae4d-df0656030786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=16f42744-ea4c-46eb-ae4d-df0656030786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=16f42744-ea4c-46eb-ae4d-df0656030786&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=7e1d8f1ae70c40a4c328807cbe5300ca&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 19 Nov 2022 04:45:20 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5c050a63818fcfec538834db3d77fda9
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash da2d83e904cd35e185b36b715ab785df
258667d57898e4559332a419918f9e8f1e5cd39c
2a11aab970c28cba544f5e4c734b94d8c25dd6f435affc4f28d35e4bdd114e86
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/simgad/17973904251275291763
142.250.74.70200 OK 54 kB URL HTTP/2 s0.2mdn.net/simgad/17973904251275291763
IP 142.250.74.70:0
File type JPEG image data, progressive, precision 8, 728x90, components 3\012- data
Hash ef9eec6e9c65bb7a274954f1f9fee952
03a4a895d58d9be37aa72a614cdc989dfd1cb36c
1cdcb95ea4a913e03f155bf2cd59bac143a4a3c22285ec1c793fe76202944fd2
GET /simgad/17973904251275291763 HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://48c196d7cef73578f1a4d9c39543b32c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 53520
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Fri, 18 Nov 2022 06:53:39 GMT
expires: Sat, 18 Nov 2023 06:53:39 GMT
cache-control: public, max-age=31536000
age: 78701
last-modified: Thu, 13 Oct 2022 11:56:16 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssxngLMNxD_GJPgrT0T20GYeD8EcrPZczQZXthbZ0lhAw95wJgRkrKxXz1pct1iLvI4VTOU9k4tSqD8TVgQrCmY9rTFVVLGonEdCdSKF2Nx9gSBHFYKWf5WqHmchHZAc11SLHraW-bcKLTsmEC95mUiJGAvMvEYTNbJXOEsHIvaBxyOXZk4FqfLOMhHAKLwza9dFL6qJgx8Ze4CuMswdTgFFzU2C0qkQUHmSEOmecPS8O2jaHEfKo6FdyXZa05kbL78SqDxKVXzXE8rKyi2fc0SgHKifYnoIhCcRprgBOPmCLerYBAiRebD7h9k7mpSDR_Zuc4gFL1IhUDNUk0kKboHYlp4Iq8M3NomYkrg1ggaFzUlRkD6PANyS3Uwap03JBDS-3wgkdWydrINvDkKQmjPBBjVe_Gx_qLoxkBMkj8nSdepGuWr1Oam3U1vx3bvEzVJm61BHna1GwcRr3hnr9M3fHa44w9m_lNN8I9ZJz6LKdpv6YV8cMDIgPHMmVHlENBdlJawA-_SIaxZNda9Amw7110FakToHuLtUCzyW4w3heo5PCp4MxIkkkEWjNPuEsYzpBxaKk97q2JFv4kocfbLb2yzRKSJQ2o1lMgOIumoeM0dpotsW6VXzNpVZDIXJ626AmR0sf2_YDdSjb_XZvxFenBKvV15HbuS_9uYtmT32O8fg5VPLxK-_Z5aHI_YO9s7TgY-JEVDxilIXi2JV8sU7HPmu98Ol_xBVflC0MtxeC5j6ilqogMDD0YuYjI2hn8JhlKyMaa6GoHqZ3w0NvLFSAbFVdL47H0G6k921SNmkiGtSDjk23lgO5oMDSRlqHRrBm1CL7ZgnP1_VcaCVOeP1Muv1CQhOpAnGZKPY0wpeGCltpbGjh5af3LoBFE3UpMS0ETcBdYOe9-_Ckna51FunB_ajfxRZ7Oaq3UzYMglzJFQfWbUaDle9PnfIkTK1hcAZiRfzYKYRXGyxmxi10hV9Da4291H0ctvuR9PQ9dUUvSyPP1PWqfW0a2gr8-MT1d8Duzdy6eHc1OFEPZAEn7I95rJpL93jkWlWg5_o7QoCf3OzfOdKXJsKd9kJjFXKk45mj4GIyprR_quU3qKXoaV2VFzEV3AHBQzvjGlW2qyW5__VS7olv09AA-O9RyFvNS-Eff3Dy8ErPCQY0v6k7by63PfZZMokwpDE-4MDKyiCuN4aU6RODdTdVO_thfhIcNL6XNI-goGgg&sai=AMfl-YR7iUSCyDSQvV64B0Yh_UiorLW6BYWCfXcFphYAU7T2i9bcpgs07OG1qpuSx7g4KZbdsmQkxYCS3jmRT2D0eZtnkulXbUd4XgFU5EpjmI1-e6gcHO6noM31Bt8LGs56JiOUuBOxs_233bOPvEIoCgOgcNhoVzdZOKIV2nN_anyKy3YCHpDDyf3HsRVPpKxtEAbyBB262tNPyfcwSxSm-4qecKpEGLuwdtEmUT3vqZ5UA7DLA2s16_Ymg58Ci2wNqwtMZ8JfI1Ia4AhoCUMi4VXBJ1vA4iBEO5bVKfDFOS0O5mhy3Fo&sig=Cg0ArKJSzIr4t11XXnraEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=1&cisv=r20221110.74408&arae=0&ftch=1&adurl=
142.250.74.130200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssxngLMNxD_GJPgrT0T20GYeD8EcrPZczQZXthbZ0lhAw95wJgRkrKxXz1pct1iLvI4VTOU9k4tSqD8TVgQrCmY9rTFVVLGonEdCdSKF2Nx9gSBHFYKWf5WqHmchHZAc11SLHraW-bcKLTsmEC95mUiJGAvMvEYTNbJXOEsHIvaBxyOXZk4FqfLOMhHAKLwza9dFL6qJgx8Ze4CuMswdTgFFzU2C0qkQUHmSEOmecPS8O2jaHEfKo6FdyXZa05kbL78SqDxKVXzXE8rKyi2fc0SgHKifYnoIhCcRprgBOPmCLerYBAiRebD7h9k7mpSDR_Zuc4gFL1IhUDNUk0kKboHYlp4Iq8M3NomYkrg1ggaFzUlRkD6PANyS3Uwap03JBDS-3wgkdWydrINvDkKQmjPBBjVe_Gx_qLoxkBMkj8nSdepGuWr1Oam3U1vx3bvEzVJm61BHna1GwcRr3hnr9M3fHa44w9m_lNN8I9ZJz6LKdpv6YV8cMDIgPHMmVHlENBdlJawA-_SIaxZNda9Amw7110FakToHuLtUCzyW4w3heo5PCp4MxIkkkEWjNPuEsYzpBxaKk97q2JFv4kocfbLb2yzRKSJQ2o1lMgOIumoeM0dpotsW6VXzNpVZDIXJ626AmR0sf2_YDdSjb_XZvxFenBKvV15HbuS_9uYtmT32O8fg5VPLxK-_Z5aHI_YO9s7TgY-JEVDxilIXi2JV8sU7HPmu98Ol_xBVflC0MtxeC5j6ilqogMDD0YuYjI2hn8JhlKyMaa6GoHqZ3w0NvLFSAbFVdL47H0G6k921SNmkiGtSDjk23lgO5oMDSRlqHRrBm1CL7ZgnP1_VcaCVOeP1Muv1CQhOpAnGZKPY0wpeGCltpbGjh5af3LoBFE3UpMS0ETcBdYOe9-_Ckna51FunB_ajfxRZ7Oaq3UzYMglzJFQfWbUaDle9PnfIkTK1hcAZiRfzYKYRXGyxmxi10hV9Da4291H0ctvuR9PQ9dUUvSyPP1PWqfW0a2gr8-MT1d8Duzdy6eHc1OFEPZAEn7I95rJpL93jkWlWg5_o7QoCf3OzfOdKXJsKd9kJjFXKk45mj4GIyprR_quU3qKXoaV2VFzEV3AHBQzvjGlW2qyW5__VS7olv09AA-O9RyFvNS-Eff3Dy8ErPCQY0v6k7by63PfZZMokwpDE-4MDKyiCuN4aU6RODdTdVO_thfhIcNL6XNI-goGgg&sai=AMfl-YR7iUSCyDSQvV64B0Yh_UiorLW6BYWCfXcFphYAU7T2i9bcpgs07OG1qpuSx7g4KZbdsmQkxYCS3jmRT2D0eZtnkulXbUd4XgFU5EpjmI1-e6gcHO6noM31Bt8LGs56JiOUuBOxs_233bOPvEIoCgOgcNhoVzdZOKIV2nN_anyKy3YCHpDDyf3HsRVPpKxtEAbyBB262tNPyfcwSxSm-4qecKpEGLuwdtEmUT3vqZ5UA7DLA2s16_Ymg58Ci2wNqwtMZ8JfI1Ia4AhoCUMi4VXBJ1vA4iBEO5bVKfDFOS0O5mhy3Fo&sig=Cg0ArKJSzIr4t11XXnraEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=1&cisv=r20221110.74408&arae=0&ftch=1&adurl=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjssxngLMNxD_GJPgrT0T20GYeD8EcrPZczQZXthbZ0lhAw95wJgRkrKxXz1pct1iLvI4VTOU9k4tSqD8TVgQrCmY9rTFVVLGonEdCdSKF2Nx9gSBHFYKWf5WqHmchHZAc11SLHraW-bcKLTsmEC95mUiJGAvMvEYTNbJXOEsHIvaBxyOXZk4FqfLOMhHAKLwza9dFL6qJgx8Ze4CuMswdTgFFzU2C0qkQUHmSEOmecPS8O2jaHEfKo6FdyXZa05kbL78SqDxKVXzXE8rKyi2fc0SgHKifYnoIhCcRprgBOPmCLerYBAiRebD7h9k7mpSDR_Zuc4gFL1IhUDNUk0kKboHYlp4Iq8M3NomYkrg1ggaFzUlRkD6PANyS3Uwap03JBDS-3wgkdWydrINvDkKQmjPBBjVe_Gx_qLoxkBMkj8nSdepGuWr1Oam3U1vx3bvEzVJm61BHna1GwcRr3hnr9M3fHa44w9m_lNN8I9ZJz6LKdpv6YV8cMDIgPHMmVHlENBdlJawA-_SIaxZNda9Amw7110FakToHuLtUCzyW4w3heo5PCp4MxIkkkEWjNPuEsYzpBxaKk97q2JFv4kocfbLb2yzRKSJQ2o1lMgOIumoeM0dpotsW6VXzNpVZDIXJ626AmR0sf2_YDdSjb_XZvxFenBKvV15HbuS_9uYtmT32O8fg5VPLxK-_Z5aHI_YO9s7TgY-JEVDxilIXi2JV8sU7HPmu98Ol_xBVflC0MtxeC5j6ilqogMDD0YuYjI2hn8JhlKyMaa6GoHqZ3w0NvLFSAbFVdL47H0G6k921SNmkiGtSDjk23lgO5oMDSRlqHRrBm1CL7ZgnP1_VcaCVOeP1Muv1CQhOpAnGZKPY0wpeGCltpbGjh5af3LoBFE3UpMS0ETcBdYOe9-_Ckna51FunB_ajfxRZ7Oaq3UzYMglzJFQfWbUaDle9PnfIkTK1hcAZiRfzYKYRXGyxmxi10hV9Da4291H0ctvuR9PQ9dUUvSyPP1PWqfW0a2gr8-MT1d8Duzdy6eHc1OFEPZAEn7I95rJpL93jkWlWg5_o7QoCf3OzfOdKXJsKd9kJjFXKk45mj4GIyprR_quU3qKXoaV2VFzEV3AHBQzvjGlW2qyW5__VS7olv09AA-O9RyFvNS-Eff3Dy8ErPCQY0v6k7by63PfZZMokwpDE-4MDKyiCuN4aU6RODdTdVO_thfhIcNL6XNI-goGgg&sai=AMfl-YR7iUSCyDSQvV64B0Yh_UiorLW6BYWCfXcFphYAU7T2i9bcpgs07OG1qpuSx7g4KZbdsmQkxYCS3jmRT2D0eZtnkulXbUd4XgFU5EpjmI1-e6gcHO6noM31Bt8LGs56JiOUuBOxs_233bOPvEIoCgOgcNhoVzdZOKIV2nN_anyKy3YCHpDDyf3HsRVPpKxtEAbyBB262tNPyfcwSxSm-4qecKpEGLuwdtEmUT3vqZ5UA7DLA2s16_Ymg58Ci2wNqwtMZ8JfI1Ia4AhoCUMi4VXBJ1vA4iBEO5bVKfDFOS0O5mhy3Fo&sig=Cg0ArKJSzIr4t11XXnraEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=1&cisv=r20221110.74408&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://48c196d7cef73578f1a4d9c39543b32c.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 19 Nov 2022 04:45:20 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 19-Nov-2022 05:00:20 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 19 Nov 2022 04:45:20 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash da2d83e904cd35e185b36b715ab785df
258667d57898e4559332a419918f9e8f1e5cd39c
2a11aab970c28cba544f5e4c734b94d8c25dd6f435affc4f28d35e4bdd114e86
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
revoketypes.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=254
192.243.59.13200 OK 0 B URL HTTP/1.1 revoketypes.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=254
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fmulti%2Fbrowsers%2Fff%2F3%2Fjs%2Fscript.js&l=8814&fd=254 HTTP/1.1
Host: revoketypes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; uid_id2=16f42744-ea4c-46eb-ae4d-df0656030786:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 19 Nov 2022 04:45:20 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
revoketypes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9%2FFz1oxIsHZQ4eFLKz3dM9X%2BYQjDESTHaXJLLiJdRXz5Zb3dVUdU%2FP7mkxIDkojHjQY%2B8zu1mMUQx4E1FmRQwLQsaD7sH1XxCUHEVmdmDxhar3fet5D8%2FzvPX%2BTnFMfBT0aPWa2VJa06Vm3a%2B9tKZSYUpXW75ZC%2Fy6f762ptJWdL42mF62%2F0rgN%2Bv%2By7U3JN8wSw0%2F8P3AD2qXlZWxGSzNUKjsfjeod%2F161KgHzQgD%2B9%2FeFR4c9SD6x%2BQZKDH5%2F%2FrDB1B8jDT56pJ0G7nJzr2eFJrmxqIv9t9KN1JTpkhOy9h6iNP9%2BTSMmxDy6RmYdH%2BuAKa%2FO1UApibE%2BzUAS%2FfnNMH6eydMmYZMwcSTKPtjSD2GomNwcxtKPCIAF1heQZrcXTa2pJsnKJ2iE7Lw%2BC%2BockIWfn8WafLlRa0GtRtGF7kyqcMgrqAGY6jeGFlxgHzLgyoPwPP3oMTPZOnxVaTJ7orTBkocvRi04qjRjqJFSSO%2BGLUkW6QyEosi9lvNlh%2F67U5rZpFSY6h4DC2HoM5DMT3KQxF7KDIPiTiq0WY39v12zOIw7ESc8zDkvNlpiaYIo07so%2BBTDUPk2RBcD8HtNjK7jQ01hC2%2Bh1uv4IQHlxP0RYVSEpSOoKQEpSIoc4KyX%2B0J7Rquuiu0K1gwz415DquRyXs7dM%2FkPZmSneyYnJ0Z989Tv2FDHtX8II5F2BIx4zIUzVaX0bgjOlGLizbjrSacqqDcmZnMrekWvziHTE0I%2BeZvMHoApw%2FA1VnQ4nnQctRu%2BKDro6jjYyu9lyeS2rTOTQJhKmT5AvJNb0cfk%2BdmLLq8DckPL%2Fz409fdt59m4LZCZiu8q34g6Ok7o%2BumJLvXTenIg5UsV4naotPV3shpLhfuvSk3S2PFlUtu%2BNmrfApMy%2Fs3pcuv0lSotOfI5xeVENJeNpZL8u0VtybZauHWLxY2LbKrq69dvpJkVjqnTDoGVY%2FaH4OrCXni2vbs077wwUMoO4YtKiTFIZkHlDkAz7bhssMLn3y48sd58Q6cIbD6dIZlHsqiGtkGO33UikDL056yCk6eWsDk4Xd%2FnmA77g561gPNbyNNKvRthb6uQPUQrvjfKM%2Fs4YVfwlmAaW%2FEtPV2mbb6oxNrnTqqNYNIdlinzYVgkoug3Qg7oe83hIjaXRl0kbsJH9y69S8AAAD%2F%2FwEAAP%2F%2FZ4TP%2F4wEAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 revoketypes.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9%2FFz1oxIsHZQ4eFLKz3dM9X%2BYQjDESTHaXJLLiJdRXz5Zb3dVUdU%2FP7mkxIDkojHjQY%2B8zu1mMUQx4E1FmRQwLQsaD7sH1XxCUHEVmdmDxhar3fet5D8%2FzvPX%2BTnFMfBT0aPWa2VJa06Vm3a%2B9tKZSYUpXW75ZC%2Fy6f762ptJWdL42mF62%2F0rgN%2Bv%2By7U3JN8wSw0%2F8P3AD2qXlZWxGSzNUKjsfjeod%2F161KgHzQgD%2B9%2FeFR4c9SD6x%2BQZKDH5%2F%2FrDB1B8jDT56pJ0G7nJzr2eFJrmxqIv9t9KN1JTpkhOy9h6iNP9%2BTSMmxDy6RmYdH%2BuAKa%2FO1UApibE%2BzUAS%2FfnNMH6eydMmYZMwcSTKPtjSD2GomNwcxtKPCIAF1heQZrcXTa2pJsnKJ2iE7Lw%2BC%2BockIWfn8WafLlRa0GtRtGF7kyqcMgrqAGY6jeGFlxgHzLgyoPwPP3oMTPZOnxVaTJ7orTBkocvRi04qjRjqJFSSO%2BGLUkW6QyEosi9lvNlh%2F67U5rZpFSY6h4DC2HoM5DMT3KQxF7KDIPiTiq0WY39v12zOIw7ESc8zDkvNlpiaYIo07so%2BBTDUPk2RBcD8HtNjK7jQ01hC2%2Bh1uv4IQHlxP0RYVSEpSOoKQEpSIoc4KyX%2B0J7Rquuiu0K1gwz415DquRyXs7dM%2FkPZmSneyYnJ0Z989Tv2FDHtX8II5F2BIx4zIUzVaX0bgjOlGLizbjrSacqqDcmZnMrekWvziHTE0I%2BeZvMHoApw%2FA1VnQ4nnQctRu%2BKDro6jjYyu9lyeS2rTOTQJhKmT5AvJNb0cfk%2BdmLLq8DckPL%2Fz409fdt59m4LZCZiu8q34g6Ok7o%2BumJLvXTenIg5UsV4naotPV3shpLhfuvSk3S2PFlUtu%2BNmrfApMy%2Fs3pcuv0lSotOfI5xeVENJeNpZL8u0VtybZauHWLxY2LbKrq69dvpJkVjqnTDoGVY%2FaH4OrCXni2vbs077wwUMoO4YtKiTFIZkHlDkAz7bhssMLn3y48sd58Q6cIbD6dIZlHsqiGtkGO33UikDL056yCk6eWsDk4Xd%2FnmA77g561gPNbyNNKvRthb6uQPUQrvjfKM%2Fs4YVfwlmAaW%2FEtPV2mbb6oxNrnTqqNYNIdlinzYVgkoug3Qg7oe83hIjaXRl0kbsJH9y69S8AAAD%2F%2FwEAAP%2F%2FZ4TP%2F4wEAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuzm9%2FFz1oxIsHZQ4eFLKz3dM9X%2BYQjDESTHaXJLLiJdRXz5Zb3dVUdU%2FP7mkxIDkojHjQY%2B8zu1mMUQx4E1FmRQwLQsaD7sH1XxCUHEVmdmDxhar3fet5D8%2FzvPX%2BTnFMfBT0aPWa2VJa06Vm3a%2B9tKZSYUpXW75ZC%2Fy6f762ptJWdL42mF62%2F0rgN%2Bv%2By7U3JN8wSw0%2F8P3AD2qXlZWxGSzNUKjsfjeod%2F161KgHzQgD%2B9%2FeFR4c9SD6x%2BQZKDH5%2F%2FrDB1B8jDT56pJ0G7nJzr2eFJrmxqIv9t9KN1JTpkhOy9h6iNP9%2BTSMmxDy6RmYdH%2BuAKa%2FO1UApibE%2BzUAS%2FfnNMH6eydMmYZMwcSTKPtjSD2GomNwcxtKPCIAF1heQZrcXTa2pJsnKJ2iE7Lw%2BC%2BockIWfn8WafLlRa0GtRtGF7kyqcMgrqAGY6jeGFlxgHzLgyoPwPP3oMTPZOnxVaTJ7orTBkocvRi04qjRjqJFSSO%2BGLUkW6QyEosi9lvNlh%2F67U5rZpFSY6h4DC2HoM5DMT3KQxF7KDIPiTiq0WY39v12zOIw7ESc8zDkvNlpiaYIo07so%2BBTDUPk2RBcD8HtNjK7jQ01hC2%2Bh1uv4IQHlxP0RYVSEpSOoKQEpSIoc4KyX%2B0J7Rquuiu0K1gwz415DquRyXs7dM%2FkPZmSneyYnJ0Z989Tv2FDHtX8II5F2BIx4zIUzVaX0bgjOlGLizbjrSacqqDcmZnMrekWvziHTE0I%2BeZvMHoApw%2FA1VnQ4nnQctRu%2BKDro6jjYyu9lyeS2rTOTQJhKmT5AvJNb0cfk%2BdmLLq8DckPL%2Fz409fdt59m4LZCZiu8q34g6Ok7o%2BumJLvXTenIg5UsV4naotPV3shpLhfuvSk3S2PFlUtu%2BNmrfApMy%2Fs3pcuv0lSotOfI5xeVENJeNpZL8u0VtybZauHWLxY2LbKrq69dvpJkVjqnTDoGVY%2FaH4OrCXni2vbs077wwUMoO4YtKiTFIZkHlDkAz7bhssMLn3y48sd58Q6cIbD6dIZlHsqiGtkGO33UikDL056yCk6eWsDk4Xd%2FnmA77g561gPNbyNNKvRthb6uQPUQrvjfKM%2Fs4YVfwlmAaW%2FEtPV2mbb6oxNrnTqqNYNIdlinzYVgkoug3Qg7oe83hIjaXRl0kbsJH9y69S8AAAD%2F%2FwEAAP%2F%2FZ4TP%2F4wEAAA%3D HTTP/1.1
