astridberges-frisbey.blogspot.fr/2011/05/roseburg-oregon-pictures.html
302 Moved Temporarily 215 B URL HTTP/1.1 astridberges-frisbey.blogspot.fr/2011/05/roseburg-oregon-pictures.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 153324cb3dcd9651f43ca04eaf42b414
32cd1c8c402c7b254c89650bcb8e4af5fc1be615
6650e2a0f9739e3eb899b901911aeeb75680f068acd02a8e613ae8bb3bad35c5
Analyzer Verdict Alert fortinet Malware
GET /2011/05/roseburg-oregon-pictures.html HTTP/1.1
Host: astridberges-frisbey.blogspot.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://astridberges-frisbey.blogspot.com/2011/05/roseburg-oregon-pictures.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 03 Dec 2022 20:49:37 GMT
Expires: Sat, 03 Dec 2022 20:49:37 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 215
Server: GSE
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4376
Expires: Sat, 03 Dec 2022 22:02:33 GMT
Date: Sat, 03 Dec 2022 20:49:37 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1656
Cache-Control: max-age=137351
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:37 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 10:58:48 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18569
Expires: Sun, 04 Dec 2022 01:59:06 GMT
Date: Sat, 03 Dec 2022 20:49:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 20:18:16 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1881
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: meg+Zug0iEcGvmXj+ByL7V31I1BN8MlGapLmWRbVhCGoSeAtHIzKvmwzzM5tgVWv2c/UMOx+Jes=
x-amz-request-id: HVED37K0MQDFFXQ3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 20:47:16 GMT
age: 141
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 20:49:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
astridberges-frisbey.blogspot.com/2011/05/roseburg-oregon-pictures.html
200 OK 25 kB URL HTTP/1.1 astridberges-frisbey.blogspot.com/2011/05/roseburg-oregon-pictures.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (32742)
Hash 18c0f96d1bee2a8f854d894dafe8f1a4
c80cefa8aa58299046e27ea0eb55e47c9f45a8c1
5bb3ed1be1cdc712724e6685b37db506ddf55a16d390eebd49fe35b733bbc659
Analyzer Verdict Alert fortinet Malware
GET /2011/05/roseburg-oregon-pictures.html HTTP/1.1
Host: astridberges-frisbey.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Sat, 03 Dec 2022 20:49:37 GMT
Date: Sat, 03 Dec 2022 20:49:37 GMT
Cache-Control: private, max-age=0
Last-Modified: Wed, 01 Dec 2021 13:42:40 GMT
ETag: W/"5b9c0f573cd11fbf45f5caef285e787224f97121d42663ccc7140943fadd4cd7"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 24637
Server: GSE
scripts.chitika.net/eminimalls/amm.js
301 Moved Permanently 167 B URL HTTP/1.1 scripts.chitika.net/eminimalls/amm.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /eminimalls/amm.js HTTP/1.1
Host: scripts.chitika.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 03 Dec 2022 20:49:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://scripts.chitika.net/eminimalls/amm.js
X-Cache: Redirect from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nl7Fw7nDtVnBEy1UapLsn0sM6tlGBpREvncX7LlZaZ0HVqnhy67ZsA==
astridberges-frisbey.blogspot.com/js/cookienotice.js
200 OK 2.0 kB URL HTTP/1.1 astridberges-frisbey.blogspot.com/js/cookienotice.js
IP
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: astridberges-frisbey.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/2011/05/roseburg-oregon-pictures.html
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 29 Nov 2022 18:29:34 GMT
Expires: Tue, 06 Dec 2022 18:29:34 GMT
Cache-Control: public, max-age=604800
Last-Modified: Tue, 29 Nov 2022 16:53:51 GMT
Content-Type: text/javascript
Age: 354003
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 1cb565003a19a78fd973caebb16a92cc
2870af258aff4fe8b0062cd85a357fcf4645ede9
db52d90aa836b459545746204f9e1403aa0023f56d857cbe75d581447e2a9468
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 21a200da38bc57ee6e48da9f5d712d50
079f8d3825239306a750569bfb19cb3731fab7cd
0c34bb8557a248159f0c079b2d125b0ce730bfede5ff9e5a922046804761478c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/widgets/55013136-widget_css_bundle.css
IP
File type ASCII text, with very long lines (30596)
Hash 6f46e6f68353c7911fe34f31faa1518f
ea4dbfa2f87c18e9c51c59a32dfa9afb9c2c3472
0be7e26374fcff6f423b88e5f2a05d1cfdcb56abb4a78fa125e391989782ae0f
GET /static/v1/widgets/55013136-widget_css_bundle.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 14:01:43 GMT
expires: Wed, 29 Nov 2023 14:01:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 28 Nov 2022 14:50:39 GMT
content-type: text/css
age: 370074
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/js/platform.js
200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js
IP
File type ASCII text, with very long lines (1279)
Hash 7ac44ef24e267df17ff72f195b252806
62db12d9ce11a576ccd7fa3544d851c5fd42f3b7
aae7897e7b55999c1b3166309381d19ac488dced51e14071339d8b193a686a61
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Sat, 03 Dec 2022 20:49:37 GMT
expires: Sat, 03 Dec 2022 20:49:37 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/2342155703-widgets.js
200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2342155703-widgets.js
IP
