johansonhavock.blogspot.com/2022/06/how-many-people-are-playing-battlefield.html
301 Moved Permanently 225 B URL HTTP/1.1 johansonhavock.blogspot.com/2022/06/how-many-people-are-playing-battlefield.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 262b581b00f263e769b1612b86e6ae56
2c74e6c05c6948eb845dbfab445290d1a5448d56
6b581b19c0b48b5dad292c6af26de649cc8ebfaaee7e6f1cb8816e1aea536254
GET /2022/06/how-many-people-are-playing-battlefield.html HTTP/1.1
Host: johansonhavock.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://johansonhavock.blogspot.com/2022/06/how-many-people-are-playing-battlefield.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 19 Sep 2022 11:17:27 GMT
Expires: Mon, 19 Sep 2022 11:17:27 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 225
Server: GSE
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash adb43321efa5cd1662993b701ff25fa4
1299dcea7e9c59d9f22f39d69025484fe71098c1
2c25a6717245be3746f1412af9dd1c351e12dbb93e8e08c3ddcdacf35e419514
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C25A6717245BE3746F1412AF9DD1C351E12DBB93E8E08C3DDCDACF35E419514"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3503
Expires: Mon, 19 Sep 2022 12:15:50 GMT
Date: Mon, 19 Sep 2022 11:17:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 19 Sep 2022 11:12:40 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lq2Lr9SZdKD_zJBGymqJb_qk6qdHinSPs3Iq9pKPlmZqd3iiZetidg==
Age: 287
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ypYyimOmFzWKA4wxMlo8Z2yUPq5M5vxYzlqpEFcY-SP_oE8C2XWLXg==
age: 24134
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 07566e7f0afe22aa412420cd4521193c
0d7ad3ad7187052880bd11576a49d5ce88faaf6a
f33d32e8d07bd001bf1205deadf439ea3009de7341719f33c1798d41faa71876
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 11:17:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 19 Sep 2022 11:03:22 GMT
Cache-Control: max-age=3600
Expires: Mon, 19 Sep 2022 11:20:11 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pB1Jg1rXmlJ1rZ1jyLlZR1mGS3bxS7Ez_EI4hm38o3gMhNh0nh5M3Q==
Age: 846
ocsp.digicert.com/
200 OK 471 B IP
Hash 5c817aa82ca8ed4a4257fd1e1628b423
7905c62b6bbc582860c07b75eddae371a4b8d02b
dce1783ecfe50c83d30878b48d60e1cf3fe42a3fa4090fb5d318194de73e53d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4795
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:28 GMT
Last-Modified: Mon, 19 Sep 2022 09:57:33 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5w4UuiKWDu6IcSTWMwlWVQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RXq5BSydM4xlFdhRNwJiUYA0iI4=
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 07566e7f0afe22aa412420cd4521193c
0d7ad3ad7187052880bd11576a49d5ce88faaf6a
f33d32e8d07bd001bf1205deadf439ea3009de7341719f33c1798d41faa71876
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
johansonhavock.blogspot.com/2022/06/how-many-people-are-playing-battlefield.html
200 OK 64 kB URL HTTP/2 johansonhavock.blogspot.com/2022/06/how-many-people-are-playing-battlefield.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7031)
Hash da831d35c4219ffe0d66d512a50fa526
4c4bab1e78b210ee16695bf3140a00a077ec5c86
5650de80f2c54983ef8808eed384c2cfb792f38d3fe864226c4bc94cfbae2f0c
GET /2022/06/how-many-people-are-playing-battlefield.html HTTP/1.1
Host: johansonhavock.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Mon, 19 Sep 2022 11:17:28 GMT
date: Mon, 19 Sep 2022 11:17:28 GMT
cache-control: private, max-age=0
last-modified: Sun, 18 Sep 2022 16:12:14 GMT
etag: W/"ea8d5f29189cd483c659fca7204b3b22be482d19fdb46e34695a905a9978f89a"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 64161
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.akamai.steamstatic.com/steam/apps/1238840/header.jpg?t=1633006806
200 OK 40 kB URL HTTP/1.1 cdn.akamai.steamstatic.com/steam/apps/1238840/header.jpg?t=1633006806
IP
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 460x215, components 3\012- data
Hash 72b5a286359b3649f1b718a4acf32119
abd4ea9f6ef4c7af2a2f2882f15851563d04e381
cca9d298dff13a18e426e51169678e7b0bd8d855d1869e1348b0d987197a1152
GET /steam/apps/1238840/header.jpg?t=1633006806 HTTP/1.1
Host: cdn.akamai.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Thu, 24 Jun 2021 21:46:19 GMT
ETag: "60d4fd2b-9e18"
Server: nginx/1.10.3 (Ubuntu)
Content-Type: image/jpeg
Content-Length: 40472
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Cache-Control: public, max-age=296047
Expires: Thu, 22 Sep 2022 21:31:36 GMT
Date: Mon, 19 Sep 2022 11:17:29 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 52c37c4d77fac06c9ae0bb67cb75d833
9889a71e2e46b87368c8b1182ec3eb376ee0b895
2b8b4de98acde6db4158743bf1c3cd63ff4396bdc4916c12cf82b18bcac4dfbc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudflare.steamstatic.com/steam/apps/1240210/capsule_sm_120.jpg
200 OK 4.5 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1240210/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash 8aa311273cab6c457937f34d6be0a09e
5c3da9d2981e4d0239cc67f44fea896fd22d749c
f62166c780af67175d473440971ef5301fa1cb59aac58111073255472662cc81
GET /steam/apps/1240210/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 4470
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-bgj: h2pri
etag: "61163800-1176"
expires: Sat, 24 Sep 2022 00:43:34 GMT
last-modified: Fri, 13 Aug 2021 09:14:40 GMT
cf-cache-status: HIT
age: 64141
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a3bd40b3d-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ca3ab7a8411ba9c6350d504e65a95cc6
8b39f564b1b1cb1d262cb57b41a4bb5de331087f
cb51d72baec3c84ac94d419aab6d291b7596a9098525471fdb3fbbb6d34aa3db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js
200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 391678ecd81abb89d767676563d04a0d
ca95c965bf5453f22a77969f650d82cc0495aedc
0688a8577842e3019d1880c5e32bf44ab58a93592218886291e05eb8a1907c7b
GET /ajax/libs/jquery/3.5.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 27964
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15d95"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6630274
expires: Sat, 09 Sep 2023 11:17:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZLS7b44n9uGHp0FF2N65AyI79cPItCt5J3Cv7jlArpNWliwrWSxg79ZiDPHttGGgqCcjdZFXC%2B2e5FET0%2BSHFdeRxRlxQebVuVCAA5yzLyIpnrzwcTrff7h1BVzvyaMJIx5FLla9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74d1ea4a3e75b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
apis.google.com/js/platform.js
200 OK 20 kB URL HTTP/2 apis.google.com/js/platform.js
IP
File type ASCII text, with very long lines (1277)
Hash b5a31516be83fe4f962609045d824f88
939a49a9858bf23561279f9ca2d1941d3256c66f
edb661aa461800e97e3847608a8b2d81cfe345f69a6f84abaa001d8a60500328
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20361
date: Mon, 19 Sep 2022 11:17:29 GMT
expires: Mon, 19 Sep 2022 11:17:29 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "40c22a9ccbd70870"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 394bcb7d2d03225cc35ac7afed1ca636
f9527034abeec236e7ffacc23473930958e04224
0254137487ef4a909a8c18cd47f5080e989796a5e1fe7873950617953a58c8d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudflare.steamstatic.com/steam/apps/1238880/capsule_sm_120.jpg
200 OK 4.9 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1238880/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash 40710e25c22e923c91332fbf71c40688
c1f1a59286067cf243d265fe44702cb423015497
d628a373ea2e0cd3f607f9bb1dfe2696ec249d12a41a388a02ba2967a52006a2
GET /steam/apps/1238880/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 4935
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-bgj: h2pri
etag: "5ee246eb-1347"
expires: Sun, 25 Sep 2022 10:54:19 GMT
last-modified: Thu, 11 Jun 2020 14:59:55 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a1bad0b3d-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 394bcb7d2d03225cc35ac7afed1ca636
f9527034abeec236e7ffacc23473930958e04224
0254137487ef4a909a8c18cd47f5080e989796a5e1fe7873950617953a58c8d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cloudflare.steamstatic.com/steam/apps/1238860/capsule_sm_120.jpg
200 OK 4.2 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1238860/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash 4f9fae627b87e988fe1b805c005500e2
4ae35311dc429e4eb8642fdfd0ea4a583bcf3367
d852491034dd50a5fbeb871daef2763fb0468f9ee2c2f27c2357726381eab6d5
GET /steam/apps/1238860/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 4216
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-bgj: h2pri
etag: "60c12bdc-1078"
expires: Fri, 23 Sep 2022 22:31:35 GMT
last-modified: Wed, 09 Jun 2021 21:00:12 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a2bb10b3d-OSL
X-Firefox-Spdy: h2
cdn.cloudflare.steamstatic.com/steam/apps/1240230/capsule_sm_120.jpg
200 OK 5.3 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1240230/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash a511a37eb34575c56fe84300b58947bb
e72344c103bebd3cd62ca6aa426ae231ed08d76e
1f56a891b19775b969d40c444f2115856d08727a6cc4cb9581b4206711de9817
GET /steam/apps/1240230/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 5319
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-bgj: h2pri
etag: "5e3afca6-14c7"
expires: Sat, 24 Sep 2022 21:11:07 GMT
last-modified: Wed, 05 Feb 2020 17:34:30 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a1bae0b3d-OSL
X-Firefox-Spdy: h2
cdn.cloudflare.steamstatic.com/steam/apps/1239080/capsule_sm_120.jpg
200 OK 3.4 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1239080/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash 87a170f6ec39353c52c4c79ec00876f2
e36d9fa5d13c62a8b1ff36f46455bec0d51e3332
3cdf4408fb5a24355b71ae3f06a1cac3ab31d0ca889dcca89ac4de469a388951
GET /steam/apps/1239080/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 3418
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-bgj: h2pri
etag: "5e3970af-d5a"
expires: Sat, 24 Sep 2022 00:43:34 GMT
last-modified: Tue, 04 Feb 2020 13:25:03 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a1ba60b3d-OSL
X-Firefox-Spdy: h2
cdn.cloudflare.steamstatic.com/steam/apps/1239260/capsule_sm_120.jpg
200 OK 4.1 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1239260/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash be13a3fb687d7689a7591c8ba9d56e7f
6f2f08531c0efb7683f1eb7f7d69358172fa19b3
b635cc12b012c50ede6d4aa185b364c6b3b9e08835b9b4e04516d5a24c1579e4
GET /steam/apps/1239260/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 4105
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-bgj: h2pri
etag: "5e33d1d1-1009"
expires: Sun, 25 Sep 2022 16:25:19 GMT
last-modified: Fri, 31 Jan 2020 07:05:53 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a1baa0b3d-OSL
X-Firefox-Spdy: h2
cdn.cloudflare.steamstatic.com/steam/apps/1239520/capsule_sm_120.jpg
200 OK 4.3 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1239520/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash 2a2ecd259b708c91998a04417d875747
31532d04145a15da534a346e850669bd435e31f2
c67200d2f1488ceeb60227227487b4a59a06ca484e14795972a76d12efa21161
GET /steam/apps/1239520/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 4277
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-bgj: h2pri
etag: "5ff58ed7-10b5"
expires: Fri, 23 Sep 2022 22:55:54 GMT
last-modified: Wed, 06 Jan 2021 10:20:07 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a3bce0b3d-OSL
X-Firefox-Spdy: h2
cdn.cloudflare.steamstatic.com/steam/apps/1239690/capsule_sm_120.jpg
200 OK 4.5 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1239690/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash fae3449f99a0ac9737e8b389e05cee3d
8cfd4d785fd6c12a0e6062dd77f8cffad684a541
4b8a4f74b78557cf5095e1ad9e73ed5fb254f78459332de4c4c74368675e4805
GET /steam/apps/1239690/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 4539
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-bgj: h2pri
etag: "5e4c3831-11bb"
expires: Fri, 23 Sep 2022 12:37:11 GMT
last-modified: Tue, 18 Feb 2020 19:17:05 GMT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a3bd60b3d-OSL
X-Firefox-Spdy: h2
www.blogger.com/static/v1/jsbin/3262169375-comment_from_post_iframe.js
200 OK 6.5 kB URL HTTP/2 www.blogger.com/static/v1/jsbin/3262169375-comment_from_post_iframe.js
IP
File type ASCII text, with very long lines (1264)
Hash 30af015884191ce4fe52ce1e707baed9
faa1418efa036704d31eb90f4fbd82de456b81b7
0456cf81299c957c8e54dabb00b4d6d96b76be729b1e112d478b34ba56d8059d
GET /static/v1/jsbin/3262169375-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6499
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 18 Sep 2022 18:36:04 GMT
expires: Mon, 18 Sep 2023 18:36:04 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 18 Sep 2022 02:49:24 GMT
content-type: text/javascript
age: 60085
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/3753684042-widgets.js
200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/3753684042-widgets.js
IP
File type ASCII text, with very long lines (2221)
Hash 9310029f33929201831992bd74c13953
092fc9b60b0fcc7e24b80eb89f40178e91effb98
ed0ad17efb3c922e7bc8feffa0a5718d2ad226c44f2bb183b6ad163684f3b982
GET /static/v1/widgets/3753684042-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 57039
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Sep 2022 01:53:41 GMT
expires: Fri, 15 Sep 2023 01:53:41 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 08 Sep 2022 20:54:17 GMT
content-type: text/javascript
age: 379428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs
200 OK 58 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs
IP
File type ASCII text, with very long lines (580)
Hash d70fcc84d705c565b31a5835c0938d5b
d28e5dc9fcc6239d67986df3205468072023d2d7
1d558c94793446aa6a7832dde0c39ed7d9c77fd963ffb738c460e4f7369a7f4e
GET /_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57995
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 18 Sep 2022 07:25:35 GMT
expires: Mon, 18 Sep 2023 07:25:35 GMT
cache-control: public, max-age=31536000
age: 100314
last-modified: Sat, 30 Jul 2022 15:17:53 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 56433b6932f28a949ac82fec1caa9e99
017c5a1ccc0f6e68fd60a9d0658c0526b81b4156
a6fe9208db3d30b3a81378a59aa588480ab2080c33f1d0921752c2dfdc76d1fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 394bcb7d2d03225cc35ac7afed1ca636
f9527034abeec236e7ffacc23473930958e04224
0254137487ef4a909a8c18cd47f5080e989796a5e1fe7873950617953a58c8d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6f0747f732f05e110f9fe9938de620d3
d4e9a55014187d0d2af174e5c27d03cc10c6cb05
32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
200 OK 67 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 67
x-xss-protection: 0
date: Sun, 18 Sep 2022 20:42:40 GMT
expires: Sun, 02 Oct 2022 20:42:40 GMT
cache-control: public, max-age=1209600
age: 52489
etag: 13036835877489095579
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.cloudflare.steamstatic.com/steam/apps/1239320/capsule_sm_120.jpg
200 OK 5.6 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1239320/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash ba0f057441853ab3250bd0212c55ff58
9cd5a2280de10277de7d96cd2571a044c95907c9
30abdd747ec65aedb2b9cc24c72ee38b7f87504c7e4d35fa30ad5e78238c9f6f
GET /steam/apps/1239320/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 5611
last-modified: Thu, 17 Mar 2022 17:36:11 GMT
etag: "6233718b-15eb"
expires: Mon, 26 Sep 2022 11:17:29 GMT
cache-control: max-age=604800, public
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a2bb70b3d-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6f0747f732f05e110f9fe9938de620d3
d4e9a55014187d0d2af174e5c27d03cc10c6cb05
32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/dyn-css/authorization.css?targetBlogID=701928804747626226&zx=cd28bfa9-b00f-479d-8390-b51ed0de8720