Host: revoketypes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Cookie: u_pl=16650200; uid_id2=16f42744-ea4c-46eb-ae4d-df0656030786:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec01ffd36dfbce3d569baf8d846cd7bc65=[3760951]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 19 Nov 2022 04:45:20 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a452476df68febda051726bb459e9999
Strict-Transport-Security: max-age=0; includeSubdomains
px.netpub.media/iab?l=1268&o=454&v=1.6.0&r=300&c=FR&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&z=1c2b3d8f5084c3670b0ffbd768d4c149&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=0&yy=441caf19b459c0357a9f96d60b566e6c&m=898&p=438&t=1668833118132&a=true&i=1&zz=59d79e37b1097c19ba46486ba269b28f8d8612026a33fd9c9b0af6ab13f3e616&aa=16321753645e64c2b00f56db2260b9b17a159c86dc773ec5601fd34eb1efc02e&e=0&b=static&g=1&s=complete&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&n=100&q=360&x=netpub
172.67.70.145200 OK 5.1 kB URL HTTP/2 px.netpub.media/iab?l=1268&o=454&v=1.6.0&r=300&c=FR&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&z=1c2b3d8f5084c3670b0ffbd768d4c149&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=0&yy=441caf19b459c0357a9f96d60b566e6c&m=898&p=438&t=1668833118132&a=true&i=1&zz=59d79e37b1097c19ba46486ba269b28f8d8612026a33fd9c9b0af6ab13f3e616&aa=16321753645e64c2b00f56db2260b9b17a159c86dc773ec5601fd34eb1efc02e&e=0&b=static&g=1&s=complete&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&n=100&q=360&x=netpub
IP 172.67.70.145:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 8190411b3da77b2927126dbda42d096d
6d6cd29fc51201572d6c3baf62747203c2d9e396
34d14d084d65b948bd983ce61c8e072da888279859b819d216be6d1e5a63d011
GET /iab?l=1268&o=454&v=1.6.0&r=300&c=FR&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&z=1c2b3d8f5084c3670b0ffbd768d4c149&f=dfp&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=0&yy=441caf19b459c0357a9f96d60b566e6c&m=898&p=438&t=1668833118132&a=true&i=1&zz=59d79e37b1097c19ba46486ba269b28f8d8612026a33fd9c9b0af6ab13f3e616&aa=16321753645e64c2b00f56db2260b9b17a159c86dc773ec5601fd34eb1efc02e&e=0&b=static&g=1&s=complete&j=0&xx=9e7606b30d00152d42dd3bbb3c0fe4d2&k=6&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_7&n=100&q=360&x=netpub HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:20 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6MQ9qLTcR%2FYutsbCYw97cpH7gyweCmsk%2FrEXAfrqXqhwNDmRMVUUj8vQMtgY9cJSM%2BQIt19BZLusbsElpdFXxnJS6ArXHG7WZvR1SKpwHfVD%2Bj9dycArSrBZXDxiYve%2FgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64bb91be40b59-OSL
X-Firefox-Spdy: h2
cdn.app.tacticrealtime.com/data/166cae026bc0e67703d75cc361301cbe/timeline/doubleclick/web?ac-1gi739335=1&__tbi=114
82.102.27.18200 OK 48 kB URL HTTP/2 cdn.app.tacticrealtime.com/data/166cae026bc0e67703d75cc361301cbe/timeline/doubleclick/web?ac-1gi739335=1&__tbi=114
IP 82.102.27.18:0
Hash 35efa15bda30f34c46161815d1770479
b9cc2636c0580eb44d1578739e349e7b72829fa7
2dc295a49bc10407edd4a4b7953765f41a4623f8797fdf6c21b97de80665c99b
GET /data/166cae026bc0e67703d75cc361301cbe/timeline/doubleclick/web?ac-1gi739335=1&__tbi=114 HTTP/1.1
Host: cdn.app.tacticrealtime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: keycdn-engine
date: Sat, 19 Nov 2022 04:45:21 GMT
content-type: application/x-javascript;charset=utf-8;
is-tactic-request: true
tactic-time-lapsed: 0.018236875534058
expires: Sat, 26 Nov 2022 04:45:21 GMT
cache-control: max-age=604800
link: <https://app.tacticrealtime.com/data/166cae026bc0e67703d75cc361301cbe/timeline/doubleclick/web?ac-1gi739335=1&__tbi=114>; rel="canonical"
x-cache: HIT
x-edge-location: noos
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.app.tacticrealtime.com/creatives/66/0c/d4/140a8c7e274bff8b85caa42a03/package/active/assets/fonts/FilsonPro/Book.woff?__tbi=114
82.102.27.18200 OK 13 kB URL HTTP/2 cdn.app.tacticrealtime.com/creatives/66/0c/d4/140a8c7e274bff8b85caa42a03/package/active/assets/fonts/FilsonPro/Book.woff?__tbi=114
IP 82.102.27.18:0
File type Web Open Font Format, TrueType, length 13092, version 1.0\012- data
Hash 19fcd15a2ca1dcda0de878968ea1e7b1
20e3802dcd2d30b968aa777527a6a9a0d28eeb81
9058b7c3865cd982ac5ef0dd280ef4f6e97174e79a4c9bf19d4523aea5708629
GET /creatives/66/0c/d4/140a8c7e274bff8b85caa42a03/package/active/assets/fonts/FilsonPro/Book.woff?__tbi=114 HTTP/1.1
Host: cdn.app.tacticrealtime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s0.2mdn.net
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: keycdn-engine
date: Sat, 19 Nov 2022 04:45:21 GMT
content-type: font/woff
content-length: 13092
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
last-modified: Wed, 14 Sep 2022 14:31:43 GMT
etag: "19fcd15a2ca1dcda0de878968ea1e7b1"
x-amz-version-id: 7VgRlDFH8WFLEbewHWOh.EAF8gkUsIyf
expires: Sat, 26 Nov 2022 04:45:21 GMT
cache-control: max-age=604800
link: <https://app.tacticrealtime.com/creatives/66/0c/d4/140a8c7e274bff8b85caa42a03/package/active/assets/fonts/FilsonPro/Book.woff?__tbi=114>; rel="canonical"
x-cache: HIT
x-edge-location: noos
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
crv-sdk.trtm.io/library/container/1/tactic.min.js?__tbi=114
82.102.27.18200 OK 20 kB URL HTTP/2 crv-sdk.trtm.io/library/container/1/tactic.min.js?__tbi=114
IP 82.102.27.18:0
File type Unicode text, UTF-8 text, with very long lines (8146)
Hash 5e652d316680e7efd5077b26364465ec
447e1203bfd3cfa9788f0afa83fe7cfd4e60eee3
f9c64067aeec316216d1dd4e92d1382d1e2577b0dc6d31bc3ccbe7605d951f00
GET /library/container/1/tactic.min.js?__tbi=114 HTTP/1.1