File type ASCII text, with very long lines (2221)
Hash 1217c8e34acb09c7cea97bae4d386ea1
55ee17703d0a7710943e93913bacb49220d98b4b
c2f23437ab938096bf8b40de8b08c4f27bb880b7ef8588481ec5ccc08b58870b
GET /static/v1/widgets/2342155703-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 05:43:29 GMT
expires: Wed, 29 Nov 2023 05:43:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 28 Nov 2022 14:50:39 GMT
content-type: text/javascript
age: 399968
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
IP
File type ASCII text, with very long lines (1441)
Hash f60e5037324bf7fd2256c16929886f09
aae4b1aea3737e0268e3578dd1d0e7cfe6c6d66b
71846da8d45274b77549b110389ab3dbcb8ce042051b5c39547909c1c343dfde
GET /static/v1/jsbin/3469866930-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6573
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 13:44:05 GMT
expires: Wed, 29 Nov 2023 13:44:05 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 28 Nov 2022 14:50:39 GMT
content-type: text/javascript
age: 371132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon18_edit_allbkg.gif
200 OK 162 B URL HTTP/2 resources.blogblog.com/img/icon18_edit_allbkg.gif
IP
File type GIF image data, version 89a, 18 x 18\012- data
Hash c991641178ff05adf0d004298b5eafa9
d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 14:19:01 GMT
expires: Tue, 06 Dec 2022 14:19:01 GMT
cache-control: public, max-age=604800
last-modified: Mon, 28 Nov 2022 19:53:31 GMT
content-type: image/gif
age: 369036
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.willamettephoto.com/portland-wedding-photographer/collage_sabrina.jpg
301 Moved Permanently 243 B URL HTTP/1.1 www.willamettephoto.com/portland-wedding-photographer/collage_sabrina.jpg
IP
ASN #5517 CSL Computer Service Langenbach GmbH
File type HTML document text\012- HTML document, ASCII text
Hash 1f4d5f14639dc85cf0861749f8512526
7e326414acc211bb16b732acc02d1195d1dd7a4e
a4f26e5d92783fc53d0b6fafba6c39b308df0b67cb879511468425c6c0414a1c
GET /portland-wedding-photographer/collage_sabrina.jpg HTTP/1.1
Host: www.willamettephoto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: redir-httpd
Date: Sat, 03 Dec 2022 20:49:37 GMT
Location: http://www.juancarlosphotography.com/portland-wedding-photographer/collage_sabrina.jpg
Last-Modified: Sat, 03 Dec 2022 11:01:53 GMT
Content-Length: 243
Content-Type: text/html; charset=utf-8
www.bedandbreakfast.com/inns/roseburg-oregon-chbaileyhouse.jpg
301 Moved Permanently 0 B URL HTTP/1.1 www.bedandbreakfast.com/inns/roseburg-oregon-chbaileyhouse.jpg
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /inns/roseburg-oregon-chbaileyhouse.jpg HTTP/1.1
Host: www.bedandbreakfast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.bedandbreakfast.com/inns/roseburg-oregon-chbaileyhouse.jpg
Date: Sat, 03 Dec 2022 20:49:37 GMT
Connection: keep-alive
img.youtube.com/vi/JtZxuo1nSwU/0.jpg
200 OK 38 kB URL HTTP/1.1 img.youtube.com/vi/JtZxuo1nSwU/0.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 9f07a7de9dc7ca19758c22f367a7bb72
f562405a4b919e8e1e7f0f996ddd26465f62aba1
79d20b677f7a4cb698b6a886e2ff847639597a8cc1f28fe239ad390c2cbc1ae1
GET /vi/JtZxuo1nSwU/0.jpg HTTP/1.1
Host: img.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="youtube"
Report-To: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
Timing-Allow-Origin: *
Content-Length: 38512
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 03 Dec 2022 20:48:29 GMT
Expires: Sat, 03 Dec 2022 22:48:29 GMT
Cache-Control: public, max-age=7200
ETag: "1458906741"
Content-Type: image/jpeg
Age: 68
cache2.artprintimages.com/p/LRG/28/2893/XOAPD00Z/art-print/chuck-haney-oak-trees-on-hillside-near-roseburg-oregon-usa.jpg
200 OK 41 kB URL HTTP/1.1 cache2.artprintimages.com/p/LRG/28/2893/XOAPD00Z/art-print/chuck-haney-oak-trees-on-hillside-near-roseburg-oregon-usa.jpg
IP
File type JPEG image data, JFIF standard 1.00, resolution (DPI), density 96x96, segment length 16, comment: "LEAD Technologies Inc. V1.01", baseline, precision 8, 400x300, components 3\012- data
Hash 63b2595b943a0db31daa9f4dca5e7944
217d054045eec1fd6c40ff44325f52d81f05e944
6014b4fb27105362af0148b7acc12a6820f27834c95b2ada513f9c595e59d1a5
GET /p/LRG/28/2893/XOAPD00Z/art-print/chuck-haney-oak-trees-on-hillside-near-roseburg-oregon-usa.jpg HTTP/1.1
Host: cache2.artprintimages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 200 OK
Content-Type: image/JPEG; charset=utf-8
Last-Modified: Thu, 24 May 2018 04:01:57 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 03 Dec 2022 20:49:37 GMT
Content-Length: 40698
Connection: keep-alive
Cache-Control: public, must-revalidate, max-age=2592000
ad.ad-u.com/ad.php
302 Found 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad.php HTTP/1.1
Host: ad.ad-u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 302 Found
content-length: 0
date: Sat, 03 Dec 2022 20:49:37 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=ad-u.com
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs
200 OK 58 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs
IP
File type ASCII text, with very long lines (580)
Hash 813b15c3004464f6bd39fd0773b04757
bd2218fe1e647f61132aad70d29cd91fd0416f26
446c6d83404c0fc4bc1ca6e1c0895f9400309185a534b3f4b6d500e668efeadf