200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=701928804747626226&zx=cd28bfa9-b00f-479d-8390-b51ed0de8720
IP
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=701928804747626226&zx=cd28bfa9-b00f-479d-8390-b51ed0de8720 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 19 Sep 2022 11:17:29 GMT
last-modified: Mon, 19 Sep 2022 11:17:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.cloudflare.steamstatic.com/steam/apps/1239020/capsule_sm_120.jpg
200 OK 4.6 kB URL HTTP/2 cdn.cloudflare.steamstatic.com/steam/apps/1239020/capsule_sm_120.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 120x45, components 3\012- data
Hash 297f48a92766836aa4f3565779dd85c0
78cd55b5517b55548c6e982566e47513d1ba9ef1
08a71926a39105d35a6626117a2d1fd4a1937656fb9096d2f2546a45feb5b2cb
GET /steam/apps/1239020/capsule_sm_120.jpg HTTP/1.1
Host: cdn.cloudflare.steamstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:29 GMT
content-type: image/jpeg
content-length: 4568
last-modified: Wed, 15 Jul 2020 03:42:51 GMT
etag: "5f0e7b3b-11d8"
expires: Mon, 26 Sep 2022 11:17:29 GMT
cache-control: max-age=604800, public
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea4a1bac0b3d-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v6/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v6/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 7924, version 1.0\012- data
Hash e535f7856b24153e0f3146e8f90a45c5
e5da5f96d38b08cc6ed2973735b5a9b9af066458
56a522e79770e488da6015ed10f8c2bdafbcd87a7c6d443f7a293579bd0ef58d
GET /s/poppins/v6/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 00:40:52 GMT
expires: Tue, 19 Sep 2023 00:40:52 GMT
cache-control: public, max-age=31536000
age: 38197
last-modified: Tue, 19 Feb 2019 22:26:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9517f7dfe0b74e5812a98a41f645aac2
c1cd3fddb0054b891454467d4212f32d17fd3e1c
dcd4f6c7c5eba66ee30050cc7cf7de2c0ca2c00c03bb4c6211d861ae8e161b40
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DCD4F6C7C5EBA66EE30050CC7CF7DE2C0CA2C00C03BB4C6211D861AE8E161B40"
Last-Modified: Mon, 19 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14712
Expires: Mon, 19 Sep 2022 15:22:41 GMT
Date: Mon, 19 Sep 2022 11:17:29 GMT
Connection: keep-alive
blogger.googleusercontent.com/img/a/AVvXsEgAE-HQ2XeesvG0TUaxxtXc5jAM7qlHGjHmEapcoi4Dvo09vEzSjLjjuRcSk8MqwWu105hOkNUQ3ETOO0nofaQmwAX1pJltzJbPqkviKii7YKDkeHQ239Aalu6oQ10l6tWaBs8fv4HxLJX6nGi1JgY-jaKxIuvR9ziNS99TjomKGfU_t1SdIXDbenVg=w320-h116
200 OK 16 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEgAE-HQ2XeesvG0TUaxxtXc5jAM7qlHGjHmEapcoi4Dvo09vEzSjLjjuRcSk8MqwWu105hOkNUQ3ETOO0nofaQmwAX1pJltzJbPqkviKii7YKDkeHQ239Aalu6oQ10l6tWaBs8fv4HxLJX6nGi1JgY-jaKxIuvR9ziNS99TjomKGfU_t1SdIXDbenVg=w320-h116
IP
File type PNG image data, 320 x 116, 8-bit/color RGB, non-interlaced\012- data
Hash 0c3f59d13d4bd6b66a16c7ae0baddf86
726382a949b9e98b3f50623001e96148f9838f47
8fab1650fec1aa097f4b599e449d1a6550332085a37424ef6058814d4f3c3320
GET /img/a/AVvXsEgAE-HQ2XeesvG0TUaxxtXc5jAM7qlHGjHmEapcoi4Dvo09vEzSjLjjuRcSk8MqwWu105hOkNUQ3ETOO0nofaQmwAX1pJltzJbPqkviKii7YKDkeHQ239Aalu6oQ10l6tWaBs8fv4HxLJX6nGi1JgY-jaKxIuvR9ziNS99TjomKGfU_t1SdIXDbenVg=w320-h116 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v4"
expires: Tue, 20 Sep 2022 11:17:29 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="shop.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Mon, 19 Sep 2022 11:17:29 GMT
server: fife
content-length: 16361
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha3n2CEOH9FKj4y18c-NXwrACG9J79xP681-_ikujUipuwFqeiVI6jms6efDO_N5g-LNz4rR-QHnPTuLItUX_SGt7cWYxO8OTGQDrMqH45S6Kyt7ilMUYz0b40Cj2EzvVDbIzFnnJnm_nkwgB1SaVoRhpVaFWEl8v3hShpo-Lj6jybQ0zRwbk72IP8ipb8xWL0JBaqL7u8X1WvPO-5HtO0g5Bh_unVA2yBU=w72-h72-p-k-no-nu
200 OK 7.4 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha3n2CEOH9FKj4y18c-NXwrACG9J79xP681-_ikujUipuwFqeiVI6jms6efDO_N5g-LNz4rR-QHnPTuLItUX_SGt7cWYxO8OTGQDrMqH45S6Kyt7ilMUYz0b40Cj2EzvVDbIzFnnJnm_nkwgB1SaVoRhpVaFWEl8v3hShpo-Lj6jybQ0zRwbk72IP8ipb8xWL0JBaqL7u8X1WvPO-5HtO0g5Bh_unVA2yBU=w72-h72-p-k-no-nu
IP
File type PNG image data, 55 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash b53acc2767fd6d5d9701838d5f0d8783
4658553edaf5803618b5e4922b274119cc3cd42d
ea0b10509fad894255d324452c563a294b182fbbc797c276a2c72194eaa22e82
GET /blogger_img_proxy/ANbyha3n2CEOH9FKj4y18c-NXwrACG9J79xP681-_ikujUipuwFqeiVI6jms6efDO_N5g-LNz4rR-QHnPTuLItUX_SGt7cWYxO8OTGQDrMqH45S6Kyt7ilMUYz0b40Cj2EzvVDbIzFnnJnm_nkwgB1SaVoRhpVaFWEl8v3hShpo-Lj6jybQ0zRwbk72IP8ipb8xWL0JBaqL7u8X1WvPO-5HtO0g5Bh_unVA2yBU=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Tue, 20 Sep 2022 11:17:29 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Mon, 19 Sep 2022 11:17:29 GMT
server: fife
content-length: 7400
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha0Ye0ftB4XQrXer0hGRkqCwpLIfD33ImlPFqzNoQzeWx-WOyFanbus3uIzbnDI9LRJC_UZbVmD94FtgLkThVbM6dQQgSK27FZ4CO1cs665GK1GRKPoyxYdcPDwEf7z3XBY-fIndCb1_ndwif3lab_6d=w72-h72-p-k-no-nu
200 OK 4.6 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha0Ye0ftB4XQrXer0hGRkqCwpLIfD33ImlPFqzNoQzeWx-WOyFanbus3uIzbnDI9LRJC_UZbVmD94FtgLkThVbM6dQQgSK27FZ4CO1cs665GK1GRKPoyxYdcPDwEf7z3XBY-fIndCb1_ndwif3lab_6d=w72-h72-p-k-no-nu
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Hash 18891b260be62c85b59466d9a9667395
a9452b346703008432538f4fee013b27e0ed0420
9903b6b5b95cfd2518f9466b7d7ed093e8470dfe0b4d468d728b5b1dfc8c29fc
GET /blogger_img_proxy/ANbyha0Ye0ftB4XQrXer0hGRkqCwpLIfD33ImlPFqzNoQzeWx-WOyFanbus3uIzbnDI9LRJC_UZbVmD94FtgLkThVbM6dQQgSK27FZ4CO1cs665GK1GRKPoyxYdcPDwEf7z3XBY-fIndCb1_ndwif3lab_6d=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Tue, 20 Sep 2022 11:17:29 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Mon, 19 Sep 2022 11:17:29 GMT
server: fife
content-length: 4558
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ca3ab7a8411ba9c6350d504e65a95cc6
8b39f564b1b1cb1d262cb57b41a4bb5de331087f
cb51d72baec3c84ac94d419aab6d291b7596a9098525471fdb3fbbb6d34aa3db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6789
Expires: Mon, 19 Sep 2022 13:10:38 GMT
Date: Mon, 19 Sep 2022 11:17:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6789
Expires: Mon, 19 Sep 2022 13:10:38 GMT
Date: Mon, 19 Sep 2022 11:17:29 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ca3ab7a8411ba9c6350d504e65a95cc6
8b39f564b1b1cb1d262cb57b41a4bb5de331087f
cb51d72baec3c84ac94d419aab6d291b7596a9098525471fdb3fbbb6d34aa3db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e4098577adb98eae5ba4a8b5e143df71
b0ad467f2837d103f8a96fb732bd34176c4c7110
83aa54020ffc684690dfb58d78608411de38ab02fee50808a8243c6b388e77c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5064
x-amzn-requestid: 985dbd5b-3e8a-4e22-a974-1effa6c99112
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrOS8FyBoAMFrCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632790df-201df5494f1513b91eefe9d5;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GIhj3a2-SwYu2w4mLx7JiIJzFfV82-Et89ORRsx5fsGOx9nttPlCxA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:57:13 GMT
etag: "b0ad467f2837d103f8a96fb732bd34176c4c7110"
content-type: image/jpeg
age: 48016
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6789
Expires: Mon, 19 Sep 2022 13:10:38 GMT
Date: Mon, 19 Sep 2022 11:17:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F779fe432-124a-4d1a-8abf-cfb5054b48fd.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F779fe432-124a-4d1a-8abf-cfb5054b48fd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 87bddc1f919e51c976d5377040861ea6
f5bf6c28f20414c7dd3ac1098defc46d3d68fd99
28541ca828b6358c8e6081e9f2022e7ad18a8adcb3df09a3fa079f32c08fcda6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F779fe432-124a-4d1a-8abf-cfb5054b48fd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10721
x-amzn-requestid: 5c3a2647-0af8-4cd2-8b68-df6606c6362e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yi1NMHVfoAMF-3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63243587-2b73a75b69570a1a144a5f73;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 08:36:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: SpK-J7OfVkg8Gn_-wiaIKrqVl6t14P13ax8TPtsKDRXAVtHj9GWSwg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 03:43:59 GMT
age: 27210
etag: "f5bf6c28f20414c7dd3ac1098defc46d3d68fd99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e998cc5-16fd-41d0-80c4-f7b6ce93932c.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e998cc5-16fd-41d0-80c4-f7b6ce93932c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b174f977a78acf5f28935f44cac702d
7deb4e0fc838bcfffb532ff1f92f4036b35571f2
7e87fe13d3127a1c8e89f72c1455349d9edcb89eeb2a9b103d191095ddc69751
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e998cc5-16fd-41d0-80c4-f7b6ce93932c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5570
x-amzn-requestid: a20f5fb2-9c4a-4124-bc27-6b7cf99c5a73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn64FEKXoAMFbzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263e99-0edcfdf505c4467b31355e71;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:39:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Jp6TEMqaAAIs3jUsysER2sqaEob7LrzeR0vwp5I-gWSZsPxaFW4Vlg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:54:26 GMT
age: 48183
etag: "7deb4e0fc838bcfffb532ff1f92f4036b35571f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg
200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da8b8819fc21dcfb224ce0e7ecdc6772
e460ad4376cd118a6fe8b6b050af9398117d9531
9d0cf5fe17040e6c494d1596c24f01501babff37c95caa47d048b5e1aefa7697
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6582596-5079-44f5-a869-65c8766f7d1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9901
x-amzn-requestid: e1792a3b-1893-48a6-8d01-463050259dc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YiGMYE3IoAMFgvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6323ea4f-42ab13411e65943538101b11;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 03:15:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XmcyJv7bahHB4wMjFmgvh2fEkJJYLPhRrISZ_DczSErdEQjXIxWUvg==
via: 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 03:54:31 GMT
age: 26578
etag: "e460ad4376cd118a6fe8b6b050af9398117d9531"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0051cf-bacd-445a-a6c3-6e5be807c94d.jpeg
200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0051cf-bacd-445a-a6c3-6e5be807c94d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a29b48f8601db6bee0408f77ef7e1810
35417f27e4529b172aff7581d25ef8de26158a6c
37f2b7accb42719f1f2c25d371691aaed05160bbb40d4941da2650adc12be316
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0051cf-bacd-445a-a6c3-6e5be807c94d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9773
x-amzn-requestid: a66002a7-8621-4e8c-ba24-ca935485c6ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeBrlH7vIAMFz8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322497d-05c3244840ad5aba14217936;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 21:37:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Pb3pzSP2mQJVW2ff5ErXKB-jzLuYDSjENRCbzId9adJXEKIrRRihpw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:52:40 GMT
age: 48289
etag: "35417f27e4529b172aff7581d25ef8de26158a6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 4ee5c6443c11da4a5cf7ea801cd0c62f
e742a7ee1cbedf1a23a82361f3873dbc165f927c
e3682e49ed03efcf590a500154380807b54433f8344923e9017994bdf0d46924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 56433b6932f28a949ac82fec1caa9e99
017c5a1ccc0f6e68fd60a9d0658c0526b81b4156
a6fe9208db3d30b3a81378a59aa588480ab2080c33f1d0921752c2dfdc76d1fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 56433b6932f28a949ac82fec1caa9e99
017c5a1ccc0f6e68fd60a9d0658c0526b81b4156
a6fe9208db3d30b3a81378a59aa588480ab2080c33f1d0921752c2dfdc76d1fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
200 OK 668 B URL HTTP/2 www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
IP
File type ASCII text, with very long lines (1034), with no line terminators
Hash a885189cd9a522cfaaac98af1a03b512
a4045ce6f8d8e14582bb5245694d73b40da7f0f7
6afe80cbbc72285aa8f73e7d64bdeb755148410a8ec6c0eb13df255548ef17ad
GET /recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 19 Sep 2022 11:17:30 GMT
date: Mon, 19 Sep 2022 11:17:30 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 668
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
play.google.com/log?format=json&hasfast=true&authuser=0
200 OK 0 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Mon, 19 Sep 2022 11:17:30 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+993; expires=Wed, 18-Sep-2024 11:17:30 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 19 Sep 2022 11:17:30 GMT
cache-control: private
X-Firefox-Spdy: h2
play.google.com/log?format=json&hasfast=true&authuser=0
200 OK 131 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash babb6f090aeebc6f421624475b4aefff
06079b7547949822c118224e51604f4c5ebf80c8
b2fe8b91f31edc7284cc9690e90dd4a38d985598374df68967d917590beb55dd
POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
X-Goog-AuthUser: 0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 2974
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Mon, 19 Sep 2022 11:17:30 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+991; expires=Wed, 18-Sep-2024 11:17:30 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 19 Sep 2022 11:17:30 GMT
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
IP
File type ASCII text, with very long lines (581)
Size 158 kB (157726 bytes)
Hash 6519c7c04cf32a57b1c5ee45a73c233e
4939bb921988e9eb13780cc2244f3099776e9bfb
8352dd4e3e0fe82562cdc280c020fc31d2c6d054f7ead441a3b18de8ef04401b
GET /recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 05:37:29 GMT
expires: Thu, 14 Sep 2023 05:37:29 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
content-type: text/javascript
age: 452401
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css
200 OK 24 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css
IP
File type ASCII text, with very long lines (52762), with no line terminators
Hash f2d649025c814be9c33f166a5e04fe88
26bf59de631415927ba2c6c9e44fe9c763f95313
f95ec963b7657097e1ef827fc07d96eda5b63f7d3e17b5a1b5eeb7a8d0b67921
GET /recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24251
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 05:19:12 GMT
expires: Thu, 14 Sep 2023 05:19:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
content-type: text/css
age: 453498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
IP
File type ASCII text, with very long lines (581)
Size 158 kB (157726 bytes)
Hash 6519c7c04cf32a57b1c5ee45a73c233e
4939bb921988e9eb13780cc2244f3099776e9bfb
8352dd4e3e0fe82562cdc280c020fc31d2c6d054f7ead441a3b18de8ef04401b
GET /recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 05:37:29 GMT
expires: Thu, 14 Sep 2023 05:37:29 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
content-type: text/javascript
age: 452401
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/api2/logo_48.png
200 OK 2.2 kB URL HTTP/2 www.gstatic.com/recaptcha/api2/logo_48.png
IP
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Sep 2022 20:02:15 GMT
expires: Mon, 19 Sep 2022 20:02:15 GMT
cache-control: public, max-age=604800
age: 573315
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 12:31:58 GMT
expires: Sun, 17 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 168332
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 00:48:31 GMT
expires: Sat, 16 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 296939
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ibikini.cyou/social
307 Temporary Redirect 1 B IP
ASN #58487 Rumahweb Indonesia CV.