Host: crv-sdk.trtm.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: keycdn-engine
date: Sat, 19 Nov 2022 04:45:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 04 Nov 2022 11:26:09 GMT
vary: Accept-Encoding
etag: W/"6364f6d1-4de1"
cache-control: max-age=604800
access-control-allow-headers: *
access-control-allow-methods: *
content-encoding: br
expires: Sat, 26 Nov 2022 04:45:21 GMT
x-edge-location: noos
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.app.tacticrealtime.com/creatives/66/0c/d4/140a8c7e274bff8b85caa42a03/package/active/assets/fonts/FilsonPro/Black.woff?__tbi=114
82.102.27.18200 OK 13 kB URL HTTP/2 cdn.app.tacticrealtime.com/creatives/66/0c/d4/140a8c7e274bff8b85caa42a03/package/active/assets/fonts/FilsonPro/Black.woff?__tbi=114
IP 82.102.27.18:0
File type Web Open Font Format, TrueType, length 12944, version 1.0\012- data
Hash b6941c1d942d79a19ebff22c735e8b7e
5315e4a152d77a80745ae2e86a9cf0604924af4f
7c0ebb39923e4527ecd50dcde60d24fe1db62c81e17d13cb648d4bb6ebafd6fd
GET /creatives/66/0c/d4/140a8c7e274bff8b85caa42a03/package/active/assets/fonts/FilsonPro/Black.woff?__tbi=114 HTTP/1.1
Host: cdn.app.tacticrealtime.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s0.2mdn.net
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: keycdn-engine
date: Sat, 19 Nov 2022 04:45:21 GMT
content-type: font/woff
content-length: 12944
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
last-modified: Wed, 14 Sep 2022 14:31:43 GMT
etag: "b6941c1d942d79a19ebff22c735e8b7e"
x-amz-version-id: vFXkUDRYCig.KAmlBSYfPMeOlTT6YYDi
expires: Sat, 26 Nov 2022 04:45:21 GMT
cache-control: max-age=604800
link: <https://app.tacticrealtime.com/creatives/66/0c/d4/140a8c7e274bff8b85caa42a03/package/active/assets/fonts/FilsonPro/Black.woff?__tbi=114>; rel="canonical"
x-cache: HIT
x-edge-location: noos
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash faaea59e3b4861250a8dd622c6a9cfbb
548e77872b824fd8eaaa0f8eb3e73fca594f6756
39d8d18d42bc5a0274f0e74203b14a467049080ae278b0c7acb529262be371d2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2417
Cache-Control: max-age=134777
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 04:45:21 GMT
Etag: "6377c169-1d7"
Expires: Sun, 20 Nov 2022 18:11:38 GMT
Last-Modified: Fri, 18 Nov 2022 17:31:21 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
track.trtm.io/v1?ms=0e4d2587-4b87-0085-403e-8a490380f672&p=1&mp=3593&mb=114&mc=7699&mcv=48901&ma=27295&mav=155662&mr=1056&mrn=300x250&mrs=300x250&mn=doubleclick&md=googlesyndication.com&e=impression_load&ec=impression&ea=load&el=&ev=0&ac=&an=&am=&as=&at=&cb=6728
63.32.234.186200 OK 0 B URL HTTP/1.1 track.trtm.io/v1?ms=0e4d2587-4b87-0085-403e-8a490380f672&p=1&mp=3593&mb=114&mc=7699&mcv=48901&ma=27295&mav=155662&mr=1056&mrn=300x250&mrs=300x250&mn=doubleclick&md=googlesyndication.com&e=impression_load&ec=impression&ea=load&el=&ev=0&ac=&an=&am=&as=&at=&cb=6728
IP 63.32.234.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1?ms=0e4d2587-4b87-0085-403e-8a490380f672&p=1&mp=3593&mb=114&mc=7699&mcv=48901&ma=27295&mav=155662&mr=1056&mrn=300x250&mrs=300x250&mn=doubleclick&md=googlesyndication.com&e=impression_load&ec=impression&ea=load&el=&ev=0&ac=&an=&am=&as=&at=&cb=6728 HTTP/1.1
Host: track.trtm.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://s0.2mdn.net
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: track.trtm.io
Date: Sat, 19 Nov 2022 04:45:21 GMT
Content-Length: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 0
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Wed, 21 Oct 2015 07:28:00 GMT
img.trtm.io/library/1469/43834/1/f3857a0dab5467d37b4cd58b7353a873/original.jpg?__tua=1665413174&quality=80&width=376&height=238&crop=3245,2057,167,610&__tfi=43834&__tbi=114
82.102.27.18200 OK 13 kB URL HTTP/2 img.trtm.io/library/1469/43834/1/f3857a0dab5467d37b4cd58b7353a873/original.jpg?__tua=1665413174&quality=80&width=376&height=238&crop=3245,2057,167,610&__tfi=43834&__tbi=114
IP 82.102.27.18:0
File type JPEG image data, baseline, precision 8, 376x238, components 3\012- data
Hash b92fc5ec7d52a7e113104353bcd14c52
4a3b66430cf85f780ecf2f4631012d4ec9486421
cec88c23d945a822244c3524da361b23fba6c9f1332bde91b4314d2380b77de0
GET /library/1469/43834/1/f3857a0dab5467d37b4cd58b7353a873/original.jpg?__tua=1665413174&quality=80&width=376&height=238&crop=3245,2057,167,610&__tfi=43834&__tbi=114 HTTP/1.1
Host: img.trtm.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: keycdn-engine
date: Sat, 19 Nov 2022 04:45:22 GMT
content-type: image/jpeg
content-length: 13438
x-ip: 1
x-ip-info: osz=13438 odim=376x238 ofmt=jpeg
x-amz-id-2: 0V1V0BVj/Z6pNvmc7KilK7ufbs5iQg9n+pEWpr2voFNR3X/YIiH42fzkUxCRWdNEeK926uM+OeA=
x-amz-request-id: Q76J9BQJFPYGGTXB
last-modified: Mon, 10 Oct 2022 14:46:15 GMT
etag: "a5e62bc35d8941d9237f6c9e5fa2d8fe"
x-amz-version-id: yMMgzRruSPI8daVE8NZzIrRhtPNvsElP
expires: Sat, 26 Nov 2022 04:45:22 GMT
cache-control: max-age=604800
link: <https://tacticfs.s3.eu-west-1.amazonaws.com/library/1469/43834/1/f3857a0dab5467d37b4cd58b7353a873/original.jpg?__tua=1665413174&quality=80&width=376&height=238&crop=3245,2057,167,610&__tfi=43834&__tbi=114>; rel="canonical"
x-cache: HIT
x-shield: active
x-edge-location: noos
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
172.67.70.145302 Found 0 B URL HTTP/2 fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
IP 172.67.70.145:0
GET /r/14f9494694a9078dc2f4ae3c92e41760/service.js HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 19 Nov 2022 04:45:16 GMT
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/450e059b.js?npr=c1a3b9540f4290a1a965ead6c5f2ea5c
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TYwcL4INMLIyVMeUksZygE6OpE1XhuhpsfzQpdmUUExN4uKRAyRwshy9GdMCiZf0MdTSNbnFy7Tlv1pqfWuBoOmHlwDTjRNitSpFQIZ2Eo8zVBCGG%2BJfEVtaO49kNgQpGnesoFTx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64ba36d160b59-OSL