GET /_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57794
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 19:47:40 GMT
expires: Wed, 29 Nov 2023 19:47:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
content-type: text/javascript; charset=UTF-8
age: 349317
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
200 OK 67 B URL HTTP/1.1 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Fri, 02 Dec 2022 22:15:11 GMT
Expires: Fri, 16 Dec 2022 22:15:11 GMT
Cache-Control: public, max-age=1209600
ETag: 13036835877489095579
Content-Type: text/javascript; charset=UTF-8
Age: 81266
www.monstertruckent.com/Photos/Roseburg_800x600_DeFoor/images/Monster%2520X%2520Tour%2520Roseburg%2520Oregon-140_jpg.jpg
404 Not Found 1.1 kB URL HTTP/1.1 www.monstertruckent.com/Photos/Roseburg_800x600_DeFoor/images/Monster%2520X%2520Tour%2520Roseburg%2520Oregon-140_jpg.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash abbaf4375ba883e93d997c0572e5671b
659af558abe250f52d373849425e60888216c729
bdf35fc5c765797b25a485a164f99239210aaf806bb1950750786b71920a331a
GET /Photos/Roseburg_800x600_DeFoor/images/Monster%2520X%2520Tour%2520Roseburg%2520Oregon-140_jpg.jpg HTTP/1.1
Host: www.monstertruckent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
x-wix-request-id: 1670100577.94118097654688469
Age: 0
X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMffg4QzcHG7Q/G3sPxCZ2oi,qquldgcFrj2n046g4RNSVKgcQ1THjb6B0pY8+X3A5SZYgeUJqUXtid+86vZww+nL,2d58ifebGbosy5xc+FRalmLW7g6d6kNxrSSerNIK0BX8OWt2LztnR4MJaYxo4MuKXjasSmn6KEfJMcGqErZkCOnKq/yY8cuH4VKB/CjxCO0=,2UNV7KOq4oGjA5+PKsX47PeE4JkJeK48Oko5cEfOjJRYgeUJqUXtid+86vZww+nL,7npGRUZHWOtWoP0Si3wDp7b0P2hW624+eIf97kAHQSk=,xTu8fpDe3EKPsMR1jrheEC/DkzXtLEUmtjBruUrGm9Y=,7qRhWu5NOm1hVs7o3HvocHvwrVLDiTTyx3/7eAyiyCyxmeK4hj40VP2gAsVPh8V0
Vary: Accept-Encoding
server-timing: cache;desc=miss, varnish;desc=miss, dc;desc=eun1_g
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: Pepyaka/1.19.10
Via: 1.1 google
image.shutterstock.com/display_pic_with_logo/502846/502846,1270573788,21/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-50354509.jpg
301 Moved Permanently 167 B URL HTTP/1.1 image.shutterstock.com/display_pic_with_logo/502846/502846,1270573788,21/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-50354509.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /display_pic_with_logo/502846/502846,1270573788,21/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-50354509.jpg HTTP/1.1
Host: image.shutterstock.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://image.shutterstock.com/display_pic_with_logo/502846/502846,1270573788,21/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-50354509.jpg
X-Cache: Redirect from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: 2VtGwOiRbm-gngcuSUbQJzsU8Q4uQ45GHJWBRL7DIlcG2vYnZkT20w==
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 21a200da38bc57ee6e48da9f5d712d50
079f8d3825239306a750569bfb19cb3731fab7cd
0c34bb8557a248159f0c079b2d125b0ce730bfede5ff9e5a922046804761478c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gimpslice.com/images/s_Honeycomb_083103_035.jpg
301 Moved Permanently 267 B URL HTTP/1.1 www.gimpslice.com/images/s_Honeycomb_083103_035.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 460552034fc70eb18cd9a361d6d7053e
fafac7e592a237b99a23ed2164d8c800eb6318cc
38d250e8e74eaff07b278622ad1b5dd64706e1275349b2dfbe9dfded632bc8e5
GET /images/s_Honeycomb_083103_035.jpg HTTP/1.1
Host: www.gimpslice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 20:49:38 GMT
Server: Apache
Location: https://www.gimpslice.com/images/s_Honeycomb_083103_035.jpg
Content-Length: 267
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ymads.com/banner.php?ad=t1rdrm&u=ahk845&w=728&h=90
301 Moved Permanently 178 B URL HTTP/1.1 ymads.com/banner.php?ad=t1rdrm&u=ahk845&w=728&h=90
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bd2695f4b079c71dbddde3436286fb9c
733c05da132193d6cf1d8e242d12e2525c03bab4
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
GET /banner.php?ad=t1rdrm&u=ahk845&w=728&h=90 HTTP/1.1
Host: ymads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Set-Cookie: AWSALB=VfuVSISuq+vbgfUOLIVPhWEomd9q6xKTYXIFsbLN7a2Zs+GW+90wm0Euin+fzv54F5sECyLTRv1scaLjP3/qqfb2M/gH/xEoZl0G4CGd5c1+EzLz6V5Ejcrwost2; Expires=Sat, 10 Dec 2022 20:49:38 GMT; Path=/
AWSALBCORS=VfuVSISuq+vbgfUOLIVPhWEomd9q6xKTYXIFsbLN7a2Zs+GW+90wm0Euin+fzv54F5sECyLTRv1scaLjP3/qqfb2M/gH/xEoZl0G4CGd5c1+EzLz6V5Ejcrwost2; Expires=Sat, 10 Dec 2022 20:49:38 GMT; Path=/; SameSite=None
Server: nginx/1.18.0 (Ubuntu)
Location: https://www.domainmarket.com/buynow/ymads.com
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1f3a4f3edea56419c58836a0c80d5cea
1558a7ad0acc0c09cdf39ec92030f7ee5736e595
70aeda0cb136ac1add86931a338558b9f302576cd65537575d232fda623fe2f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 21a200da38bc57ee6e48da9f5d712d50
079f8d3825239306a750569bfb19cb3731fab7cd
0c34bb8557a248159f0c079b2d125b0ce730bfede5ff9e5a922046804761478c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hometowninvasion.com/photos/470/IMG_7824.jpg
301 Moved Permanently 252 B URL HTTP/1.1 www.hometowninvasion.com/photos/470/IMG_7824.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ca231f61ac36c27257b7a7c07b7386e9