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
GET /social HTTP/1.1
Host: ibikini.cyou
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
x-robots-tag: noindex, nofollow
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Pro 3.2.4 http://prettylink.com
x-redirect-by: WordPress
set-cookie: prli_click_1=social; expires=Wed, 19-Oct-2022 11:17:31 GMT; Max-Age=2592000; path=/
prli_visitor=63284fcb1a26c; expires=Tue, 19-Sep-2023 11:17:31 GMT; Max-Age=31536000; path=/
location: https://annesuspense.com/cc/58/5f/cc585f6c9356b37d414b25b86a1b7ad2.js
vary: Accept-Encoding
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Mon, 19 Sep 2022 11:17:29 GMT
server: Apache
X-Firefox-Spdy: h2
ibikini.cyou/native
307 Temporary Redirect 1 B IP
ASN #58487 Rumahweb Indonesia CV.
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
GET /native HTTP/1.1
Host: ibikini.cyou
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
x-robots-tag: noindex, nofollow
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Pro 3.2.4 http://prettylink.com
x-redirect-by: WordPress
set-cookie: prli_click_2=native; expires=Wed, 19-Oct-2022 11:17:31 GMT; Max-Age=2592000; path=/
prli_visitor=63284fcb21b9b; expires=Tue, 19-Sep-2023 11:17:31 GMT; Max-Age=31536000; path=/
location: https://annesuspense.com/46b21327aabb2b9c66a4011e6188e2ec/invoke.js
vary: Accept-Encoding
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Mon, 19 Sep 2022 11:17:29 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eff3ed547593755c07d1e1d3b9d6a11c
25d889bd4f48e14d9c2aea3b204158bd80db8694
4f18d10e931cd1dbdee1e699e60a3d98353aa4cd32968732380a22d73d335a7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F18D10E931CD1DBDEE1E699E60A3D98353AA4CD32968732380A22D73D335A7C"
Last-Modified: Sun, 18 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10654
Expires: Mon, 19 Sep 2022 14:15:05 GMT
Date: Mon, 19 Sep 2022 11:17:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eff3ed547593755c07d1e1d3b9d6a11c
25d889bd4f48e14d9c2aea3b204158bd80db8694
4f18d10e931cd1dbdee1e699e60a3d98353aa4cd32968732380a22d73d335a7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F18D10E931CD1DBDEE1E699E60A3D98353AA4CD32968732380A22D73D335A7C"
Last-Modified: Sun, 18 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10654
Expires: Mon, 19 Sep 2022 14:15:05 GMT
Date: Mon, 19 Sep 2022 11:17:31 GMT
Connection: keep-alive
annesuspense.com/46b21327aabb2b9c66a4011e6188e2ec/invoke.js
200 OK 9.3 kB URL HTTP/1.1 annesuspense.com/46b21327aabb2b9c66a4011e6188e2ec/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25102), with no line terminators
Hash 4467db32b11c020f159f80a56a76fb56
e03eac20a20a789798b8bb401174efe0b9ed9e05
4e057c07eddf3c090d14c47491f83aaebcfb7177b21f0fb14c273c29f101ba56
Analyzer Verdict Alert quad9 Sinkholed
GET /46b21327aabb2b9c66a4011e6188e2ec/invoke.js HTTP/1.1
Host: annesuspense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://johansonhavock.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2af30b171beaf629c608e5de7659f5ea
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
annesuspense.com/cc/58/5f/cc585f6c9356b37d414b25b86a1b7ad2.js
200 OK 13 kB URL HTTP/1.1 annesuspense.com/cc/58/5f/cc585f6c9356b37d414b25b86a1b7ad2.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37112), with no line terminators
Hash 36a6accfdfc2ae1e598410bb10e37129
952c12aaf3b205d74c1f4c476449b01a2f932fb7
3bc574b105d6cf68f68dc3a88870225e0f0234d7e774b3fa3e3c3d1f29784cc7
Analyzer Verdict Alert quad9 Sinkholed
GET /cc/58/5f/cc585f6c9356b37d414b25b86a1b7ad2.js HTTP/1.1
Host: annesuspense.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://johansonhavock.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b4816159787a14e9ea5cb8b953971c48
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 278 B IP
Hash 00b79985d12bcdd71d65065a0866dc11
fff92e1cb194d81f626c0e51118f530088cbd908
cead40e06d32df572beb799818ee4ebd27748cdceb0d13b5f463de35ea8e7904
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2383
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:32 GMT
Last-Modified: Mon, 19 Sep 2022 10:37:50 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9fc04c55e695731dd8b9e69a36ef1c76
e5267f385dcab77d6dcd11e86267c0ae55e59bc4
f5558100b1c676f1a3495e560e3495a832b3b94c7acf8a032002f3fc18862d1e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 11:17:32 GMT
Last-Modified: Mon, 19 Sep 2022 10:53:03 GMT
Server: ECS (nyb/1D1E)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BYF0DutRbHL7TUnjj0U_VCte513hHCwQFVHdiLGmpVtE208UHhInSw==
Age: 1469
www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
200 OK 34 kB URL HTTP/2 www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
IP
File type ASCII text, with very long lines (2800)
Hash f3ff3fc9425cc5712fa70ebeeb3c4e00
928b00fce52b6bde8c9c3796dc7b56fc6c4e51d9
abdd0a23e77de9118a74f09406d4e6c64395b4a1a544d0f23e42ae1dcfb62ee3
GET /feedback/js/help/prod/service/lazy.min.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="product-feedback-gathering"
report-to: {"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
content-length: 33773
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 10:32:00 GMT
expires: Mon, 19 Sep 2022 11:22:00 GMT
cache-control: public, max-age=3000
last-modified: Thu, 15 Sep 2022 19:39:18 GMT
content-type: text/javascript
age: 2732
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9fc04c55e695731dd8b9e69a36ef1c76
e5267f385dcab77d6dcd11e86267c0ae55e59bc4
f5558100b1c676f1a3495e560e3495a832b3b94c7acf8a032002f3fc18862d1e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 11:17:32 GMT
Last-Modified: Mon, 19 Sep 2022 10:37:11 GMT
Server: ECS (nyb/1D23)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SDpFHbQgbje0Wh2MH-9HxZxzCFLcLUKR5ct7P6q8Fa2xQzojA7o8sA==
Age: 2421
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 7c15e709b65205d23e5346e967e1472b
ab0458c0e9029527eed2041f879ce76931c68f4c
5cb01c9f415f55770e36540e4120ac36df8d55267004a3810a99f5cfb79f0603
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:32 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://johansonhavock.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=3467c00d-10d3-445a-a54e-da1e94a396f8:2:1; expires=Thu, 16 Sep 2032 11:17:32 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 00b79985d12bcdd71d65065a0866dc11
fff92e1cb194d81f626c0e51118f530088cbd908
cead40e06d32df572beb799818ee4ebd27748cdceb0d13b5f463de35ea8e7904
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2383
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:32 GMT
Last-Modified: Mon, 19 Sep 2022 10:37:50 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5887fe36e4e54f55e8c9440088c45d8a
406e4c0fd7c788f4531af5d6fcc84b690eeec26c
14d0ce7caf26744c33fcda94554f93334828f9f24fa371cd95783a7f65092a9a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "14D0CE7CAF26744C33FCDA94554F93334828F9F24FA371CD95783A7F65092A9A"
Last-Modified: Sun, 18 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3956
Expires: Mon, 19 Sep 2022 12:23:28 GMT
Date: Mon, 19 Sep 2022 11:17:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6d6ffcd34ebb9c5735324c443c4f6c1c
05f11f097726b8c635078be3230646ef1dfc5c3f
8b0a865aeb8bc0c51bb6d8695f769c62dfa91a0ba1119d551ef13f384fa3034f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B0A865AEB8BC0C51BB6D8695F769C62DFA91A0BA1119D551EF13F384FA3034F"
Last-Modified: Fri, 16 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4130
Expires: Mon, 19 Sep 2022 12:26:22 GMT
Date: Mon, 19 Sep 2022 11:17:32 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:15:36 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 529138558
content-type: text/javascript
content-encoding: br
x-cdn-pop: rbx1
x-cdn-pop-ip: 51.254.41.128/25
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
familiarkindlyshuffle.com/ntv.json?key=46b21327aabb2b9c66a4011e6188e2ec&vstc=2
200 OK 8.1 kB URL HTTP/1.1 familiarkindlyshuffle.com/ntv.json?key=46b21327aabb2b9c66a4011e6188e2ec&vstc=2
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (8050), with no line terminators
Hash faa2750a58767ce18a118a460c3a96c6
304060647518e5007ba404895d993eb9245fe702
de7917466e3e64f3c005643d406382877a659ef1336132c8e5ef3f74905491f1
Analyzer Verdict Alert quad9 Sinkholed
GET /ntv.json?key=46b21327aabb2b9c66a4011e6188e2ec&vstc=2 HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:32 GMT
Content-Type: application/json
Content-Length: 8050
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://johansonhavock.blogspot.com
Access-Control-Allow-Origin: https://johansonhavock.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16718737; expires=Tue, 20 Sep 2022 11:17:32 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 20 Sep 2022 11:17:32 GMT; secure; SameSite=None
uncs=1; expires=Tue, 20 Sep 2022 11:17:32 GMT; secure; SameSite=None
pdhtkv49=true; expires=Tue, 20 Sep 2022 11:17:32 GMT; secure; SameSite=None
uncs49=1; expires=Tue, 20 Sep 2022 11:17:32 GMT; secure; SameSite=None