X-Firefox-Spdy: h2
www.xadsmart.com/floating.js
185.76.9.18200 OK 0 B URL HTTP/2 www.xadsmart.com/floating.js
IP 185.76.9.18:0
ASN #60068 Datacamp Limited
GET /floating.js HTTP/1.1
Host: www.xadsmart.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:17 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Tue, 22 Nov 2022 22:12:15 GMT
access-control-allow-origin: *
link: <https://xadsmart.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1669155135
server: CDN77-Turbo
x-77-nzt: AblMCQ2v41v/nlAEAA
x-77-nzt-ray: c0a4cc2889cb38ec5d5f7863b98dce0e
x-cache: HIT
x-age: 282782
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
adserve2.mahimeta.com/ip/
104.21.13.2200 OK 0 B URL HTTP/2 adserve2.mahimeta.com/ip/
IP 104.21.13.2:0
GET /ip/ HTTP/1.1
Host: adserve2.mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:17 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token
cache-control: no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbnCzdju0iYLYqjvGypZ0FUAgjFDQ8%2FnPLioroCgTY1zMAAsIbisRiRGP4nRPQ2YyqWLJKg8Nn%2BNCQvGbwhZ5jhiacGIhDBoKZo7nSbSD2KHkt%2FQJIBSXOtKk0Ca0DGYjusjWhC8sx4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64ba80e92b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tmearn.com/35VvXi
172.67.137.133301 Moved Permanently 0 B IP 172.67.137.133:0
GET /35VvXi HTTP/1.1
Host: tmearn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Sat, 19 Nov 2022 04:45:15 GMT
content-type: text/html; charset=UTF-8
location: https://blogmado.com/35VvXi
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QhL5E52RYXwxLIi%2BWFiQVXS03EIV0H5fzBtgG9i%2BAz8lk1DLIDyL9i98nJnyxGtjgTwyExbVnWQdIEDVeIvYeeLZ77zMSvbbnF%2FBlISSrypHyaMZwPNuA%2FgrN7WR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64b9cd8dcfac8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adserve.mahimeta.com/networks/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&size=Native_Widget&placement=inline&adId=mMTag_NativeWidget_59146925&screenWidth=1280&screenHeight=939&keywordViolation=false&blockedKeywords=&autoBlock=false&timezone=0&currTime=04:45&referrer=blogmado.com&time_exceeded=false&page_categories=&thin_content_count=100
104.21.13.2200 OK 0 B URL HTTP/2 adserve.mahimeta.com/networks/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&size=Native_Widget&placement=inline&adId=mMTag_NativeWidget_59146925&screenWidth=1280&screenHeight=939&keywordViolation=false&blockedKeywords=&autoBlock=false&timezone=0&currTime=04:45&referrer=blogmado.com&time_exceeded=false&page_categories=&thin_content_count=100
IP 104.21.13.2:0
POST /networks/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&size=Native_Widget&placement=inline&adId=mMTag_NativeWidget_59146925&screenWidth=1280&screenHeight=939&keywordViolation=false&blockedKeywords=&autoBlock=false&timezone=0&currTime=04:45&referrer=blogmado.com&time_exceeded=false&page_categories=&thin_content_count=100 HTTP/1.1
Host: adserve.mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4991
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:17 GMT
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token
cache-control: no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WiUpftzvotZ3tklM0a2yjy2jbKkuaEu7gafTZ1VjLEumEf63m8PHTzwxFG1Nl%2BV8lg%2F%2BwMHzZU%2BorT6xxLJETmtqgBb3U9he0262eSTytx9AmHSN2oBcKXnsGYihzWLNpMJqBaTZXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64ba7de80b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/software/multi/browsers/ff/3/index.html
104.26.6.19200 OK 0 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/software/multi/browsers/ff/3/index.html
IP 104.26.6.19:0
GET /sb/notifications/software/multi/browsers/ff/3/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:19 GMT
content-type: text/html
last-modified: Thu, 08 Sep 2022 07:49:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 117031
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SF6CI3x0idS1pjDlGUZDEE%2BWNZDHPTdCosKPluegLyuE39riaGBtHqG4rPtrlkKRSUVpDQg7EI6ZJRDcgXo9La%2FEBLKAGrz8LEKiAbit15cV2lIJH16BLEDf%2FBec2Aet4o5Zzfg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64bb49d180b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
px.netpub.media/iab?y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&c=FR&g=1&s=complete&yy=e57d0178b8e46c2d872be9636dc62597&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&zz=24fac1c26125a39afd0aa5ac58135f3216b75e1533eebfa826bfb5a9838d817f&r=280&j=0&n=100&v=1.6.0&b=object&a=true&xx=ddd2f09014d68a254357be908a6d89fd&t=1668833117945&q=336&o=466&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&i=1&z=1c2b3d8f5084c3670b0ffbd768d4c149&x=netpub&e=0&aa=e35100fa0fd83af175d97a7addde33550875c3e52102a799311624a412bf988e&k=2&l=1268&p=1004&h=0&m=898&f=dfp
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&c=FR&g=1&s=complete&yy=e57d0178b8e46c2d872be9636dc62597&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&zz=24fac1c26125a39afd0aa5ac58135f3216b75e1533eebfa826bfb5a9838d817f&r=280&j=0&n=100&v=1.6.0&b=object&a=true&xx=ddd2f09014d68a254357be908a6d89fd&t=1668833117945&q=336&o=466&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&i=1&z=1c2b3d8f5084c3670b0ffbd768d4c149&x=netpub&e=0&aa=e35100fa0fd83af175d97a7addde33550875c3e52102a799311624a412bf988e&k=2&l=1268&p=1004&h=0&m=898&f=dfp
IP 172.67.70.145:0
GET /iab?y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&c=FR&g=1&s=complete&yy=e57d0178b8e46c2d872be9636dc62597&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&zz=24fac1c26125a39afd0aa5ac58135f3216b75e1533eebfa826bfb5a9838d817f&r=280&j=0&n=100&v=1.6.0&b=object&a=true&xx=ddd2f09014d68a254357be908a6d89fd&t=1668833117945&q=336&o=466&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&i=1&z=1c2b3d8f5084c3670b0ffbd768d4c149&x=netpub&e=0&aa=e35100fa0fd83af175d97a7addde33550875c3e52102a799311624a412bf988e&k=2&l=1268&p=1004&h=0&m=898&f=dfp HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:20 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQvkwsECNDCVYoRDLhvptR3DvoPO4FrgoTlKm1J9HtIhE9F9iSh1%2B%2FTzqqxImqpfLZ9tWMsu%2FGOk9t3jiyXm9%2BM%2F8C62melxkOUuUsRs1qwGHaowX6wF%2FSgw8l1qHd03xw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64bb7fb8c0b59-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700