fcec8d3ccfd7a6d56119b6accab12d3aac9a5674
3f4907a338eb59117b9ba4a2cb7cddd705f71c74153102a3fe3720cb36e1205c
GET /photos/470/IMG_7824.jpg HTTP/1.1
Host: www.hometowninvasion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 20:49:37 GMT
Server: Apache
Location: https://hit.bugsy.me/photos/470/IMG_7824.jpg
Cache-Control: max-age=600
Expires: Sat, 03 Dec 2022 20:59:37 GMT
Content-Length: 252
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
static.guim.co.uk/sys-images/Guardian/Pix/pictures/2008/05/18/barack460x276.jpg
200 OK 18 kB URL HTTP/1.1 static.guim.co.uk/sys-images/Guardian/Pix/pictures/2008/05/18/barack460x276.jpg
IP
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 460x276, components 3\012- data
Hash 766ce47f9003f456dfe620bee61c0360
269c97c06d1c1628c00c9a2bb0c9bf7534b391ae
9d9715e8509a46e5d1b948f9498ba24197c2d8fac9c589c3cbe7e4bc26cd0ced
GET /sys-images/Guardian/Pix/pictures/2008/05/18/barack460x276.jpg HTTP/1.1
Host: static.guim.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17529
x-amz-id-2: YSy2OLPO+ai319/kHwp7wQPDfKLqtTXPCEl/GFDLBM2jXc1LjV4i6Se6vpaUgrRV7xuaxfov6cM=
x-amz-request-id: DXWADPXR000ECK6X
Last-Modified: Fri, 11 Mar 2016 12:00:15 GMT
ETag: "766ce47f9003f456dfe620bee61c0360"
Content-Type: image/jpeg
Server: AmazonS3
Fastly-Restarts: 1
Accept-Ranges: bytes
Date: Sat, 03 Dec 2022 20:49:38 GMT
Via: 1.1 varnish
Age: 0
X-Served-By: cache-bma1633-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1670100578.923233,VS0,VE181
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=86400
pics2.city-data.com/city/maps/fr5672.png
403 Forbidden 106 B URL HTTP/1.1 pics2.city-data.com/city/maps/fr5672.png
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e801e32b931f106d6037f9dfaa6b2912
f32e88e755bae2349d63292edffa20b9a8c5c70a
672441f311820594dcf731951d64d73bca1e467664f5c52fb6b9c589d56e8848
GET /city/maps/fr5672.png HTTP/1.1
Host: pics2.city-data.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 1b425e30a2d8dcf2a4f1ffc0ac996f88
b6763fddfa1937192a55f6e2f32edd9374cf262c
69687e3467ea22a32210fea2adb47101e83a2b77b899ed7777e026a1fd7ec475
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 20:49:38 GMT
Etag: "638a8d68-1d7"
Server: ECS (dcb/7FA3)
X-Cache: Miss from cloudfront
Via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: cUJQVGXTXLNvDx1yn7V_erR8aBkbdmaZebTWEyCUy0oXbTD-cd18wQ==
ocsp.digicert.com/
200 OK 279 B IP
Hash 4067aae3423b2b07ca7caab7c9503277
f427bbad70c869f7e4844cc60e8b6d19719eb44a
f4aa7ed4c86465f043dcf128992d7337f24733d21a184a3366cffe31be698ebc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5934
Cache-Control: max-age=135484
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:38 GMT
Etag: "638b0d70-117"
Expires: Mon, 05 Dec 2022 10:27:42 GMT
Last-Modified: Sat, 03 Dec 2022 08:48:48 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
www.bedandbreakfast.com/inns/roseburg-oregon-chbaileyhouse.jpg
301 Moved Permanently 0 B URL HTTP/2 www.bedandbreakfast.com/inns/roseburg-oregon-chbaileyhouse.jpg
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /inns/roseburg-oregon-chbaileyhouse.jpg HTTP/1.1
Host: www.bedandbreakfast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://www.vrbo.com/inns/roseburg-oregon-chbaileyhouse.jpg?vgdc=BBUS&preferlocale=true
date: Sat, 03 Dec 2022 20:49:38 GMT
X-Firefox-Spdy: h2
scripts.chitika.net/eminimalls/amm.js
200 OK 0 B URL HTTP/2 scripts.chitika.net/eminimalls/amm.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eminimalls/amm.js HTTP/1.1
Host: scripts.chitika.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 0
last-modified: Fri, 19 Apr 2019 16:37:52 GMT
server: AmazonS3
date: Sat, 03 Dec 2022 04:26:36 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UzXGZnKKmjCerJxh7IZWTok-JuFENZxMyIbsDFDqB2H72wp3_7kNJg==
age: 58983
X-Firefox-Spdy: h2
www.besthitsnow.com/b1.php?id=billymoon
200 OK 499 B URL HTTP/1.1 www.besthitsnow.com/b1.php?id=billymoon
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (499), with no line terminators
Hash 07a03c45bc1d72c21eb5f30b3e42a5da
0eaaff10cde20848dd402d71d236bb711a073b8f
aece268e8ff6d8229f25a973a16a3bf36094010dfd45b697778081d24d6bc404
GET /b1.php?id=billymoon HTTP/1.1
Host: www.besthitsnow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 499
content-type: text/html; charset=utf-8
date: Sat, 03 Dec 2022 20:49:37 GMT
server: nginx
set-cookie: sid=00819dc8-734c-11ed-baa2-8e961f650821; path=/; domain=.besthitsnow.com; expires=Fri, 22 Dec 2090 00:03:45 GMT; max-age=2147483647; HttpOnly
www.donkeysatwindchimesfarm.com/sitebuildercontent/sitebuilderpictures/BlackBartLisaOregon.jpg
200 OK 27 kB URL HTTP/1.1 www.donkeysatwindchimesfarm.com/sitebuildercontent/sitebuilderpictures/BlackBartLisaOregon.jpg
IP
ASN #19871 NETWORK-SOLUTIONS-HOSTING
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=9], baseline, precision 8, 822x694, components 3\012- data
Hash cbdcd5cfc2bfe26015ef75fd7dba5d12
2be4a55e748ef0a5721a638e58e9ca93d666f1bd
425017aa300e875d783b5648c44d3fb1a8ecb39e6b97deb2f7cfdb54abc982d8
GET /sitebuildercontent/sitebuilderpictures/BlackBartLisaOregon.jpg HTTP/1.1
Host: www.donkeysatwindchimesfarm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sun, 29 Mar 2009 08:30:32 GMT