nlec46b21327aabb2b9c66a4011e6188e2ec=[2229212,2229213]; expires=Mon, 19 Sep 2022 11:17:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8eb7cdb62fe57df2f0367ef17e56ba60
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e9645643e1a43d77b51841592522035e
f68948762b7c3e69fab5f71bf690f77b6cd76155
aa340c2215536bc9f307bd8c245f43b792f19dd5ee4b528621054ea8bcac9ca3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA340C2215536BC9F307BD8C245F43B792F19DD5EE4B528621054EA8BCAC9CA3"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3610
Expires: Mon, 19 Sep 2022 12:17:42 GMT
Date: Mon, 19 Sep 2022 11:17:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e9645643e1a43d77b51841592522035e
f68948762b7c3e69fab5f71bf690f77b6cd76155
aa340c2215536bc9f307bd8c245f43b792f19dd5ee4b528621054ea8bcac9ca3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA340C2215536BC9F307BD8C245F43B792F19DD5EE4B528621054EA8BCAC9CA3"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3610
Expires: Mon, 19 Sep 2022 12:17:42 GMT
Date: Mon, 19 Sep 2022 11:17:32 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/51/bb/80/51bb807c8b914e3cc08eace2b0587473/1628586935.jpg
200 OK 30 kB URL HTTP/2 cdn.cloudimagesb.com/cti/51/bb/80/51bb807c8b914e3cc08eace2b0587473/1628586935.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash a87779ccaaa4021b0b4f33812742679a
87322480f885dc0b6463c182b7bdb3eb60ab2592
a8f8dbc930527f94496d5a9883b6034e27a673090a89b518596d6e2b656df96f
GET /cti/51/bb/80/51bb807c8b914e3cc08eace2b0587473/1628586935.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:32 GMT
content-type: image/jpeg
content-length: 30127
server: nginx/1.17.6
last-modified: Tue, 10 Aug 2021 09:15:44 GMT
etag: "611243c0-75af"
expires: Wed, 21 Sep 2022 11:17:32 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSMWwjRRSGZ5MUCBpA15ygsCjQISFnZ%2B2sba44EUJQRLgcdyAokNDszNgZPLuzzOx6nVSBQ%2BhKQwfV5ndy0R0RgpKCCDknIRQo4i4Sl54aCUEFsokw96SZ9978r%2Fjem%2Ffpbn5OfOTsbOUNs620ZotLVb9y5V1Kr1bWVZL3K%2F1m%2BH5Yv1qxvZdaYdV%2FofKa5F2zGPjU96lPK6vKyrbpL05EqPSwRastv1oPqnSpjr59NHe5B8c8iN45eRpKjBceeJeg%2BAhJ%2FM2KdN3MpC%2B%2BGueaZcaiJw7eTrqJKRLEs7BtPbSTg4tqGHe6egST7E9xYXr%2FFUZqTLwfjxAlBxeQiHp7U85IQyaIxBMoeiNIPYJiI3BzG0qcEoALXN9AEt%2B9bmzBtv5V2UQdk4U%2FfocqxmTh4SUk8dfLWvUrt4zOM2USh367hOqPoDojpPkxsu05qOIYPPsYShAkcQklymnPSo2g2iNoOQBzHvLJUR7ytoc89RCLswqnlDZ8wZnfbHFeEw0ZhcKnrNGmjPphEzmfYA2QpQNwPQC3O0jtDrpqAJv%2FALdZwgkPLhsT780d9ESJQhIUjqBgBIUiKDKColfuC%2B0CV94V2uURvfDBha%2BVQ5N1dtm%2ByToyIbvpOXlqOo%2B%2Fn%2FkMXXlWqYdRQGtBg7EoCqIWD0NW9ymVIW02ZSA5nCqh3Ny01W01Jpff%2Bw6pGpOFjb8QsWM4fQyu5sFyClYMG4EPtjmsN31sJ%2Fc2zYddVeUmhjAl0mwB2Za3q8%2FJ5SnEc%2FO%2FQvKTa%2FefPXyMPv8buC2R2hIfqAcEHX1neNMUZO%2BmKRz5diPNVKy22eTDbmUsk%2FP3X5dbhbFibcUN7r3MJ8IkPHxLumydJUIlHUe%2BWlZCSLtqLJfk%2BzX3joxu5G5zObdJnq7feGV1LU6tdE6ZZASmTjf%2BBJ9099HRdBOf%2FOUTKDuCzUvE%2BQm5MChzDJ7uwKUzemfmYfWsJko9FHk5tEE0e9SKQMtZzqIS7n95NIt33R10bACW3Z4uYM%2BW6OkSTA%2Fg8seHWWpPrv30xcS%2BRKTnhpG2c3uRtvrz6Wgn10M4dVZp1Go%2BC1tLtNFgshHVg2Y7pIKxoB4GYchqyNyYX9n4%2BR8AAAD%2F%2FwEAAP%2F%2FyrtYzFkEAAA%3D
200 OK 7 B URL HTTP/1.1 familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSMWwjRRSGZ5MUCBpA15ygsCjQISFnZ%2B2sba44EUJQRLgcdyAokNDszNgZPLuzzOx6nVSBQ%2BhKQwfV5ndy0R0RgpKCCDknIRQo4i4Sl54aCUEFsokw96SZ9978r%2Fjem%2Ffpbn5OfOTsbOUNs620ZotLVb9y5V1Kr1bWVZL3K%2F1m%2BH5Yv1qxvZdaYdV%2FofKa5F2zGPjU96lPK6vKyrbpL05EqPSwRastv1oPqnSpjr59NHe5B8c8iN45eRpKjBceeJeg%2BAhJ%2FM2KdN3MpC%2B%2BGueaZcaiJw7eTrqJKRLEs7BtPbSTg4tqGHe6egST7E9xYXr%2FFUZqTLwfjxAlBxeQiHp7U85IQyaIxBMoeiNIPYJiI3BzG0qcEoALXN9AEt%2B9bmzBtv5V2UQdk4U%2FfocqxmTh4SUk8dfLWvUrt4zOM2USh367hOqPoDojpPkxsu05qOIYPPsYShAkcQklymnPSo2g2iNoOQBzHvLJUR7ytoc89RCLswqnlDZ8wZnfbHFeEw0ZhcKnrNGmjPphEzmfYA2QpQNwPQC3O0jtDrpqAJv%2FALdZwgkPLhsT780d9ESJQhIUjqBgBIUiKDKColfuC%2B0CV94V2uURvfDBha%2BVQ5N1dtm%2ByToyIbvpOXlqOo%2B%2Fn%2FkMXXlWqYdRQGtBg7EoCqIWD0NW9ymVIW02ZSA5nCqh3Ny01W01Jpff%2Bw6pGpOFjb8QsWM4fQyu5sFyClYMG4EPtjmsN31sJ%2Fc2zYddVeUmhjAl0mwB2Za3q8%2FJ5SnEc%2FO%2FQvKTa%2FefPXyMPv8buC2R2hIfqAcEHX1neNMUZO%2BmKRz5diPNVKy22eTDbmUsk%2FP3X5dbhbFibcUN7r3MJ8IkPHxLumydJUIlHUe%2BWlZCSLtqLJfk%2BzX3joxu5G5zObdJnq7feGV1LU6tdE6ZZASmTjf%2BBJ9099HRdBOf%2FOUTKDuCzUvE%2BQm5MChzDJ7uwKUzemfmYfWsJko9FHk5tEE0e9SKQMtZzqIS7n95NIt33R10bACW3Z4uYM%2BW6OkSTA%2Fg8seHWWpPrv30xcS%2BRKTnhpG2c3uRtvrz6Wgn10M4dVZp1Go%2BC1tLtNFgshHVg2Y7pIKxoB4GYchqyNyYX9n4%2BR8AAAD%2F%2FwEAAP%2F%2FyrtYzFkEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSMWwjRRSGZ5MUCBpA15ygsCjQISFnZ%2B2sba44EUJQRLgcdyAokNDszNgZPLuzzOx6nVSBQ%2BhKQwfV5ndy0R0RgpKCCDknIRQo4i4Sl54aCUEFsokw96SZ9978r%2Fjem%2Ffpbn5OfOTsbOUNs620ZotLVb9y5V1Kr1bWVZL3K%2F1m%2BH5Yv1qxvZdaYdV%2FofKa5F2zGPjU96lPK6vKyrbpL05EqPSwRastv1oPqnSpjr59NHe5B8c8iN45eRpKjBceeJeg%2BAhJ%2FM2KdN3MpC%2B%2BGueaZcaiJw7eTrqJKRLEs7BtPbSTg4tqGHe6egST7E9xYXr%2FFUZqTLwfjxAlBxeQiHp7U85IQyaIxBMoeiNIPYJiI3BzG0qcEoALXN9AEt%2B9bmzBtv5V2UQdk4U%2FfocqxmTh4SUk8dfLWvUrt4zOM2USh367hOqPoDojpPkxsu05qOIYPPsYShAkcQklymnPSo2g2iNoOQBzHvLJUR7ytoc89RCLswqnlDZ8wZnfbHFeEw0ZhcKnrNGmjPphEzmfYA2QpQNwPQC3O0jtDrpqAJv%2FALdZwgkPLhsT780d9ESJQhIUjqBgBIUiKDKColfuC%2B0CV94V2uURvfDBha%2BVQ5N1dtm%2ByToyIbvpOXlqOo%2B%2Fn%2FkMXXlWqYdRQGtBg7EoCqIWD0NW9ymVIW02ZSA5nCqh3Ny01W01Jpff%2Bw6pGpOFjb8QsWM4fQyu5sFyClYMG4EPtjmsN31sJ%2Fc2zYddVeUmhjAl0mwB2Za3q8%2FJ5SnEc%2FO%2FQvKTa%2FefPXyMPv8buC2R2hIfqAcEHX1neNMUZO%2BmKRz5diPNVKy22eTDbmUsk%2FP3X5dbhbFibcUN7r3MJ8IkPHxLumydJUIlHUe%2BWlZCSLtqLJfk%2BzX3joxu5G5zObdJnq7feGV1LU6tdE6ZZASmTjf%2BBJ9099HRdBOf%2FOUTKDuCzUvE%2BQm5MChzDJ7uwKUzemfmYfWsJko9FHk5tEE0e9SKQMtZzqIS7n95NIt33R10bACW3Z4uYM%2BW6OkSTA%2Fg8seHWWpPrv30xcS%2BRKTnhpG2c3uRtvrz6Wgn10M4dVZp1Go%2BC1tLtNFgshHVg2Y7pIKxoB4GYchqyNyYX9n4%2BR8AAAD%2F%2FwEAAP%2F%2FyrtYzFkEAAA%3D HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229212,2229213]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:32 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b0c4a0787d039e7a630421c0ad04af1d
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
200 OK 23 kB URL HTTP/2 cdn.cloudimagesb.com/cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 4452445afb73fab8af9ff308eb667024
130401c47d822426e1cce9981c30d775cba1b576
923b0ac505decd181f473f1fa460f21590777993c3581723f127b032d8c45bdd
GET /cti/29/eb/08/29eb08c32bad57ff8c8e14af3a16e9c1/1628586955.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:32 GMT
content-type: image/jpeg
content-length: 22987
server: nginx/1.17.6
last-modified: Tue, 10 Aug 2021 09:16:05 GMT
etag: "611243d5-59cb"
expires: Wed, 21 Sep 2022 11:17:32 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b5b55f6c9e2acbd5fc33381ecc4603c5
e0b3afa431be81a599695046880db9ed3dbaa6e5
4ec3f3c2b480545e5d85ad5d67e5b80b1c18c324ce181136be5d10081fd626c1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4EC3F3C2B480545E5D85AD5D67E5B80B1C18C324CE181136BE5D10081FD626C1"
Last-Modified: Mon, 19 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7202
Expires: Mon, 19 Sep 2022 13:17:35 GMT
Date: Mon, 19 Sep 2022 11:17:33 GMT
Connection: keep-alive
familiarkindlyshuffle.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSP2wjRRTGZ5MUCBpA15ygsCjQISFnd%2BPYDlecCCEoIlyOOxAUSGj%2B2Rk8u7PM7HidVIFD6EpDB9Xmc3LRHRGCkoIIOSchFCjiLhKXnhoJQQWyiTD3pJn33nyv%2BL0379Ndf05CeHq28obZVlrT%2BcVqWLnybhRdrayr1PcqvWb9%2FXrtasV2X1qqV8MXKq9J3jHzcRiFYRRGlVVlZcv05sciVHa4FFWXwmotrkaLNfTso7nzARwNILrn5GkoMZp7EFyC4kOkyTcr0nVyk734auI1zY1FVxy8nXZSU6RIpmHLBmilBxfVMO509Qgm3Z%2FgwnT%2FK2RqRIIfj8DSgwtIsO7ehJNpyBRMPIGiO4TUQyg6BDe3ocQpAbjA9Q2kyd3rxhZ061%2BVjtURmfvjd6hiROYeXkKafL2sVa9yy2ifK5M69FolVG8I1R4i88fIt2egimPw%2FGMoQZAmJZQoJz0rNYRqDaFlH9QF8OOjAvhWAJ8FSMRZhUdR1AgFp2FzifMF0ZCsLsKINloRjcJ6E56PsfrIsz647oPbHWR2Bx3Vh%2FU%2FwG2WcCKAy0ckeHMHXVGikASFIygoQaEIipyg6Jb7QrvYlXeFdp5FFz6%2B8AvlwOTtXbpv8rZMyW52Tp6azOPvZz5DR55VanUWRwtxg1LGYrbE63VaC6NI1qNmU8aSw6kSys1MWt1WI3L5ve%2BQqRGZ2%2FgLjB7D6WNwNQvqI9Bi0IhD0M1BrRliO723aT7sqCo3CYQpkeVzyLeCXX1OLk8gnpv9FZKfXLv%2F7OFj0fO%2FgdsSmS3xgXpA0NZ3BjdNQfZumsKRbzeyXCVqm44%2F7FZOczl7%2F3W5VRgr1lZc%2F97LfCyMw8O3pMvXaSpU2nbkq2UlhLSrxnJJvl9z70h2w7vNZW9Tn63feGV1LcmsdE6ZdAiqTjf%2BBB9399HRZBOf%2FOUTKDuE9SUSf0IuDMocg2c7cNmU3plZWD2tYVmAwpcDG7Ppo1YEWk5zykq4%2F%2BVsGu%2B6O2jbGDS%2FPVnAri3R1SWo7sP5xwd5Zk%2Bu%2FfTF2L4E0zMDpu3MHtNWfz4Z7fh6CKfOKguhaDDZkg0ma4u1luSCLS6ykLc4WxDNJkfuRvzKxs%2F%2FAAAA%2F%2F8BAAD%2F%2F0pvjSRZBAAA