IP 142.250.74.10:0
GET /css?family=Droid+Sans%3Aregular%2C700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 19 Nov 2022 04:45:16 GMT
date: Sat, 19 Nov 2022 04:45:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
172.67.70.145302 Found 0 B URL HTTP/2 fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
IP 172.67.70.145:0
GET /r/14f9494694a9078dc2f4ae3c92e41760/service.js HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 19 Nov 2022 04:45:16 GMT
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/450e059b.js?npr=c1a3b9540f4290a1a965ead6c5f2ea5c
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CfgGO%2F01nNDp5G5lAW4ThlB86WtZ%2BJIByb2wSkkNOFt0CfqwLUFMNqPtUbhmZ%2BsqL7QB0KBabxixDIMIbNdTdQwZZ6PFo8gW1oavk9x6W6%2BxboovaOcpm8no1e64kR4JHVAK9Jud"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64ba36d190b59-OSL
X-Firefox-Spdy: h2
adserve2.mahimeta.com/networks/time/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&screenWidth=1280&screenHeight=939&landed=true&ping=false
104.21.13.2200 OK 0 B URL HTTP/2 adserve2.mahimeta.com/networks/time/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&screenWidth=1280&screenHeight=939&landed=true&ping=false
IP 104.21.13.2:0
POST /networks/time/?domain=blogmado.com&pathname=%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&query=¤tPage=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&screenWidth=1280&screenHeight=939&landed=true&ping=false HTTP/1.1
Host: adserve2.mahimeta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4991
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:17 GMT
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token
cache-control: no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mv6IdZ%2FyV7s4FHpxH9r9XC1TEtp9XlU82yDIlc9klK9uo%2BCbg%2FnxBSDgIahz0PktXFxqPlMA7u4jFpo2A7ehn2fRtBfYxXwijPOghY3GyVGzOJo0elf3lHDZygzzNChF%2F3aWnLCd9f4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64ba7fe90b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
px.netpub.media/iab?g=0&m=898&l=1268&h=0&b=string&z=1c2b3d8f5084c3670b0ffbd768d4c149&r=90&w=14f9494694a9078dc2f4ae3c92e41760&v=1.6.0&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&n=100&e=0&zz=4f77504282e29ecfe43ad0ca4eeada5a87b59c0d71f560cf7f770249af716ab8&a=true&p=287&aa=fa22b249cd650d670071fea21d2096f040c2a5b15e969792c89bc8a1b136bef1&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&j=0&k=3&x=netpub&f=dfp&i=1&t=1668833117638&s=complete&c=FR&q=728&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&yy=1664726d9fa4060b660f7b682c21cd9e&o=270&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?g=0&m=898&l=1268&h=0&b=string&z=1c2b3d8f5084c3670b0ffbd768d4c149&r=90&w=14f9494694a9078dc2f4ae3c92e41760&v=1.6.0&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&n=100&e=0&zz=4f77504282e29ecfe43ad0ca4eeada5a87b59c0d71f560cf7f770249af716ab8&a=true&p=287&aa=fa22b249cd650d670071fea21d2096f040c2a5b15e969792c89bc8a1b136bef1&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&j=0&k=3&x=netpub&f=dfp&i=1&t=1668833117638&s=complete&c=FR&q=728&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&yy=1664726d9fa4060b660f7b682c21cd9e&o=270&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0
IP 172.67.70.145:0
GET /iab?g=0&m=898&l=1268&h=0&b=string&z=1c2b3d8f5084c3670b0ffbd768d4c149&r=90&w=14f9494694a9078dc2f4ae3c92e41760&v=1.6.0&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&n=100&e=0&zz=4f77504282e29ecfe43ad0ca4eeada5a87b59c0d71f560cf7f770249af716ab8&a=true&p=287&aa=fa22b249cd650d670071fea21d2096f040c2a5b15e969792c89bc8a1b136bef1&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&j=0&k=3&x=netpub&f=dfp&i=1&t=1668833117638&s=complete&c=FR&q=728&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&yy=1664726d9fa4060b660f7b682c21cd9e&o=270&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:19 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lg7SvxLiwqJf5buJwwm0wNhO%2BYiv4DKYsJjw3nULz%2FJu5LfW%2FDjHAVfytGAHN9v3Z7NbZm7c9qs3mmWsEiaNgyKG%2FxBx3anzxlmhlb4miWrKOFuofdWQ4PZRNkWPv2cfvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64bb5eae20b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&c=FR&g=0&s=complete&yy=e57d0178b8e46c2d872be9636dc62597&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&zz=24fac1c26125a39afd0aa5ac58135f3216b75e1533eebfa826bfb5a9838d817f&r=280&j=0&n=100&v=1.6.0&b=object&a=true&xx=ddd2f09014d68a254357be908a6d89fd&t=1668833117944&q=336&o=466&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&i=1&z=1c2b3d8f5084c3670b0ffbd768d4c149&x=netpub&e=0&aa=e35100fa0fd83af175d97a7addde33550875c3e52102a799311624a412bf988e&k=2&l=1268&p=1004&h=0&m=898&f=dfp
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&c=FR&g=0&s=complete&yy=e57d0178b8e46c2d872be9636dc62597&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&zz=24fac1c26125a39afd0aa5ac58135f3216b75e1533eebfa826bfb5a9838d817f&r=280&j=0&n=100&v=1.6.0&b=object&a=true&xx=ddd2f09014d68a254357be908a6d89fd&t=1668833117944&q=336&o=466&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&i=1&z=1c2b3d8f5084c3670b0ffbd768d4c149&x=netpub&e=0&aa=e35100fa0fd83af175d97a7addde33550875c3e52102a799311624a412bf988e&k=2&l=1268&p=1004&h=0&m=898&f=dfp
IP 172.67.70.145:0