Accept-Ranges: bytes
ETag: "52d4e89f48b0c91:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ARR/3.0, ASP.NET
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Length: 26890
Set-Cookie: persist-identification=643115018.20480.0000; expires=Sat, 03-Dec-2022 21:19:38 GMT; path=/; Httponly
www.aaroads.com/west/oregon100/or-126_wb_exit_004a_01.jpg
302 Found 249 B URL HTTP/1.1 www.aaroads.com/west/oregon100/or-126_wb_exit_004a_01.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dd7251aaa04a191a193cbd61165608b9
7234deb2e68af280fc8029152c77a3f325422946
d7578ae898b8f025dceadedcaa2ff1793116c8135fd116a551324102fa55b5e3
GET /west/oregon100/or-126_wb_exit_004a_01.jpg HTTP/1.1
Host: www.aaroads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
Content-Length: 249
Connection: keep-alive
Keep-Alive: timeout=15
Date: Sat, 03 Dec 2022 20:49:38 GMT
Server: Apache
Location: https://www.aaroads.com/west/oregon100/or-126_wb_exit_004a_01.jpg
image.shutterstock.com/display_pic_with_logo/502846/502846,1270573788,21/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-50354509.jpg
301 Moved Permanently 0 B URL HTTP/2 image.shutterstock.com/display_pic_with_logo/502846/502846,1270573788,21/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-50354509.jpg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /display_pic_with_logo/502846/502846,1270573788,21/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-50354509.jpg HTTP/1.1
Host: image.shutterstock.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-length: 0
server: CloudFront
date: Sat, 03 Dec 2022 20:02:41 GMT
location: /image-photo/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-450w-50354509.jpg
cache-control: max-age=2592000
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: VQZJ6UwTx1Idn8Ow83-Jq1INtZvnYOovpE-UR0cjx2jZvxQ3cCxCFQ==
age: 2817
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 20:11:18 GMT
cache-control: public,max-age=3600
age: 2300
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.concretedisciples.com/cd_skate/OR/roseburg/roseburg_skatepark.jpg
301 Moved Permanently 162 B URL HTTP/1.1 www.concretedisciples.com/cd_skate/OR/roseburg/roseburg_skatepark.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /cd_skate/OR/roseburg/roseburg_skatepark.jpg HTTP/1.1
Host: www.concretedisciples.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.concretedisciples.com/cd_skate/OR/roseburg/roseburg_skatepark.jpg
X-HTTPS-Enforce: 1
X-CDN-C: static
X-SG-CDN: 1
X-Proxy-Cache: MISS
X-Proxy-Cache-Info: 0301 NC:000000 UP:
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
www.oregoncitylink.com/photo/craterlake.jpg
301 Moved Permanently 707 B URL HTTP/1.1 www.oregoncitylink.com/photo/craterlake.jpg
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /photo/craterlake.jpg HTTP/1.1
Host: www.oregoncitylink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 707
Date: Sat, 03 Dec 2022 20:49:38 GMT
Server: LiteSpeed
Location: https://www.oregoncitylink.com/photo/craterlake.jpg
ocsp.digicert.com/
200 OK 471 B IP
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1638
Cache-Control: max-age=132271
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:38 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 09:34:09 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
www.juancarlosphotography.com/portland-wedding-photographer/collage_sabrina.jpg
404 Not Found 811 B URL HTTP/1.1 www.juancarlosphotography.com/portland-wedding-photographer/collage_sabrina.jpg
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 9d46cb6e0a59833524b7bac5c0ab5d07
c237ee2e516eb854681c011e169fe7168e8a78b4
51bbf4285608fe2a2c36e68f17b208f0aba3884232d28a6f07bf1ed4a7588baa
GET /portland-wedding-photographer/collage_sabrina.jpg HTTP/1.1
Host: www.juancarlosphotography.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Access-Control-Request-Method: GET,OPTIONS
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Sat, 03 Dec 2022 20:49:38 GMT
Server: Caddy
Set-Cookie: LSW_WEB="LSW_WEB1"; path=/
Status: 404 Not Found
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Forwarded-Proto: https
X-Frame-Options: SAMEORIGIN
X-Request-Id: 9bc17072-9516-4c47-b684-a785629737fd
X-Runtime: 0.006132
Transfer-Encoding: chunked
image.shutterstock.com/image-photo/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-450w-50354509.jpg
200 OK 35 kB URL HTTP/2 image.shutterstock.com/image-photo/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-450w-50354509.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 302x470, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cfcfec3721f9146b29d6173755d35140
828dfe42fe333bf46d1b737c8cc84b251adab34e
39711cb30d821e65f3099ee5f32b8e18f4c28c4a7d4adaa28f2de59f2f7b2178
GET /image-photo/stock-photo-oregon-state-hazardous-material-team-douglas-county-on-a-recent-corrosive-drill-in-roseburg-450w-50354509.jpg HTTP/1.1
Host: image.shutterstock.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 34678
date: Sat, 03 Dec 2022 20:48:30 GMT
last-modified: Wed, 09 Jun 2021 00:01:15 GMT
etag: "cfcfec3721f9146b29d6173755d35140"
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