200 OK 7 B URL HTTP/1.1 familiarkindlyshuffle.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSP2wjRRTGZ5MUCBpA15ygsCjQISFnd%2BPYDlecCCEoIlyOOxAUSGj%2B2Rk8u7PM7HidVIFD6EpDB9Xmc3LRHRGCkoIIOSchFCjiLhKXnhoJQQWyiTD3pJn33nyv%2BL0379Ndf05CeHq28obZVlrT%2BcVqWLnybhRdrayr1PcqvWb9%2FXrtasV2X1qqV8MXKq9J3jHzcRiFYRRGlVVlZcv05sciVHa4FFWXwmotrkaLNfTso7nzARwNILrn5GkoMZp7EFyC4kOkyTcr0nVyk734auI1zY1FVxy8nXZSU6RIpmHLBmilBxfVMO509Qgm3Z%2FgwnT%2FK2RqRIIfj8DSgwtIsO7ehJNpyBRMPIGiO4TUQyg6BDe3ocQpAbjA9Q2kyd3rxhZ061%2BVjtURmfvjd6hiROYeXkKafL2sVa9yy2ifK5M69FolVG8I1R4i88fIt2egimPw%2FGMoQZAmJZQoJz0rNYRqDaFlH9QF8OOjAvhWAJ8FSMRZhUdR1AgFp2FzifMF0ZCsLsKINloRjcJ6E56PsfrIsz647oPbHWR2Bx3Vh%2FU%2FwG2WcCKAy0ckeHMHXVGikASFIygoQaEIipyg6Jb7QrvYlXeFdp5FFz6%2B8AvlwOTtXbpv8rZMyW52Tp6azOPvZz5DR55VanUWRwtxg1LGYrbE63VaC6NI1qNmU8aSw6kSys1MWt1WI3L5ve%2BQqRGZ2%2FgLjB7D6WNwNQvqI9Bi0IhD0M1BrRliO723aT7sqCo3CYQpkeVzyLeCXX1OLk8gnpv9FZKfXLv%2F7OFj0fO%2FgdsSmS3xgXpA0NZ3BjdNQfZumsKRbzeyXCVqm44%2F7FZOczl7%2F3W5VRgr1lZc%2F97LfCyMw8O3pMvXaSpU2nbkq2UlhLSrxnJJvl9z70h2w7vNZW9Tn63feGV1LcmsdE6ZdAiqTjf%2BBB9399HRZBOf%2FOUTKDuE9SUSf0IuDMocg2c7cNmU3plZWD2tYVmAwpcDG7Ppo1YEWk5zykq4%2F%2BVsGu%2B6O2jbGDS%2FPVnAri3R1SWo7sP5xwd5Zk%2Bu%2FfTF2L4E0zMDpu3MHtNWfz4Z7fh6CKfOKguhaDDZkg0ma4u1luSCLS6ykLc4WxDNJkfuRvzKxs%2F%2FAAAA%2F%2F8BAAD%2F%2F0pvjSRZBAAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSP2wjRRTGZ5MUCBpA15ygsCjQISFnd%2BPYDlecCCEoIlyOOxAUSGj%2B2Rk8u7PM7HidVIFD6EpDB9Xmc3LRHRGCkoIIOSchFCjiLhKXnhoJQQWyiTD3pJn33nyv%2BL0379Ndf05CeHq28obZVlrT%2BcVqWLnybhRdrayr1PcqvWb9%2FXrtasV2X1qqV8MXKq9J3jHzcRiFYRRGlVVlZcv05sciVHa4FFWXwmotrkaLNfTso7nzARwNILrn5GkoMZp7EFyC4kOkyTcr0nVyk734auI1zY1FVxy8nXZSU6RIpmHLBmilBxfVMO509Qgm3Z%2FgwnT%2FK2RqRIIfj8DSgwtIsO7ehJNpyBRMPIGiO4TUQyg6BDe3ocQpAbjA9Q2kyd3rxhZ061%2BVjtURmfvjd6hiROYeXkKafL2sVa9yy2ifK5M69FolVG8I1R4i88fIt2egimPw%2FGMoQZAmJZQoJz0rNYRqDaFlH9QF8OOjAvhWAJ8FSMRZhUdR1AgFp2FzifMF0ZCsLsKINloRjcJ6E56PsfrIsz647oPbHWR2Bx3Vh%2FU%2FwG2WcCKAy0ckeHMHXVGikASFIygoQaEIipyg6Jb7QrvYlXeFdp5FFz6%2B8AvlwOTtXbpv8rZMyW52Tp6azOPvZz5DR55VanUWRwtxg1LGYrbE63VaC6NI1qNmU8aSw6kSys1MWt1WI3L5ve%2BQqRGZ2%2FgLjB7D6WNwNQvqI9Bi0IhD0M1BrRliO723aT7sqCo3CYQpkeVzyLeCXX1OLk8gnpv9FZKfXLv%2F7OFj0fO%2FgdsSmS3xgXpA0NZ3BjdNQfZumsKRbzeyXCVqm44%2F7FZOczl7%2F3W5VRgr1lZc%2F97LfCyMw8O3pMvXaSpU2nbkq2UlhLSrxnJJvl9z70h2w7vNZW9Tn63feGV1LcmsdE6ZdAiqTjf%2BBB9399HRZBOf%2FOUTKDuE9SUSf0IuDMocg2c7cNmU3plZWD2tYVmAwpcDG7Ppo1YEWk5zykq4%2F%2BVsGu%2B6O2jbGDS%2FPVnAri3R1SWo7sP5xwd5Zk%2Bu%2FfTF2L4E0zMDpu3MHtNWfz4Z7fh6CKfOKguhaDDZkg0ma4u1luSCLS6ykLc4WxDNJkfuRvzKxs%2F%2FAAAA%2F%2F8BAAD%2F%2F0pvjSRZBAAA HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229212,2229213]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3733a19f56e842e385fb793eeb3d8cde
Strict-Transport-Security: max-age=0; includeSubdomains
familiarkindlyshuffle.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSP2wjRRTGZ5MUCBpA15ygsCjQISFnd%2BPYDlecCCEoIlyOOxAUSGj%2B2Rk8u7PM7HidVIET6EpDB9Xmc3LRHRGCkoIIOSchFCjiLhKXnhoJQQWyL8LwpNV7b79X%2FN4379Ndf05CeHq28obZVlrT%2BcVqWLnybhRdrayr1PcqvWb9%2FXrtasV2X1qqV8MXKq9J3jHzcRiFYRRGlVVlZcv05sciVHa4FFWXwmotrkaLNfTs%2F3vnAzgaQHTPydNQYjT3ILgExYdIk29WpOvkJnvx1cRrmhuLrjh4O%2B2kpkiRTMuWDdBKDy6mYdzp6hFMuj%2FBhen%2BO8jUiAQ%2FHoGlBxeQYN29CSfTkCmYeAJFdwiph1B0CG5uQ4lTAnCB6xtIk7vXjS3o1iOVjtURmfvjd6hiROYeXkKafL2sVa9yy2ifK5M69FolVG8I1R4i88fIt2egimPw%2FGMoQZAmJZQoJzsrNYRqDaFlH9QF8ONPBfCtAD4LkIizCo%2BiqBEKTsPmEucLoiFZXYQRbbQiGoX1JjwfY%2FWRZ31w3Qe3O8jsDjqqD%2Bt%2FgNss4UQAl49I8OYOuqJEIQkKR1BQgkIRFDlB0S33hXaxK%2B8K7TyLLnJ8kRfKgcnbu3Tf5G2Zkt3snDw18ePvZz5DR55VanUWRwtxg1LGYrbE63VaC6NI1qNmU8aSw6kSys1MVt1WI3L5ve%2BQqRGZ2%2FgLjB7D6WNwNQvqI9Bi0IhD0M1BrRliO723aT7sqCo3CYQpkeVzyLeCXX1OLk8gnpt9CMlPrt1%2F9vCx6PnfwG2JzJb4QD0gaOs7g5umIHs3TeHItxtZrhK1TccPdiunuZy9%2F7rcKowVayuuf%2B9lPhbG5eFb0uXrNBUqbTvy1bISQtpVY7kk36%2B5dyS74d3msrepz9ZvvLK6lmRWOqdMOgRVpxt%2Fgo%2B3%2B%2BhocolP%2FvIJlB3C%2BhKJPyEXAWWOwbMduGxK78wsrJ7OsGwGhS8HNmbTn1oRaDntKSvh%2FtOzab3r7qBtY9D89uQAu7ZEV5egug%2FnHx%2FkmT259tMX4%2FgSTM8MmLYze0xb%2FfnY2l8f%2BevUWWUhFA0mW7LBZG2x1pJcsMVFFvIWZwui2eTI3Yhf2fj5HwAAAP%2F%2FAQAA%2F%2F%2F5nMczWQQAAA%3D%3D
200 OK 7 B URL HTTP/1.1 familiarkindlyshuffle.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSP2wjRRTGZ5MUCBpA15ygsCjQISFnd%2BPYDlecCCEoIlyOOxAUSGj%2B2Rk8u7PM7HidVIET6EpDB9Xmc3LRHRGCkoIIOSchFCjiLhKXnhoJQQWyL8LwpNV7b79X%2FN4379Ndf05CeHq28obZVlrT%2BcVqWLnybhRdrayr1PcqvWb9%2FXrtasV2X1qqV8MXKq9J3jHzcRiFYRRGlVVlZcv05sciVHa4FFWXwmotrkaLNfTs%2F3vnAzgaQHTPydNQYjT3ILgExYdIk29WpOvkJnvx1cRrmhuLrjh4O%2B2kpkiRTMuWDdBKDy6mYdzp6hFMuj%2FBhen%2BO8jUiAQ%2FHoGlBxeQYN29CSfTkCmYeAJFdwiph1B0CG5uQ4lTAnCB6xtIk7vXjS3o1iOVjtURmfvjd6hiROYeXkKafL2sVa9yy2ifK5M69FolVG8I1R4i88fIt2egimPw%2FGMoQZAmJZQoJzsrNYRqDaFlH9QF8ONPBfCtAD4LkIizCo%2BiqBEKTsPmEucLoiFZXYQRbbQiGoX1JjwfY%2FWRZ31w3Qe3O8jsDjqqD%2Bt%2FgNss4UQAl49I8OYOuqJEIQkKR1BQgkIRFDlB0S33hXaxK%2B8K7TyLLnJ8kRfKgcnbu3Tf5G2Zkt3snDw18ePvZz5DR55VanUWRwtxg1LGYrbE63VaC6NI1qNmU8aSw6kSys1MVt1WI3L5ve%2BQqRGZ2%2FgLjB7D6WNwNQvqI9Bi0IhD0M1BrRliO723aT7sqCo3CYQpkeVzyLeCXX1OLk8gnpt9CMlPrt1%2F9vCx6PnfwG2JzJb4QD0gaOs7g5umIHs3TeHItxtZrhK1TccPdiunuZy9%2F7rcKowVayuuf%2B9lPhbG5eFb0uXrNBUqbTvy1bISQtpVY7kk36%2B5dyS74d3msrepz9ZvvLK6lmRWOqdMOgRVpxt%2Fgo%2B3%2B%2BhocolP%2FvIJlB3C%2BhKJPyEXAWWOwbMduGxK78wsrJ7OsGwGhS8HNmbTn1oRaDntKSvh%2FtOzab3r7qBtY9D89uQAu7ZEV5egug%2FnHx%2FkmT259tMX4%2FgSTM8MmLYze0xb%2FfnY2l8f%2BevUWWUhFA0mW7LBZG2x1pJcsMVFFvIWZwui2eTI3Yhf2fj5HwAAAP%2F%2FAQAA%2F%2F%2F5nMczWQQAAA%3D%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSP2wjRRTGZ5MUCBpA15ygsCjQISFnd%2BPYDlecCCEoIlyOOxAUSGj%2B2Rk8u7PM7HidVIET6EpDB9Xmc3LRHRGCkoIIOSchFCjiLhKXnhoJQQWyL8LwpNV7b79X%2FN4379Ndf05CeHq28obZVlrT%2BcVqWLnybhRdrayr1PcqvWb9%2FXrtasV2X1qqV8MXKq9J3jHzcRiFYRRGlVVlZcv05sciVHa4FFWXwmotrkaLNfTs%2F3vnAzgaQHTPydNQYjT3ILgExYdIk29WpOvkJnvx1cRrmhuLrjh4O%2B2kpkiRTMuWDdBKDy6mYdzp6hFMuj%2FBhen%2BO8jUiAQ%2FHoGlBxeQYN29CSfTkCmYeAJFdwiph1B0CG5uQ4lTAnCB6xtIk7vXjS3o1iOVjtURmfvjd6hiROYeXkKafL2sVa9yy2ifK5M69FolVG8I1R4i88fIt2egimPw%2FGMoQZAmJZQoJzsrNYRqDaFlH9QF8ONPBfCtAD4LkIizCo%2BiqBEKTsPmEucLoiFZXYQRbbQiGoX1JjwfY%2FWRZ31w3Qe3O8jsDjqqD%2Bt%2FgNss4UQAl49I8OYOuqJEIQkKR1BQgkIRFDlB0S33hXaxK%2B8K7TyLLnJ8kRfKgcnbu3Tf5G2Zkt3snDw18ePvZz5DR55VanUWRwtxg1LGYrbE63VaC6NI1qNmU8aSw6kSys1MVt1WI3L5ve%2BQqRGZ2%2FgLjB7D6WNwNQvqI9Bi0IhD0M1BrRliO723aT7sqCo3CYQpkeVzyLeCXX1OLk8gnpt9CMlPrt1%2F9vCx6PnfwG2JzJb4QD0gaOs7g5umIHs3TeHItxtZrhK1TccPdiunuZy9%2F7rcKowVayuuf%2B9lPhbG5eFb0uXrNBUqbTvy1bISQtpVY7kk36%2B5dyS74d3msrepz9ZvvLK6lmRWOqdMOgRVpxt%2Fgo%2B3%2B%2BhocolP%2FvIJlB3C%2BhKJPyEXAWWOwbMduGxK78wsrJ7OsGwGhS8HNmbTn1oRaDntKSvh%2FtOzab3r7qBtY9D89uQAu7ZEV5egug%2FnHx%2FkmT259tMX4%2FgSTM8MmLYze0xb%2FfnY2l8f%2BevUWWUhFA0mW7LBZG2x1pJcsMVFFvIWZwui2eTI3Yhf2fj5HwAAAP%2F%2FAQAA%2F%2F%2F5nMczWQQAAA%3D%3D HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229212,2229213]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3b7a2d2b0e88ece7c324aa07fa6cd37d
Strict-Transport-Security: max-age=0; includeSubdomains
familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSMWwjRRSGZ5MUCBpA15ygsCjQISFnZ%2B2sba44EUJQRLgcdyAokNDszNgZPLuzzOx6nVSBE%2BhKQwfV5ndy0R0RgpKCCDknIRQo4i4Sl54aCUEFsi%2FC8KTVe2%2F%2FV3zvn%2Ffpbn5OfOTsbOUNs620ZotLVb9y5V1Kr1bWVZL3K%2F1m%2BH5Yv1qxvZdaYdV%2FofKa5F2zGPjU96lPK6vKyrbpL05EqPSwRastv1oPqnSpjr79f%2B9yD455EL1z8jSUGC888C5B8RGS%2BJsV6bqZSV98Nc41y4xFTxy8nXQTUySIZ2XbemgnBxfTMO509Qgm2Z%2FiwvT%2BHYzUmHg%2FHiFKDi4gEfX2ppyRhkwQiSdQ9EaQegTFRuDmNpQ4JQAXuL6BJL573diCbT1S2UQdk4U%2FfocqxmTh4SUk8dfLWvUrt4zOM2USh367hOqPoDojpPkxsu05qOIYPPsYShAkcQklyunOSo2g2iNoOQBzHvLJpzzkbQ956iEWZxVOKW34gjO%2F2eK8JhoyCoVPWaNNGfXDJnI%2BwRogSwfgegBud5DaHXTVADb%2FAW6zhBMeXDYm3ps76IkShSQoHEHBCApFUGQERa%2FcF9oFrrwrtMsjepGDi1wrhybr7LJ9k3VkQnbTc%2FLU1I%2B%2Fn%2FkMXXlWqYdRQGtBg7EoCqIWD0NW9ymVIW02ZSA5nCqh3Nx01W01Jpff%2Bw6pGpOFjb8QsWM4fQyu5sFyClYMG4EPtjmsN31sJ%2Fc2zYddVeUmhjAl0mwB2Za3q8%2FJ5SnEc%2FMPIfnJtfvPHj5Gn%2F8N3JZIbYkP1AOCjr4zvGkKsnfTFI58u5FmKlbbbPJgtzKWyfn7r8utwlixtuIG917mE2FSHr4lXbbOEqGSjiNfLSshpF01lkvy%2FZp7R0Y3cre5nNskT9dvvLK6FqdWOqdMMgJTpxt%2Fgk%2B2%2B%2BhoeolP%2FvIJlB3B5iXi%2FIRcBJQ5Bk934NIZvTPzsHo2E6VzKPJyaINo9lMrAi1nPYtKuP%2F00azedXfQsQFYdnt6gD1boqdLMD2Ayx8fZqk9ufbTF5P4EpGeG0bazu1F2urPJ9b%2B%2Bshfp84qjVrNZ2FriTYaTDaietBsh1QwFtTDIAxZDZkb8ysbP%2F8DAAD%2F%2FwEAAP%2F%2FeUgS21kEAAA%3D
200 OK 7 B URL HTTP/1.1 familiarkindlyshuffle.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSMWwjRRSGZ5MUCBpA15ygsCjQISFnZ%2B2sba44EUJQRLgcdyAokNDszNgZPLuzzOx6nVSBE%2BhKQwfV5ndy0R0RgpKCCDknIRQo4i4Sl54aCUEFsi%2FC8KTVe2%2F%2FV3zvn%2Ffpbn5OfOTsbOUNs620ZotLVb9y5V1Kr1bWVZL3K%2F1m%2BH5Yv1qxvZdaYdV%2FofKa5F2zGPjU96lPK6vKyrbpL05EqPSwRastv1oPqnSpjr79f%2B9yD455EL1z8jSUGC888C5B8RGS%2BJsV6bqZSV98Nc41y4xFTxy8nXQTUySIZ2XbemgnBxfTMO509Qgm2Z%2FiwvT%2BHYzUmHg%2FHiFKDi4gEfX2ppyRhkwQiSdQ9EaQegTFRuDmNpQ4JQAXuL6BJL573diCbT1S2UQdk4U%2FfocqxmTh4SUk8dfLWvUrt4zOM2USh367hOqPoDojpPkxsu05qOIYPPsYShAkcQklyunOSo2g2iNoOQBzHvLJpzzkbQ956iEWZxVOKW34gjO%2F2eK8JhoyCoVPWaNNGfXDJnI%2BwRogSwfgegBud5DaHXTVADb%2FAW6zhBMeXDYm3ps76IkShSQoHEHBCApFUGQERa%2FcF9oFrrwrtMsjepGDi1wrhybr7LJ9k3VkQnbTc%2FLU1I%2B%2Fn%2FkMXXlWqYdRQGtBg7EoCqIWD0NW9ymVIW02ZSA5nCqh3Nx01W01Jpff%2Bw6pGpOFjb8QsWM4fQyu5sFyClYMG4EPtjmsN31sJ%2Fc2zYddVeUmhjAl0mwB2Za3q8%2FJ5SnEc%2FMPIfnJtfvPHj5Gn%2F8N3JZIbYkP1AOCjr4zvGkKsnfTFI58u5FmKlbbbPJgtzKWyfn7r8utwlixtuIG917mE2FSHr4lXbbOEqGSjiNfLSshpF01lkvy%2FZp7R0Y3cre5nNskT9dvvLK6FqdWOqdMMgJTpxt%2Fgk%2B2%2B%2BhoeolP%2FvIJlB3B5iXi%2FIRcBJQ5Bk934NIZvTPzsHo2E6VzKPJyaINo9lMrAi1nPYtKuP%2F00azedXfQsQFYdnt6gD1boqdLMD2Ayx8fZqk9ufbTF5P4EpGeG0bazu1F2urPJ9b%2B%2Bshfp84qjVrNZ2FriTYaTDaietBsh1QwFtTDIAxZDZkb8ysbP%2F8DAAD%2F%2FwEAAP%2F%2FeUgS21kEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSMWwjRRSGZ5MUCBpA15ygsCjQISFnZ%2B2sba44EUJQRLgcdyAokNDszNgZPLuzzOx6nVSBE%2BhKQwfV5ndy0R0RgpKCCDknIRQo4i4Sl54aCUEFsi%2FC8KTVe2%2F%2FV3zvn%2Ffpbn5OfOTsbOUNs620ZotLVb9y5V1Kr1bWVZL3K%2F1m%2BH5Yv1qxvZdaYdV%2FofKa5F2zGPjU96lPK6vKyrbpL05EqPSwRastv1oPqnSpjr79f%2B9yD455EL1z8jSUGC888C5B8RGS%2BJsV6bqZSV98Nc41y4xFTxy8nXQTUySIZ2XbemgnBxfTMO509Qgm2Z%2FiwvT%2BHYzUmHg%2FHiFKDi4gEfX2ppyRhkwQiSdQ9EaQegTFRuDmNpQ4JQAXuL6BJL573diCbT1S2UQdk4U%2FfocqxmTh4SUk8dfLWvUrt4zOM2USh367hOqPoDojpPkxsu05qOIYPPsYShAkcQklyunOSo2g2iNoOQBzHvLJpzzkbQ956iEWZxVOKW34gjO%2F2eK8JhoyCoVPWaNNGfXDJnI%2BwRogSwfgegBud5DaHXTVADb%2FAW6zhBMeXDYm3ps76IkShSQoHEHBCApFUGQERa%2FcF9oFrrwrtMsjepGDi1wrhybr7LJ9k3VkQnbTc%2FLU1I%2B%2Fn%2FkMXXlWqYdRQGtBg7EoCqIWD0NW9ymVIW02ZSA5nCqh3Nx01W01Jpff%2Bw6pGpOFjb8QsWM4fQyu5sFyClYMG4EPtjmsN31sJ%2Fc2zYddVeUmhjAl0mwB2Za3q8%2FJ5SnEc%2FMPIfnJtfvPHj5Gn%2F8N3JZIbYkP1AOCjr4zvGkKsnfTFI58u5FmKlbbbPJgtzKWyfn7r8utwlixtuIG917mE2FSHr4lXbbOEqGSjiNfLSshpF01lkvy%2FZp7R0Y3cre5nNskT9dvvLK6FqdWOqdMMgJTpxt%2Fgk%2B2%2B%2BhoeolP%2FvIJlB3B5iXi%2FIRcBJQ5Bk934NIZvTPzsHo2E6VzKPJyaINo9lMrAi1nPYtKuP%2F00azedXfQsQFYdnt6gD1boqdLMD2Ayx8fZqk9ufbTF5P4EpGeG0bazu1F2urPJ9b%2B%2Bshfp84qjVrNZ2FriTYaTDaietBsh1QwFtTDIAxZDZkb8ysbP%2F8DAAD%2F%2FwEAAP%2F%2FeUgS21kEAAA%3D HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229212,2229213]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2380df44e57734285d5b11fee6da064c