GET /iab?y=%2F112081842%2C22620349674%2Fblogmado.com_336x280_banner1_marco2&c=FR&g=0&s=complete&yy=e57d0178b8e46c2d872be9636dc62597&w=14f9494694a9078dc2f4ae3c92e41760&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&zz=24fac1c26125a39afd0aa5ac58135f3216b75e1533eebfa826bfb5a9838d817f&r=280&j=0&n=100&v=1.6.0&b=object&a=true&xx=ddd2f09014d68a254357be908a6d89fd&t=1668833117944&q=336&o=466&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&i=1&z=1c2b3d8f5084c3670b0ffbd768d4c149&x=netpub&e=0&aa=e35100fa0fd83af175d97a7addde33550875c3e52102a799311624a412bf988e&k=2&l=1268&p=1004&h=0&m=898&f=dfp HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:20 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L3qvSwZe1pS%2B1V%2F3SAjhoVSc6vRy3Bhqv3EedBms2mzzzgWjpHi2uCB8UI%2Bd4FXzfP2sR9z%2FpVb0LhDzAewBNX3ZZ607pPuzbnt5LtQarM%2B0jji59zluYgzNm%2Bqc9upcWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64bb7fb8a0b59-OSL
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/style.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/css/style.css
IP 172.64.109.13:0
GET /sb/notifications/software/multi/browsers/ff/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blogmado.com
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:19 GMT
content-type: text/css
last-modified: Thu, 08 Sep 2022 07:49:56 GMT
etag: W/"63199ea4-e97"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYKdVolBtLDyB5zPIOz28ekiQkzxb9Lb446EtEc9AGMV3evHZePrVmOFdNATZ9vakzlKXHRcnpQKocMnOIHIIKpemI7GNvzgwZBr2LObiI7tfWIQU%2ByxlvXHG1ELvvHWX1M9lB%2Bsp5be"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64bb578c77403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js
IP 172.64.109.13:0
GET /sb/notifications/software/multi/browsers/ff/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:20 GMT
content-type: application/javascript
last-modified: Thu, 08 Sep 2022 07:49:59 GMT
etag: W/"63199ea7-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FNpi7SmruN9cVk9I8sx1uDr81XTIpFSAmRlnGYAN9572lfrg24yMqhmhXBLSiSOYNcGwxcsl7a%2BrSFVgQTCgkoUYkzRN7A2dGslyeLRQtwoLbkBk0e%2Fhpm%2BFNtTrWtUGnOPOpvvX7FwO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64bb588ce7403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
172.67.70.145302 Found 0 B URL HTTP/2 fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
IP 172.67.70.145:0
GET /r/14f9494694a9078dc2f4ae3c92e41760/service.js HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 19 Nov 2022 04:45:16 GMT
content-type: text/html; charset=iso-8859-1
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/450e059b.js?npr=c1a3b9540f4290a1a965ead6c5f2ea5c
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HKKJgtt9d9m5Cuu0KI3K%2Bv5M6cFsg57zimjQkYh5Hy8wyNiLBEMNnFw2Y4jzrdZhVHIrLe%2B0N7qqFhmx891FqTf5jf8njSZDmeESwalnFf1usJv%2F1e%2Fu6vgNW8aKTqhBCWnVtluw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64ba36d150b59-OSL
X-Firefox-Spdy: h2
crv-sdk.trtm.io/library/adapter/doubleclick/1/doubleclick.min.js?__tbi=114
82.102.27.18200 OK 0 B URL HTTP/2 crv-sdk.trtm.io/library/adapter/doubleclick/1/doubleclick.min.js?__tbi=114
IP 82.102.27.18:0
GET /library/adapter/doubleclick/1/doubleclick.min.js?__tbi=114 HTTP/1.1
Host: crv-sdk.trtm.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s0.2mdn.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: keycdn-engine
date: Sat, 19 Nov 2022 04:45:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 04 Nov 2022 11:26:08 GMT
vary: Accept-Encoding
etag: W/"6364f6d0-1bcf"
cache-control: max-age=604800
access-control-allow-headers: *
access-control-allow-methods: *
content-encoding: br
expires: Sat, 26 Nov 2022 04:45:21 GMT
x-edge-location: noos
access-control-allow-origin: *
X-Firefox-Spdy: h2
px.netpub.media/iab?g=1&m=898&l=1268&h=0&b=string&z=1c2b3d8f5084c3670b0ffbd768d4c149&r=90&w=14f9494694a9078dc2f4ae3c92e41760&v=1.6.0&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&n=100&e=0&zz=4f77504282e29ecfe43ad0ca4eeada5a87b59c0d71f560cf7f770249af716ab8&a=true&p=287&aa=fa22b249cd650d670071fea21d2096f040c2a5b15e969792c89bc8a1b136bef1&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&j=0&k=3&x=netpub&f=dfp&i=1&t=1668833117640&s=complete&c=FR&q=728&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&yy=1664726d9fa4060b660f7b682c21cd9e&o=270&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?g=1&m=898&l=1268&h=0&b=string&z=1c2b3d8f5084c3670b0ffbd768d4c149&r=90&w=14f9494694a9078dc2f4ae3c92e41760&v=1.6.0&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&n=100&e=0&zz=4f77504282e29ecfe43ad0ca4eeada5a87b59c0d71f560cf7f770249af716ab8&a=true&p=287&aa=fa22b249cd650d670071fea21d2096f040c2a5b15e969792c89bc8a1b136bef1&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&j=0&k=3&x=netpub&f=dfp&i=1&t=1668833117640&s=complete&c=FR&q=728&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&yy=1664726d9fa4060b660f7b682c21cd9e&o=270&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0
IP 172.67.70.145:0
GET /iab?g=1&m=898&l=1268&h=0&b=string&z=1c2b3d8f5084c3670b0ffbd768d4c149&r=90&w=14f9494694a9078dc2f4ae3c92e41760&v=1.6.0&y=%2F112081842%2C22620349674%2Fblogmado.com_728x90_banner1_marco2&n=100&e=0&zz=4f77504282e29ecfe43ad0ca4eeada5a87b59c0d71f560cf7f770249af716ab8&a=true&p=287&aa=fa22b249cd650d670071fea21d2096f040c2a5b15e969792c89bc8a1b136bef1&xx=4a54823cf5abfe9f0e9d3cdf405aacc7&j=0&k=3&x=netpub&f=dfp&i=1&t=1668833117640&s=complete&c=FR&q=728&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F&yy=1664726d9fa4060b660f7b682c21cd9e&o=270&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0 HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:19 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IfyoldFt9yu5C9aP59LdpxPHUb8UAz8Gbxm5AivZ4WxtQBUU%2B6G8MS1pcaHuDNg3UUxvpaGNAnm%2FpIby3sVqIv4AK7TqNWdq2UxgJivzjjK7DJp4upajByOcMfLyc2ykUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64bb5eae30b59-OSL
X-Firefox-Spdy: h2
fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/450e059b.js?npr=c1a3b9540f4290a1a965ead6c5f2ea5c