access-control-allow-origin: *
cache-control: max-age=2592000
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: FYGoy2_g6z3I0zhtPosCRtd0lCOZgcXBk99rhqYrUDh4VAPI56usVQ==
age: 68
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 70800fddb0703e3cad6b4f46d68f354d
81d2a3e98acd76cf29092bec6ac752d37171a0ec
3fe3c883a18b941a5c75df28b7b8f8e8b8c163b8694e08a7b559b50347700c4e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=113013
Date: Sat, 03 Dec 2022 20:49:38 GMT
Etag: "638ac70d-1d7"
Expires: Mon, 05 Dec 2022 04:13:11 GMT
Last-Modified: Sat, 03 Dec 2022 03:48:29 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: K-jRF-qhCW375gr5JOJ1BMUg3lrl3re-2RyeU0pOKnSW-oRAan2c_w==
Age: 1482
ocsp.digicert.com/
200 OK 279 B IP
Hash c060e7bb3652143ae56eb9d4604d46b3
bf7ac5824939faa6e0c183a446d349f3bd9a74a8
38cd861c756da3d51d623e8bb8e1eb1ca261df0fabbf9a26a48ceed367e9a27f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=158716
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:38 GMT
Etag: "638b7f5e-117"
Expires: Mon, 05 Dec 2022 16:54:54 GMT
Last-Modified: Sat, 03 Dec 2022 16:54:54 GMT
Server: nginx
Content-Length: 279
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 485e58d9995c50bce87c6e7b57171c01
2ca059ecb27f4ed405c9232ccb1a69f013037e73
aca8d7646e970ad56b46aab0f81ea9143d9f6303210b31e6b5a9451fa57a03d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACA8D7646E970AD56B46AAB0F81EA9143D9F6303210B31E6B5A9451FA57A03D0"
Last-Modified: Thu, 01 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 04 Dec 2022 02:49:38 GMT
Date: Sat, 03 Dec 2022 20:49:38 GMT
Connection: keep-alive
www.vrbo.com/inns/roseburg-oregon-chbaileyhouse.jpg?vgdc=BBUS&preferlocale=true
404 Not Found 11 kB URL HTTP/2 www.vrbo.com/inns/roseburg-oregon-chbaileyhouse.jpg?vgdc=BBUS&preferlocale=true
IP
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18340)
Hash 92d8d25e39da6ed97aa6d9508dc45dd8
584046279b466cb2330b843ebd3b85676fb16d51
d769a968dfd882bfef36abf8e369bd6e895fdf502566ae5ee995bbe1edf1571a
GET /inns/roseburg-oregon-chbaileyhouse.jpg?vgdc=BBUS&preferlocale=true HTTP/1.1
Host: www.vrbo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cache-control: no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
ha-gx-prefs: en_US|USD
l5d-success-class: 1.0
strict-transport-security: max-age=15768000
surrogate-control: max-age=86400, stale-while-revalidate=60
surrogate-key: landing-pages-d663bd873d93
trace-id: 41cc066e-59cb-484b-ba49-d7e803292b74
x-b3-traceid: 41cc066e59cb484bba49d7e803292b74
x-cgp: 0.5.184
x-cgp-info: noJvmRouteSet;00a9ccd3-734c-11ed-951c-024288f4fe03
x-content-type-options: nosniff
x-csrf-jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbiI6ImJkYTI4MTNiNzhkM2ZkZWVhOGRkZmZkNGYwOGVmMWYyMDhjOWViNTgwYTJlNjA3ZjI1YjdiNGUxYjI5YjFjN2M4OTM4OTRiOTRjYWQ1NDg3OTA5ZjY2NGViNGIwNGZmNTY3Yjk5MGE2ZTYzNDQ0MDM5YjI5NmExMTQ1NzA0YTgwYzRmNWZjN2ZhN2I2MzQxMWM4NjZhZDgwYjliNWVlNmMwMzE3OTJiMmIxMzFkOTczZWRhMjI3MjRjNGQ1ZTdhMDg5NTRmOWRmY2M3ZDQzIiwiaWF0IjoxNjcwMTAwNTc4LCJleHAiOjE2NzA3MDUzNzh9.LJ0yJITJZIbqGQ2b26S_X76hniF45e24N2w34KLoeEM
x-download-options: noopen
x-eu-site: 0
x-frame-options: SAMEORIGIN
x-ha-application-name: pEOzhsRD/vPMKSlFCH09Jw==
x-ha-bot-classification: nHvyT69KshRRdK0q7uOg7A==
x-ha-device-type: QBC785sNx5XQ0y2+/kHo6Q==
x-ha-global-errors: 0
x-styx-info: CGP;00b00e61-734c-11ed-8141-0242e881c7e4
x-styx-origin-id: linkerd
x-xss-protection: 1; mode=block
content-length: 10694
date: Sat, 03 Dec 2022 20:49:38 GMT
vary: Accept-Encoding
set-cookie: HMS=91080b3b-1e4d-4490-baaf-e42c12087a45; Max-Age=1800; Expires=Sat, 03 Dec 2022 21:19:38 GMT; Path=/; Domain=.vrbo.com; Secure; SameSite=None
MC1=GUID=e38c5bf68264164eb81f9ec008820117; Expires=Sat, 03 Dec 2022 20:49:37 GMT; Secure; SameSite=None
DUAID=e38c5bf6-8264-164e-b81f-9ec008820117; Expires=Sat, 03 Dec 2022 20:49:37 GMT; Secure; SameSite=None
MC1=GUID=e38c5bf68264164eb81f9ec008820117; Expires=Sat, 03 Dec 2022 20:49:37 GMT; Domain=.www.vrbo.com; Secure; SameSite=None
DUAID=e38c5bf6-8264-164e-b81f-9ec008820117; Expires=Sat, 03 Dec 2022 20:49:37 GMT; Domain=.www.vrbo.com; Secure; SameSite=None
MC1=GUID=e38c5bf68264164eb81f9ec008820117; Max-Age=157680000; Expires=Thu, 02 Dec 2027 20:49:38 GMT; Path=/; Domain=.vrbo.com; Secure; SameSite=None
DUAID=e38c5bf6-8264-164e-b81f-9ec008820117; Max-Age=157680000; Expires=Thu, 02 Dec 2027 20:49:38 GMT; Path=/; Domain=.vrbo.com; Secure; SameSite=None
ha-device-id=e38c5bf6-8264-164e-b81f-9ec008820117; expires=Mon, 02-Dec-2024 20:49:38 GMT; path=/; secure; SameSite=None
hav=e38c5bf6-8264-164e-b81f-9ec008820117; expires=Mon, 02-Dec-2024 20:49:38 GMT; path=/; secure; SameSite=None
eu-site=0; Max-Age=10080; Path=/; Secure; SameSite=None
X-Firefox-Spdy: h2
my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz
302 Found 0 B URL HTTP/1.1 my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz
IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz HTTP/1.1
Host: my.blueadvertise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 03 Dec 2022 20:49:38 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670100578.3685093; expires=Tue, 30-Nov-2032 20:49:38 GMT; Max-Age=315360000
Location: http://ww38.my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz&subid1=20221204-0749-38de-8bf5-e679ababdfea