Strict-Transport-Security: max-age=0; includeSubdomains
familiarkindlyshuffle.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
200 OK 29 kB URL HTTP/1.1 familiarkindlyshuffle.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash dcb29d031b66a0de209b1f025fc42eb4
c01f32cac14c7d722fe2839c5e7125c52583ab14
0721f2caf17a1bc988b283e777ea8fc4353c7414cf09b52d722a2569d82c4ee7
Analyzer Verdict Alert quad9 Sinkholed
GET /65/aa/28/65aa283021630dfd9030555c4c61a78c.js HTTP/1.1
Host: familiarkindlyshuffle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16718737; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec46b21327aabb2b9c66a4011e6188e2ec=[2229212,2229213]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cbdea2720661aa215d4b96582eed70b8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 6c07385c50686aadb74ceb7b61dc0584
a3c65ae2e25cc51da72a503fccad276a0cfc1810
d647fdbbd4238a04d493edeca66a2b70568b003b578b7ef7f005d3b4200a6242
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D647FDBBD4238A04D493EDECA66A2B70568B003B578B7EF7F005D3B4200A6242"
Last-Modified: Sun, 18 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4500
Expires: Mon, 19 Sep 2022 12:32:33 GMT
Date: Mon, 19 Sep 2022 11:17:33 GMT
Connection: keep-alive
peeredgerman.com/sbar.json?key=cc585f6c9356b37d414b25b86a1b7ad2&uuid=3467c00d-10d3-445a-a54e-da1e94a396f8%3A2%3A1
200 OK 3.9 kB URL HTTP/1.1 peeredgerman.com/sbar.json?key=cc585f6c9356b37d414b25b86a1b7ad2&uuid=3467c00d-10d3-445a-a54e-da1e94a396f8%3A2%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5665), with no line terminators
Hash a448d31193a098e4821298fbb8a7074a
aff5d06a59a8645db36613a9aeb900608db31d94
79c2ad0b2c1090fa623d2e3bf0915a196ad0ef22147796e91c3c351cf7c1779c
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=cc585f6c9356b37d414b25b86a1b7ad2&uuid=3467c00d-10d3-445a-a54e-da1e94a396f8%3A2%3A1 HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:33 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://johansonhavock.blogspot.com
Access-Control-Allow-Origin: https://johansonhavock.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16602886; expires=Tue, 20 Sep 2022 11:17:33 GMT; secure; SameSite=None
uid_id2=3467c00d-10d3-445a-a54e-da1e94a396f8:2:1; expires=Mon, 26 Sep 2022 11:17:33 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 20 Sep 2022 11:17:33 GMT; secure; SameSite=None
uncs=1; expires=Tue, 20 Sep 2022 11:17:33 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 20 Sep 2022 11:17:33 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 20 Sep 2022 11:17:33 GMT; secure; SameSite=None
sleccc585f6c9356b37d414b25b86a1b7ad2=[3364903]; expires=Mon, 19 Sep 2022 11:17:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cf9883c8dea47aa60a562c7870f6a484
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 279 B IP
Hash fc9690095d8bb20684ff346ec692f089
967aa881cafda44334eb614a6bcc0abd1c61e106
7a1df33f796d4cc8447019b71d84683cf1c46c5f2d945fb62a6d8c8d82990276
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5081
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:33 GMT
Last-Modified: Mon, 19 Sep 2022 09:52:52 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
peeredgerman.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwWskRRTGqzdBBE%2FKXlZQ5iC4gpl0T%2Ff0zLiHxRgjwexm2VV2D4JWV9VMyqnpaqu6pic5BReXPY7%2FQeebZEN0EQUvHlxksrCH4GHHUw7mfxBBEBRkZoOj7%2FLeq%2B87%2FPjq3dtzZ8SHo6er1%2FSOVIou16t%2B5fKdILhS2ZCpG1QGzfjjOLpSMf23WnHVf6PynmBdvVzzA98P%2FKCyJo1o68HyVITMHraCasuvRrVqUI8wMP%2FfrfNgqQfePyMvQfLJ4mPvIiQbI%2B19uypsN9fZm%2B%2F2nKK5Nujzww%2FTbqqLFL352DYe2unhuRvaPl17BJ0ezHCh%2B%2F8aEzkh3pNHSNLDc0gk%2Ff0ZZ6IgUiT8BRT9MYQaQ9IxmL4LyZ8SgHFc30Tae3Bdm4JuP1PpVJ2QxT9%2BhywmZPHXi0h736woOajc0srlUqcWg3YJORhDdsbI3DHynQuQxTFY%2FjkkJ0h7JSQ%2FfS2M4gbzfb4U%2BDxciqI6XaL1SCxxGohWRMNW3G7OgpFyDNkeQ4khqL0AZz046cG1PbjMQ4%2BfVlgQBA2fM%2Bo3W4yFvCGSmPsBbbQDGvhxE45N2YfIsyGYGoKZXWRmF105hHE%2FwW6VsNyDzQn6vEQhCApLUFCCQhIUOUHRLw%2B4sjVbPuDKuiQ477XzHpYjnXf26IHOOyIle9kZeXEW2N%2B3n0NXnFYYqzfr7Zi1wnqchA0eBVFSqyfNmAZJg%2FIarCwh7QVQ62FHTsilj35AJidkcfNPJPQYVh2DyQVQ9wpoMWrUfNCtUdT0sZMebenPurLKdA9cl8jyReTb3p46I5dmEOGd1yHYydVPkmuT347%2BAjMlMlPiU%2FmYoKPuj27qguzf1IUl321muezJHTr90Vs5zcXCV%2B%2BL7UIbvr5qh0dvs6kwHR9%2BIGy%2BQVMu044lX69IzoVZ04YJ8uO6vS2SG85urTiTumzjxjtr673MCGulTsegckLIkxMwOSHPf38wO9aXv7gHacYwrkTPnZDzgtTHYNkubDbnt3oBRs09SeahcOXI1JL5o5IESsx3mpSw%2F9mT%2Bbxn76NjXgXN785utG9K9FUJqoawbmGUZ%2Bbk6i%2FhrJAob5Qo4%2B0nyqgvn4Vr5WmlEYY%2BjVv1oNGgopFEtWY7DjiltSiuxTENkdsJu7z58z8AAAD%2F%2FwEAAP%2F%2FgNt%2FOncEAAA%3D
200 OK 7 B URL HTTP/1.1 peeredgerman.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSwWskRRTGqzdBBE%2FKXlZQ5iC4gpl0T%2Ff0zLiHxRgjwexm2VV2D4JWV9VMyqnpaqu6pic5BReXPY7%2FQeebZEN0EQUvHlxksrCH4GHHUw7mfxBBEBRkZoOj7%2FLeq%2B87%2FPjq3dtzZ8SHo6er1%2FSOVIou16t%2B5fKdILhS2ZCpG1QGzfjjOLpSMf23WnHVf6PynmBdvVzzA98P%2FKCyJo1o68HyVITMHraCasuvRrVqUI8wMP%2FfrfNgqQfePyMvQfLJ4mPvIiQbI%2B19uypsN9fZm%2B%2F2nKK5Nujzww%2FTbqqLFL352DYe2unhuRvaPl17BJ0ezHCh%2B%2F8aEzkh3pNHSNLDc0gk%2Ff0ZZ6IgUiT8BRT9MYQaQ9IxmL4LyZ8SgHFc30Tae3Bdm4JuP1PpVJ2QxT9%2BhywmZPHXi0h736woOajc0srlUqcWg3YJORhDdsbI3DHynQuQxTFY%2FjkkJ0h7JSQ%2FfS2M4gbzfb4U%2BDxciqI6XaL1SCxxGohWRMNW3G7OgpFyDNkeQ4khqL0AZz046cG1PbjMQ4%2BfVlgQBA2fM%2Bo3W4yFvCGSmPsBbbQDGvhxE45N2YfIsyGYGoKZXWRmF105hHE%2FwW6VsNyDzQn6vEQhCApLUFCCQhIUOUHRLw%2B4sjVbPuDKuiQ477XzHpYjnXf26IHOOyIle9kZeXEW2N%2B3n0NXnFYYqzfr7Zi1wnqchA0eBVFSqyfNmAZJg%2FIarCwh7QVQ62FHTsilj35AJidkcfNPJPQYVh2DyQVQ9wpoMWrUfNCtUdT0sZMebenPurLKdA9cl8jyReTb3p46I5dmEOGd1yHYydVPkmuT347%2BAjMlMlPiU%2FmYoKPuj27qguzf1IUl321muezJHTr90Vs5zcXCV%2B%2BL7UIbvr5qh0dvs6kwHR9%2BIGy%2BQVMu044lX69IzoVZ04YJ8uO6vS2SG85urTiTumzjxjtr673MCGulTsegckLIkxMwOSHPf38wO9aXv7gHacYwrkTPnZDzgtTHYNkubDbnt3oBRs09SeahcOXI1JL5o5IESsx3mpSw%2F9mT%2Bbxn76NjXgXN785utG9K9FUJqoawbmGUZ%2Bbk6i%2FhrJAob5Qo4%2B0nyqgvn4Vr5WmlEYY%2BjVv1oNGgopFEtWY7DjiltSiuxTENkdsJu7z58z8AAAD%2F%2FwEAAP%2F%2FgNt%2FOncEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSwWskRRTGqzdBBE%2FKXlZQ5iC4gpl0T%2Ff0zLiHxRgjwexm2VV2D4JWV9VMyqnpaqu6pic5BReXPY7%2FQeebZEN0EQUvHlxksrCH4GHHUw7mfxBBEBRkZoOj7%2FLeq%2B87%2FPjq3dtzZ8SHo6er1%2FSOVIou16t%2B5fKdILhS2ZCpG1QGzfjjOLpSMf23WnHVf6PynmBdvVzzA98P%2FKCyJo1o68HyVITMHraCasuvRrVqUI8wMP%2FfrfNgqQfePyMvQfLJ4mPvIiQbI%2B19uypsN9fZm%2B%2F2nKK5Nujzww%2FTbqqLFL352DYe2unhuRvaPl17BJ0ezHCh%2B%2F8aEzkh3pNHSNLDc0gk%2Ff0ZZ6IgUiT8BRT9MYQaQ9IxmL4LyZ8SgHFc30Tae3Bdm4JuP1PpVJ2QxT9%2BhywmZPHXi0h736woOajc0srlUqcWg3YJORhDdsbI3DHynQuQxTFY%2FjkkJ0h7JSQ%2FfS2M4gbzfb4U%2BDxciqI6XaL1SCxxGohWRMNW3G7OgpFyDNkeQ4khqL0AZz046cG1PbjMQ4%2BfVlgQBA2fM%2Bo3W4yFvCGSmPsBbbQDGvhxE45N2YfIsyGYGoKZXWRmF105hHE%2FwW6VsNyDzQn6vEQhCApLUFCCQhIUOUHRLw%2B4sjVbPuDKuiQ477XzHpYjnXf26IHOOyIle9kZeXEW2N%2B3n0NXnFYYqzfr7Zi1wnqchA0eBVFSqyfNmAZJg%2FIarCwh7QVQ62FHTsilj35AJidkcfNPJPQYVh2DyQVQ9wpoMWrUfNCtUdT0sZMebenPurLKdA9cl8jyReTb3p46I5dmEOGd1yHYydVPkmuT347%2BAjMlMlPiU%2FmYoKPuj27qguzf1IUl321muezJHTr90Vs5zcXCV%2B%2BL7UIbvr5qh0dvs6kwHR9%2BIGy%2BQVMu044lX69IzoVZ04YJ8uO6vS2SG85urTiTumzjxjtr673MCGulTsegckLIkxMwOSHPf38wO9aXv7gHacYwrkTPnZDzgtTHYNkubDbnt3oBRs09SeahcOXI1JL5o5IESsx3mpSw%2F9mT%2Bbxn76NjXgXN785utG9K9FUJqoawbmGUZ%2Bbk6i%2FhrJAob5Qo4%2B0nyqgvn4Vr5WmlEYY%2BjVv1oNGgopFEtWY7DjiltSiuxTENkdsJu7z58z8AAAD%2F%2FwEAAP%2F%2FgNt%2FOncEAAA%3D HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16602886; uid_id2=3467c00d-10d3-445a-a54e-da1e94a396f8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 862c1bec6389d3b766e3f917819fac07
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 6c07385c50686aadb74ceb7b61dc0584
a3c65ae2e25cc51da72a503fccad276a0cfc1810
d647fdbbd4238a04d493edeca66a2b70568b003b578b7ef7f005d3b4200a6242
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D647FDBBD4238A04D493EDECA66A2B70568B003B578B7EF7F005D3B4200A6242"
Last-Modified: Sun, 18 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4500
Expires: Mon, 19 Sep 2022 12:32:33 GMT