172.67.70.145200 OK 0 B URL HTTP/2 fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/450e059b.js?npr=c1a3b9540f4290a1a965ead6c5f2ea5c
IP 172.67.70.145:0
GET /r/14f9494694a9078dc2f4ae3c92e41760/450e059b.js?npr=c1a3b9540f4290a1a965ead6c5f2ea5c HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blogmado.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 31 Oct 2022 22:22:14 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cache-control: max-age=2678400
cf-cache-status: HIT
age: 5826
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HBirN7nx%2BMcQ4OzBn%2Fbxdy0UUW%2FHJa7ky7WqCBUAA0EQfUDZQCk3%2FCLNNapLKA06jtg0ocHfp%2Fz3YbBAPODN%2FqDpEVOSkTPe%2B8ZL4GsEXl3sXrrq5PdEPF%2F7MgmwN0dexUb59rxs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64ba36d1a0b59-OSL
content-encoding: br
X-Firefox-Spdy: h2
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833114462
172.67.70.145301 Moved Permanently 0 B URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833114462
IP 172.67.70.145:0
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833114462 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sat, 19 Nov 2022 04:45:16 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Sat, 19 Nov 2022 05:45:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E63Z7sP%2Bmch89nlgA%2FBHcRWkKXwCp8V3qKijnj98zW8jXXuY11JOXD9tMxwpOFmdLjxKiiG0OixDH5z1ry7Fnzahlbq1czY03Eyg62P%2Fu%2FV3FmRf2ZWWjVQd%2BJQmGU3ZOa7slnw5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64ba2acd20b59-OSL
X-Firefox-Spdy: h2
fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833115188
172.67.70.145301 Moved Permanently 0 B URL HTTP/2 fstatic.netpub.media/static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833115188
IP 172.67.70.145:0
GET /static/14f9494694a9078dc2f4ae3c92e41760.min.js?1668833115188 HTTP/1.1
Host: fstatic.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sat, 19 Nov 2022 04:45:17 GMT
location: https://fstatic.netpub.media/r/14f9494694a9078dc2f4ae3c92e41760/service.js
cache-control: max-age=3600
expires: Sat, 19 Nov 2022 05:45:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z7PrhcRaJWpN6uyhm9CMsCmWr7jsM70TVnuK9W%2Bb2LLVYVZxgaAorIPJsVnckQOClGTfDyRqlBhKVxYknzYNpQEJ%2BcmZVsf1yViersziQBjUGu86hkTZSpJyRiavpyTKdrn5vkHh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76c64ba69e380b59-OSL
X-Firefox-Spdy: h2
px.netpub.media/iab?o=474&k=5&b=fetch&xx=15663b3c58a43d9a93f21c260527a47a&s=complete&g=0&p=601&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&e=0&w=14f9494694a9078dc2f4ae3c92e41760&z=1c2b3d8f5084c3670b0ffbd768d4c149&m=898&f=dfp&c=FR&q=320&i=1&a=true&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_6&v=1.6.0&x=netpub&r=100&yy=f34f336f7278c146e753e83ab53009ee&zz=a2302996a403f19e6e59ea1be534c7f07672dc1417748ef308fa580490652a4e&aa=5a4fc3df82df6af687e37ede081e671f5224a4c52beec2e57327aa7e874220a3&j=0&n=100&l=1268&t=1668833117727&h=0&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F
172.67.70.145200 OK 0 B URL HTTP/2 px.netpub.media/iab?o=474&k=5&b=fetch&xx=15663b3c58a43d9a93f21c260527a47a&s=complete&g=0&p=601&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&e=0&w=14f9494694a9078dc2f4ae3c92e41760&z=1c2b3d8f5084c3670b0ffbd768d4c149&m=898&f=dfp&c=FR&q=320&i=1&a=true&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_6&v=1.6.0&x=netpub&r=100&yy=f34f336f7278c146e753e83ab53009ee&zz=a2302996a403f19e6e59ea1be534c7f07672dc1417748ef308fa580490652a4e&aa=5a4fc3df82df6af687e37ede081e671f5224a4c52beec2e57327aa7e874220a3&j=0&n=100&l=1268&t=1668833117727&h=0&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F
IP 172.67.70.145:0
GET /iab?o=474&k=5&b=fetch&xx=15663b3c58a43d9a93f21c260527a47a&s=complete&g=0&p=601&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&e=0&w=14f9494694a9078dc2f4ae3c92e41760&z=1c2b3d8f5084c3670b0ffbd768d4c149&m=898&f=dfp&c=FR&q=320&i=1&a=true&y=%2F29636627%2C22620349674%2Fblogmado.com_fluid_6&v=1.6.0&x=netpub&r=100&yy=f34f336f7278c146e753e83ab53009ee&zz=a2302996a403f19e6e59ea1be534c7f07672dc1417748ef308fa580490652a4e&aa=5a4fc3df82df6af687e37ede081e671f5224a4c52beec2e57327aa7e874220a3&j=0&n=100&l=1268&t=1668833117727&h=0&d=https%3A%2F%2Fblogmado.com%2F2022%2F06%2F22%2Fwhen-is-the-right-time-to-buy-a-health-insurance-policy%2F HTTP/1.1
Host: px.netpub.media
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blogmado.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:19 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: X-HTTPREQUEST
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2vEcFMPd4wRnD40dCFsez75GtMFNPt%2FxV1wA44QWok6%2B%2FppM6RzehozkQ5QOEoFXLnXgf73RkrMS4JKH%2BBOlbwA%2Bdq8Kg2MuA%2Fk%2B7IhSkDwz1J6pxPyV8WiPOwz6FnuvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64bb69b240b59-OSL
X-Firefox-Spdy: h2
blogmado.com/2022/06/22/when-is-the-right-time-to-buy-a-health-insurance-policy/
104.21.56.203200 OK 0 B URL HTTP/2 blogmado.com/2022/06/22/when-is-the-right-time-to-buy-a-health-insurance-policy/
IP 104.21.56.203:0
GET /2022/06/22/when-is-the-right-time-to-buy-a-health-insurance-policy/ HTTP/1.1
Host: blogmado.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=32d90696e7ff4e25e4b2e4ff61bbf17f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Sat, 19 Nov 2022 04:45:16 GMT
content-type: text/html; charset=UTF-8
x-pingback: https://blogmado.com/xmlrpc.php
link: <https://blogmado.com/wp-json/>; rel="https://api.w.org/", <https://blogmado.com/wp-json/wp/v2/posts/53>; rel="alternate"; type="application/json", <https://blogmado.com/?p=53>; rel=shortlink
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E9R7bTDNdOUFUDhP%2FOJBX4jUV5DAoki8bY5fLQUXIB0NswbEC3nXwmw32WJnDOVEPIYWGSjHAQlriQYE1JyBxeJd93foPcdP3yMRaE8BxAhXoXKaTSUjdMgIPtljvl0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76c64b9f788db4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2