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
www.777seo.com/seo.php?username=billymoon
302 Found 0 B URL HTTP/1.1 www.777seo.com/seo.php?username=billymoon
IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /seo.php?username=billymoon HTTP/1.1
Host: www.777seo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 03 Dec 2022 20:49:38 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670100578.4802488; expires=Tue, 30-Nov-2032 20:49:38 GMT; Max-Age=315360000
Location: http://ww38.777seo.com/seo.php?username=billymoon&subid1=20221204-0749-3888-829d-cd695bec512f
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
www.blogger.com/dyn-css/authorization.css?targetBlogID=6072607690950852570&zx=5411be7a-333a-438a-9da4-297a6c51c362
200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=6072607690950852570&zx=5411be7a-333a-438a-9da4-297a6c51c362
IP
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=6072607690950852570&zx=5411be7a-333a-438a-9da4-297a6c51c362 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Dec 2022 20:49:38 GMT
last-modified: Sat, 03 Dec 2022 20:49:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b8ce3a687a086c64db16bb5ba2dc8923
a7df099ec6a33a59b236b147d8ed33555feb14ca
421e8e7fb2df53514586e7322962f0199d60eb466548ccc390116715bb17c04d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "421E8E7FB2DF53514586E7322962F0199D60EB466548CCC390116715BB17C04D"
Last-Modified: Fri, 02 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21563
Expires: Sun, 04 Dec 2022 02:49:01 GMT
Date: Sat, 03 Dec 2022 20:49:38 GMT
Connection: keep-alive
www.monstertruckent.com/Photos/Roseburg_800x600_DeFoor/images/Monster%2520X%2520Tour%2520Roseburg%2520Oregon-140_jpg.jpg
404 Not Found 1.1 kB URL HTTP/1.1 www.monstertruckent.com/Photos/Roseburg_800x600_DeFoor/images/Monster%2520X%2520Tour%2520Roseburg%2520Oregon-140_jpg.jpg
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash abbaf4375ba883e93d997c0572e5671b
659af558abe250f52d373849425e60888216c729
bdf35fc5c765797b25a485a164f99239210aaf806bb1950750786b71920a331a
GET /Photos/Roseburg_800x600_DeFoor/images/Monster%2520X%2520Tour%2520Roseburg%2520Oregon-140_jpg.jpg HTTP/1.1
Host: www.monstertruckent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 404 Not Found
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Age: 0
X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMfxTPCTF8HEG0VPsePyFbMl,qquldgcFrj2n046g4RNSVKgcQ1THjb6B0pY8+X3A5SZYgeUJqUXtid+86vZww+nL,2d58ifebGbosy5xc+FRalkU/4iWzIGN4mNDnwcO/Wc38OWt2LztnR4MJaYxo4MuKXjasSmn6KEfJMcGqErZkCMkoaLuM1mBiMjNljv9LOkI=,2UNV7KOq4oGjA5+PKsX47PeE4JkJeK48Oko5cEfOjJRYgeUJqUXtid+86vZww+nL
Vary: Accept-Encoding
X-Wix-Request-Id: 1670100578.53518543738938904
server-timing: cache;desc=hit, varnish;desc=hit, dc;desc=eun1_g
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: Pepyaka/1.19.10
Via: 1.1 google
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: A7lDIRqhlXdQKCLhoYQjNQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HUaxQCou1puSxPzb/nSftU1RTyM=
www.blogger.com/img/logo-16.png
200 OK 279 B URL HTTP/1.1 www.blogger.com/img/logo-16.png
IP
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 5ffecab6c722bb0adc3fce8d83b27993
0e59b05d3da526e82bb4f5d47c5d94e2a318dafb
cca664ca16fde285160e80eae6ba4501c27b1dd1ce09aec1e84caa74b5baff53
GET /img/logo-16.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 279
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 29 Nov 2022 07:09:33 GMT
Expires: Tue, 06 Dec 2022 07:09:33 GMT
Cache-Control: public, max-age=604800
Last-Modified: Tue, 29 Nov 2022 05:51:11 GMT
Content-Type: image/png
Age: 394805
pics2.city-data.com/city/maps/fr5672.png
403 Forbidden 106 B URL HTTP/1.1 pics2.city-data.com/city/maps/fr5672.png
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e801e32b931f106d6037f9dfaa6b2912
f32e88e755bae2349d63292edffa20b9a8c5c70a
672441f311820594dcf731951d64d73bca1e467664f5c52fb6b9c589d56e8848
GET /city/maps/fr5672.png HTTP/1.1
Host: pics2.city-data.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.juancarlosphotography.com/portland-wedding-photographer/collage_sabrina.jpg
404 Not Found 811 B URL HTTP/1.1 www.juancarlosphotography.com/portland-wedding-photographer/collage_sabrina.jpg
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 9d46cb6e0a59833524b7bac5c0ab5d07
c237ee2e516eb854681c011e169fe7168e8a78b4
51bbf4285608fe2a2c36e68f17b208f0aba3884232d28a6f07bf1ed4a7588baa
GET /portland-wedding-photographer/collage_sabrina.jpg HTTP/1.1
Host: www.juancarlosphotography.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Access-Control-Request-Method: GET,OPTIONS
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Sat, 03 Dec 2022 20:49:38 GMT
Server: Caddy
Set-Cookie: LSW_WEB="LSW_WEB1"; path=/
Status: 404 Not Found
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Forwarded-Proto: https
X-Frame-Options: SAMEORIGIN
X-Request-Id: bd3cf813-7112-4374-92c4-cb8e81a0ce6d
X-Runtime: 0.006290
Transfer-Encoding: chunked
www.beauphoto.com/PMA07_blog/images/day1.jpg
301 Moved Permanently 0 B URL HTTP/1.1 www.beauphoto.com/PMA07_blog/images/day1.jpg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /PMA07_blog/images/day1.jpg HTTP/1.1