Date: Mon, 19 Sep 2022 11:17:33 GMT
Connection: keep-alive
creepingbrings.com/sfp.js
200 OK 24 kB URL HTTP/2 creepingbrings.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 856f1c022577de92694e9d23ff68901e
d500a8604567c647e9dd8f067776665483ecb9c7
92a4080baee1d8a93985ddb1bf1fc733c3283fa0cc06e5abef506e3b8b4886ed
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:32 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 9fb369ce2829f1bb9dc8b700cc291fe7
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 19 Sep 2022 11:17:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hznqWzVLObGnWH0IOLnE%2B%2BQ9qURL4GVcIn%2F1HbyRrUap1OhI2etSze6J4oBKK4Oxim4UgT9HTv8fafj94FW9rm8euIU2Yi7jEP%2FIgSu4QasV3YSgwD%2BPVKbYnHcXkxn8MQEoP38%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea5bd9c8dd33-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sagedeportflorist.com/pixel/purst?dl=0&th=0&sc=0&rs=6022&rd=6022&fd=451&bv=22.8.v.2&tmpl=136
200 OK 0 B URL HTTP/1.1 sagedeportflorist.com/pixel/purst?dl=0&th=0&sc=0&rs=6022&rd=6022&fd=451&bv=22.8.v.2&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=6022&rd=6022&fd=451&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: sagedeportflorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 19 Sep 2022 11:17:33 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 975198867cba40920c78943d183e7501
79f8094d26eb13a276fa98058ff3edde469825c5
14f4407c37a327fc0b0249c75c3308a898722b100bdd261bf687e7b97821b2ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "14F4407C37A327FC0B0249C75C3308A898722B100BDD261BF687E7B97821B2CE"
Last-Modified: Sat, 17 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4974
Expires: Mon, 19 Sep 2022 12:40:28 GMT
Date: Mon, 19 Sep 2022 11:17:34 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 975198867cba40920c78943d183e7501
79f8094d26eb13a276fa98058ff3edde469825c5
14f4407c37a327fc0b0249c75c3308a898722b100bdd261bf687e7b97821b2ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "14F4407C37A327FC0B0249C75C3308A898722B100BDD261BF687E7B97821B2CE"
Last-Modified: Sat, 17 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4974
Expires: Mon, 19 Sep 2022 12:40:28 GMT
Date: Mon, 19 Sep 2022 11:17:34 GMT
Connection: keep-alive
peeredgerman.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=581
200 OK 0 B URL HTTP/1.1 peeredgerman.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=581
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Findex.html&l=1659&fd=581 HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16602886; uid_id2=3467c00d-10d3-445a-a54e-da1e94a396f8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/icon.jpg
200 OK 83 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/icon.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=821, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1232], progressive, precision 8, 435x290, components 3\012- data
Hash 85f73b8e6875d66c6d73ebdefc72c793
7281bfc203aa9c27601828765ba37b28b79c2476
f2772dd68c9e122cb84b4c535502d3c7034437ca7c053fc781da626cf1a1064f
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/icon.jpg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:34 GMT
content-type: image/jpeg
content-length: 82807
last-modified: Tue, 08 Feb 2022 14:25:26 GMT
etag: "62027d56-14377"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4065111
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pdiduz1wbxdfBhcUNaczNkySWkqsgr6KwnTqsQnmR2un%2B%2B0PKqrOhOkB4oJE1gwbVuMH4KIfemrqNB7C58HKeaYOQMI%2F%2FPjUW37xvX748wfwoDy%2FsHcG429%2FaVu3rYS0iU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea6879f41c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?4597531&@f16&@g1&@h1&@i1&@j1663586233280&@k0&@l1&@mHow%20Many%20People%20Are%20Playing%20Battlefield%201%20-%20Johanson%20Havock&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-43812026&@b3:1663586233&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fjohansonhavock.blogspot.com%2F2022%2F06%2Fhow-many-people-are-playing-battlefield.html&@w
200 OK 51 B URL HTTP/1.1 s4.histats.com/stats/0.php?4597531&@f16&@g1&@h1&@i1&@j1663586233280&@k0&@l1&@mHow%20Many%20People%20Are%20Playing%20Battlefield%201%20-%20Johanson%20Havock&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-43812026&@b3:1663586233&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fjohansonhavock.blogspot.com%2F2022%2F06%2Fhow-many-people-are-playing-battlefield.html&@w
IP
File type ASCII text, with no line terminators
Hash 3535228ed6f7fb0a701c515ec107ae85
cb67cbb2ba02946297c2244feaeecdd1b8b651ce
ed7969854c82a22431397a01aafdb6223317656cc0f3792c6cdb2ba8ea8763eb
GET /stats/0.php?4597531&@f16&@g1&@h1&@i1&@j1663586233280&@k0&@l1&@mHow%20Many%20People%20Are%20Playing%20Battlefield%201%20-%20Johanson%20Havock&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-43812026&@b3:1663586233&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fjohansonhavock.blogspot.com%2F2022%2F06%2Fhow-many-people-are-playing-battlefield.html&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 11:17:34 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 51
Connection: close
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 975198867cba40920c78943d183e7501
79f8094d26eb13a276fa98058ff3edde469825c5
14f4407c37a327fc0b0249c75c3308a898722b100bdd261bf687e7b97821b2ce
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "14F4407C37A327FC0B0249C75C3308A898722B100BDD261BF687E7B97821B2CE"
Last-Modified: Sat, 17 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4974
Expires: Mon, 19 Sep 2022 12:40:28 GMT
Date: Mon, 19 Sep 2022 11:17:34 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash eaa8b4aa123f9dd7237c5c51d2f848d9
1082f5f6ef7229ec76f94f3d236f273b26294563
d1ad33dae2fcab5c7d66875f0e7a01cc30e0b3a031606917fa5448c54f84e20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash eaa8b4aa123f9dd7237c5c51d2f848d9
1082f5f6ef7229ec76f94f3d236f273b26294563
d1ad33dae2fcab5c7d66875f0e7a01cc30e0b3a031606917fa5448c54f84e20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 11:17:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/close.svg
200 OK 451 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/close.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 5464de65d0d23b2a5919d685ddc3bbb7
6d28a575410713afe8921b160895978294fb43de
d41ecec8b8df7980201f8a16f8b1fbcf9907c5b026da29cfd51a6380ff4ef2fd
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/img/close.svg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:34 GMT
content-type: image/svg+xml
last-modified: Mon, 17 Jan 2022 14:26:00 GMT
etag: W/"61e57c78-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4065112
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r4NgvWQDwerdVCcO%2FuYzVxp4UcilNL0gBUAf3lEhphRnBfUuCK6vSE6xj2%2FuGUvKv5WbExTBslHKYs4LRCR1q4M5npONt%2FaXkMw6c5Z5EgMhigViELXRJ%2FhUp2cMPV%2BQ8uk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea6879f21c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 402206
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 402206
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
peeredgerman.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=354
200 OK 0 B URL HTTP/1.1 peeredgerman.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=354
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fcss%2Fanimate.css&l=79245&fd=354 HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16602886; uid_id2=3467c00d-10d3-445a-a54e-da1e94a396f8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3560fd0459a75cf29346caa46f7e84a1
f4ddcaf667912056478156ea67a9c16cfdacc0b0
f2f4b9cb192aba52569b22fa34a39420113c1ae958b17b6b59652182ffa10eed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2F4B9CB192ABA52569B22FA34A39420113C1AE958B17B6B59652182FFA10EED"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5792
Expires: Mon, 19 Sep 2022 12:54:06 GMT
Date: Mon, 19 Sep 2022 11:17:34 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3560fd0459a75cf29346caa46f7e84a1
f4ddcaf667912056478156ea67a9c16cfdacc0b0
f2f4b9cb192aba52569b22fa34a39420113c1ae958b17b6b59652182ffa10eed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2F4B9CB192ABA52569B22FA34A39420113C1AE958B17B6B59652182FFA10EED"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5792
Expires: Mon, 19 Sep 2022 12:54:06 GMT
Date: Mon, 19 Sep 2022 11:17:34 GMT
Connection: keep-alive
peeredgerman.com/pixel/sbs?c=1
200 OK 0 B URL HTTP/1.1 peeredgerman.com/pixel/sbs?c=1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16602886; uid_id2=3467c00d-10d3-445a-a54e-da1e94a396f8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
peeredgerman.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fjs%2Fscript.js&l=468&fd=334
200 OK 0 B URL HTTP/1.1 peeredgerman.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fjs%2Fscript.js&l=468&fd=334
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fflip_icon%2F16%2Fjs%2Fscript.js&l=468&fd=334 HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16602886; uid_id2=3467c00d-10d3-445a-a54e-da1e94a396f8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:34 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
peeredgerman.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST2tcVRjGz22CCK6UbioosxCsYCb3ztz5ZxfFGCPBtCmt0i4EPf%2Fu5Djn3nM95965k6yCxdLl%2BA1unkkaokUU3LiwyKTQRXDRcZWF%2BQ4iCIKCzDQ4%2Bm7e9z3Ps%2FjxnPfeXn5GfOT0dPWa2VFa0%2BVG1a9cvhMEVyobKskHlUG7%2BXEzvFKx%2Fbc6zar%2FRuU9yXtmueYHvh%2F4QWVNWRmZwfJUhEofdoJqx6%2BGtWrQCDGw%2F99d7sFRD6J%2FRl6CEpPFx95FKD5GEn%2B7Kl0vM%2Bmb78a5ppmx6IvDD5NeYooE8XyMrIcoOTx3w7ina49gkoMZLkz%2FXyNTE%2BI9eQSWHJ5DgvX3Z5xMQyZg4gUU%2FTGkHkPRMbi5CyWeEoALXN9EEj%2B4bmxBt5%2BpdKpOyOIfv0MVE7L460Uk8TcrWg0qt4zOM2USh0FUQg3GUN0x0vwY2c4FqOIYPPscShAkcQklTl%2Brh80W932xFPiivhSGDbpEG6FcEjSQnZDWO82oPQtGqTFUNIaWQ1B3AbnzkCsPeeQhTz3E4rTCgyBo%2BYJTv93hvC5akjWFH9BWFNDAb7aR8yn7EFk6BNdDcLuL1O6ip4aw%2BU9wWyWc8OAygr4oUUiCwhEUlKBQBEVGUPTLA6FdzZUPhHY5C8577bzXy5HJunv0wGRdmZC99Iy8OAvs79vPoSdPK5w32o2oyTv1RpPVWyIMQlZrsHaTBqxFRQ1OlVDuAqjzsKMm5NJHPyBVE7K4%2BScYPYbTx%2BBqATR%2FBbQYtWo%2B6NYobPvYSY62zGc9VeUmhjAl0mwR2ba3p8%2FIpRlE%2Fc7rkPzk6ifs2uS3o7%2FAbYnUlvhUPSbo6vujm6Yg%2BzdN4ch3m2mmYrVDpz96K6OZXPjqfbldGCvWV93w6G0%2BFabjww%2BkyzZoIlTSdeTrFSWEtGvGckl%2BXHe3JbuRu62V3CZ5unHjnbX1OLXSOWWSMaiaEPLkBFxNyPPfH8yO9eUv7kHZMWxeIs5PyHlBmWPwdBcunfM7swCr5x6WeijycmRrbP6oFYGW852yEu4%2FO5vPe%2B4%2BuvZV0Ozu7Eb7tkRfl6B6CJcvjLLUnlz9pT4rMO2NmLbePtNWf%2FksXKdOK3VftJiMZIvJsBFGkgvWaDCfR5zVRbvNkbkJv7z58z8AAAD%2F%2FwEAAP%2F%2FAA%2Bq0ncEAAA%3D
200 OK 7 B URL HTTP/1.1 peeredgerman.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST2tcVRjGz22CCK6UbioosxCsYCb3ztz5ZxfFGCPBtCmt0i4EPf%2Fu5Djn3nM95965k6yCxdLl%2BA1unkkaokUU3LiwyKTQRXDRcZWF%2BQ4iCIKCzDQ4%2Bm7e9z3Ps%2FjxnPfeXn5GfOT0dPWa2VFa0%2BVG1a9cvhMEVyobKskHlUG7%2BXEzvFKx%2Fbc6zar%2FRuU9yXtmueYHvh%2F4QWVNWRmZwfJUhEofdoJqx6%2BGtWrQCDGw%2F99d7sFRD6J%2FRl6CEpPFx95FKD5GEn%2B7Kl0vM%2Bmb78a5ppmx6IvDD5NeYooE8XyMrIcoOTx3w7ina49gkoMZLkz%2FXyNTE%2BI9eQSWHJ5DgvX3Z5xMQyZg4gUU%2FTGkHkPRMbi5CyWeEoALXN9EEj%2B4bmxBt5%2BpdKpOyOIfv0MVE7L460Uk8TcrWg0qt4zOM2USh0FUQg3GUN0x0vwY2c4FqOIYPPscShAkcQklTl%2Brh80W932xFPiivhSGDbpEG6FcEjSQnZDWO82oPQtGqTFUNIaWQ1B3AbnzkCsPeeQhTz3E4rTCgyBo%2BYJTv93hvC5akjWFH9BWFNDAb7aR8yn7EFk6BNdDcLuL1O6ip4aw%2BU9wWyWc8OAygr4oUUiCwhEUlKBQBEVGUPTLA6FdzZUPhHY5C8577bzXy5HJunv0wGRdmZC99Iy8OAvs79vPoSdPK5w32o2oyTv1RpPVWyIMQlZrsHaTBqxFRQ1OlVDuAqjzsKMm5NJHPyBVE7K4%2BScYPYbTx%2BBqATR%2FBbQYtWo%2B6NYobPvYSY62zGc9VeUmhjAl0mwR2ba3p8%2FIpRlE%2Fc7rkPzk6ifs2uS3o7%2FAbYnUlvhUPSbo6vujm6Yg%2BzdN4ch3m2mmYrVDpz96K6OZXPjqfbldGCvWV93w6G0%2BFabjww%2BkyzZoIlTSdeTrFSWEtGvGckl%2BXHe3JbuRu62V3CZ5unHjnbX1OLXSOWWSMaiaEPLkBFxNyPPfH8yO9eUv7kHZMWxeIs5PyHlBmWPwdBcunfM7swCr5x6WeijycmRrbP6oFYGW852yEu4%2FO5vPe%2B4%2BuvZV0Ozu7Eb7tkRfl6B6CJcvjLLUnlz9pT4rMO2NmLbePtNWf%2FksXKdOK3VftJiMZIvJsBFGkgvWaDCfR5zVRbvNkbkJv7z58z8AAAD%2F%2FwEAAP%2F%2FAA%2Bq0ncEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SST2tcVRjGz22CCK6UbioosxCsYCb3ztz5ZxfFGCPBtCmt0i4EPf%2Fu5Djn3nM95965k6yCxdLl%2BA1unkkaokUU3LiwyKTQRXDRcZWF%2BQ4iCIKCzDQ4%2Bm7e9z3Ps%2FjxnPfeXn5GfOT0dPWa2VFa0%2BVG1a9cvhMEVyobKskHlUG7%2BXEzvFKx%2Fbc6zar%2FRuU9yXtmueYHvh%2F4QWVNWRmZwfJUhEofdoJqx6%2BGtWrQCDGw%2F99d7sFRD6J%2FRl6CEpPFx95FKD5GEn%2B7Kl0vM%2Bmb78a5ppmx6IvDD5NeYooE8XyMrIcoOTx3w7ina49gkoMZLkz%2FXyNTE%2BI9eQSWHJ5DgvX3Z5xMQyZg4gUU%2FTGkHkPRMbi5CyWeEoALXN9EEj%2B4bmxBt5%2BpdKpOyOIfv0MVE7L460Uk8TcrWg0qt4zOM2USh0FUQg3GUN0x0vwY2c4FqOIYPPscShAkcQklTl%2Brh80W932xFPiivhSGDbpEG6FcEjSQnZDWO82oPQtGqTFUNIaWQ1B3AbnzkCsPeeQhTz3E4rTCgyBo%2BYJTv93hvC5akjWFH9BWFNDAb7aR8yn7EFk6BNdDcLuL1O6ip4aw%2BU9wWyWc8OAygr4oUUiCwhEUlKBQBEVGUPTLA6FdzZUPhHY5C8577bzXy5HJunv0wGRdmZC99Iy8OAvs79vPoSdPK5w32o2oyTv1RpPVWyIMQlZrsHaTBqxFRQ1OlVDuAqjzsKMm5NJHPyBVE7K4%2BScYPYbTx%2BBqATR%2FBbQYtWo%2B6NYobPvYSY62zGc9VeUmhjAl0mwR2ba3p8%2FIpRlE%2Fc7rkPzk6ifs2uS3o7%2FAbYnUlvhUPSbo6vujm6Yg%2BzdN4ch3m2mmYrVDpz96K6OZXPjqfbldGCvWV93w6G0%2BFabjww%2BkyzZoIlTSdeTrFSWEtGvGckl%2BXHe3JbuRu62V3CZ5unHjnbX1OLXSOWWSMaiaEPLkBFxNyPPfH8yO9eUv7kHZMWxeIs5PyHlBmWPwdBcunfM7swCr5x6WeijycmRrbP6oFYGW852yEu4%2FO5vPe%2B4%2BuvZV0Ozu7Eb7tkRfl6B6CJcvjLLUnlz9pT4rMO2NmLbePtNWf%2FksXKdOK3VftJiMZIvJsBFGkgvWaDCfR5zVRbvNkbkJv7z58z8AAAD%2F%2FwEAAP%2F%2FAA%2Bq0ncEAAA%3D HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Cookie: u_pl=16602886; uid_id2=3467c00d-10d3-445a-a54e-da1e94a396f8:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleccc585f6c9356b37d414b25b86a1b7ad2=[3364903]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:34 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ffdd43ec2ce60ae25bbb26a85d1478db
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=3467c00d-10d3-445a-a54e-da1e94a396f8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=cc585f6c9356b37d414b25b86a1b7ad2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3467c00d-10d3-445a-a54e-da1e94a396f8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=cc585f6c9356b37d414b25b86a1b7ad2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3467c00d-10d3-445a-a54e-da1e94a396f8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=cc585f6c9356b37d414b25b86a1b7ad2&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:34 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 245d800e370916b725cf6f93f6b0fa9e
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=3467c00d-10d3-445a-a54e-da1e94a396f8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=65aa283021630dfd9030555c4c61a78c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3467c00d-10d3-445a-a54e-da1e94a396f8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=65aa283021630dfd9030555c4c61a78c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3467c00d-10d3-445a-a54e-da1e94a396f8&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=65aa283021630dfd9030555c4c61a78c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 19 Sep 2022 11:17:34 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c9a9ddad54287d5fad05c3a8f2e50dd4
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css
200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css
IP
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:34 GMT
content-type: text/css
last-modified: Mon, 17 Jan 2022 14:25:59 GMT
etag: W/"61e57c77-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hC8Av9FNYP%2BNQ0ECYIqyEFss7K1u6%2BQcu7otF3JYwTUsYs5yUbh7kmDa3KinZ7rgJhwiQNkLXZoX4E7FKa8IGzKA0qwRm5gecQpZ7KsySSv4u4FBqEuUiACLF%2BZu0gmt%2Bqc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea68199f1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html
200 OK 0 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html
IP
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:34 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 11:25:40 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYbwk2jQuN2AsR1mvDSV1BcfUUEg79euTDFhrnpriyq7j7qJNfmqkh4bOJTskKVyEZJRafX%2F3WuMLnW8NGMTSyAN484amSEBTUb4Wa%2B%2BHFhAJA%2FdLtxzR7ZnUKKQy3wNghZHfG4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea644b910afe-OSL
content-encoding: br
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:33 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: bfde66c6a35de2dca4deed53d084e189
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 19 Sep 2022 11:17:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFcFAbczB5nJmVP4Dz9GcSzyS4WOWu43rB%2BvQK87ZEfa666qM1ariz4IlZrO5abzvCrJhxRtrHbvtgnIsf2PyInRAsXs65VDvnGSFY44RtxzmAwgTmcAR5dYe%2FcDHrekMKLgLZQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea634916dcdf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 19 Sep 2022 11:17:34 GMT
date: Mon, 19 Sep 2022 11:17:34 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/style.css
200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/style.css
IP
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:34 GMT
content-type: text/css
last-modified: Wed, 09 Feb 2022 11:25:27 GMT
etag: W/"6203a4a7-2751"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RWttjmZGNK3OKxjLXoT9ey8ngWAE2IriUqtixQzsGjc7XO%2BlI77iLw64zI%2BLV5R9boxgvh4zBaQdXAz71RSA94OPbrYUp6yHgskoaMK3CgUm2E7pHlu3qECB3laKUpre8TI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea68199e1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/js/script.js
200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/js/script.js
IP
GET /sb/notifications/utility/default/us/blog/Progamerage/flip_icon/16/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://johansonhavock.blogspot.com
Connection: keep-alive
Referer: https://johansonhavock.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 11:17:34 GMT
content-type: application/javascript
last-modified: Mon, 17 Jan 2022 14:40:54 GMT
etag: W/"61e57ff6-1e8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdMlYwBg2XUDFvBV1cuIIaNjAKL6wt7rrxuClOPsn93Eye6%2BMQTEO%2FP%2Bf30w%2BmAgsE5zgbLIVcNFj7bZU0MNyBvKM0xfM88R2te666ThAPqe8ueOWr18y9kX2JLpb%2BUm%2BLU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74d1ea6819a31c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
142.250.74.161
46.105.201.240
23.36.76.226
198.27.80.143
3.64.106.196
104.21.234.232
203.175.9.27
93.184.220.29