Host: www.beauphoto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Dec 2022 20:49:41 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
x-flying-press-cache: MISS
x-flying-press-source: PHP
X-Redirect-By: iThemes Security
Location: https://www.beauphoto.com/PMA07_blog/images/day1.jpg
Cache-Control: max-age=0
Expires: Sat, 03 Dec 2022 20:49:40 GMT
www.gimpslice.com/images/s_Honeycomb_083103_035.jpg
200 OK 120 kB URL HTTP/2 www.gimpslice.com/images/s_Honeycomb_083103_035.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=10, description= , manufacturer=SONY, model=CYBERSHOT, orientation=upper-left, xresolution=182, yresolution=190, resolutionunit=2, datetime=2003:08:31 12:54:41], baseline, precision 8, 300x400, components 3\012- data
Size 120 kB (119852 bytes)
Hash 34647c590371db14b9bed806896a0b12
a931dfbac8e7f3870ea02fe36f26bb0a2defd29f
154befb9eaf7024b5095f0e442a7e5fcd46fd32abfe0da0dd33a6c59ece1a0f9
GET /images/s_Honeycomb_083103_035.jpg HTTP/1.1
Host: www.gimpslice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 20:49:38 GMT
server: Apache
last-modified: Sun, 18 Apr 2004 05:36:06 GMT
etag: "1d42c-3d850d237fd80"
accept-ranges: bytes
content-length: 119852
cache-control: max-age=2592000
expires: Mon, 02 Jan 2023 20:49:38 GMT
vary: User-Agent
content-type: image/jpeg
X-Firefox-Spdy: h2
www.besthitsnow.com/b1.php?ch=1&id=billymoon&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDEwNzc3OCwiaWF0IjoxNjcwMTAwNTc4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21tNzg0a2xtMW5pdGo4c2MwYXBvbzciLCJuYmYiOjE2NzAxMDA1NzgsInRzIjoxNjcwMTAwNTc4MTY0NTQ3fQ.c9jpOTh1z0h3jYT5plcccgPITnMiwnaBoEhOGdwl6Pw&sid=00819dc8-734c-11ed-baa2-8e961f650821
302 Found 11 B URL HTTP/1.1 www.besthitsnow.com/b1.php?ch=1&id=billymoon&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDEwNzc3OCwiaWF0IjoxNjcwMTAwNTc4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21tNzg0a2xtMW5pdGo4c2MwYXBvbzciLCJuYmYiOjE2NzAxMDA1NzgsInRzIjoxNjcwMTAwNTc4MTY0NTQ3fQ.c9jpOTh1z0h3jYT5plcccgPITnMiwnaBoEhOGdwl6Pw&sid=00819dc8-734c-11ed-baa2-8e961f650821
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /b1.php?ch=1&id=billymoon&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3MDEwNzc3OCwiaWF0IjoxNjcwMTAwNTc4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc21tNzg0a2xtMW5pdGo4c2MwYXBvbzciLCJuYmYiOjE2NzAxMDA1NzgsInRzIjoxNjcwMTAwNTc4MTY0NTQ3fQ.c9jpOTh1z0h3jYT5plcccgPITnMiwnaBoEhOGdwl6Pw&sid=00819dc8-734c-11ed-baa2-8e961f650821 HTTP/1.1
Host: www.besthitsnow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.besthitsnow.com/b1.php?id=billymoon
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sat, 03 Dec 2022 20:49:37 GMT
location: http://click-v4.junmediadirect1.com/click?i=f10KydNi*zE_0
server: nginx
set-cookie: sid=00819dc8-734c-11ed-baa2-8e961f650821; path=/; domain=.besthitsnow.com; expires=Fri, 22 Dec 2090 00:03:45 GMT; max-age=2147483647; HttpOnly
ww38.my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz&subid1=20221204-0749-38de-8bf5-e679ababdfea
200 OK 5.9 kB URL HTTP/1.1 ww38.my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz&subid1=20221204-0749-38de-8bf5-e679ababdfea
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2647)
Hash 9ae49406b6405f2f7a373345b9eeba43
5e996ad151a663e9856d84b268527c2538e8e357
b8832502b2f819b8785af32c5525c22d47ea78a4cdd2a00806731f82764e1087
GET /__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz&subid1=20221204-0749-38de-8bf5-e679ababdfea HTTP/1.1
Host: ww38.my.blueadvertise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_SAozAgFbWOWBTioCzIwo46IbZp/MsCBaUUL9N4c414uZLOKHD0HjhnmugTRA8bnPQYEc7gyjkbSnVy/Bjk5BZw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
ww38.777seo.com/seo.php?username=billymoon&subid1=20221204-0749-3888-829d-cd695bec512f
200 OK 5.9 kB URL HTTP/1.1 ww38.777seo.com/seo.php?username=billymoon&subid1=20221204-0749-3888-829d-cd695bec512f
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2638)
Hash 0f510ca3380304d41a1a7597e98052e4
7ca612411e7a47ec914a772407c44b7882671518
f83227ecb3a077b3639c539c03fe3c4f33578c75332e0c4fd1d03456494aeddc
GET /seo.php?username=billymoon&subid1=20221204-0749-3888-829d-cd695bec512f HTTP/1.1
Host: ww38.777seo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_SOlQefkTy5Ywv31rFmEdC2Gdtkm0ei0hv5mG/fVPIhflQBJz7QXK+258XvEc2OUcwBCBzC7FV/MO1B9+v51ClQ==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash a06afa1875c7542451698bb20623def1
b6075db78f93567b4a115d4cc0c1cc7f170de3f6
0257f7232d4431fadd985f2137df900816246f51936ae8521d35f44b21fa6c83
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dae91e08e3a2641e993d864c7da20e33
fb22f9894373bae69fd1f87827afbe5fbbfca791
8c78e8034726c408c5bb9467217db770e3cc40e32eb415b09a0492a13017b0d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C78E8034726C408C5BB9467217DB770E3CC40E32EB415B09A0492A13017B0D5"
Last-Modified: Fri, 02 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21595
Expires: Sun, 04 Dec 2022 02:49:33 GMT
Date: Sat, 03 Dec 2022 20:49:38 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D6072607690950852570%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM5OTk5OTkiByM5OWFhZGQqByMwMDAwMDAyByNhYWRkOTk6ByM5OTk5OTlCByM5OWFhZGRKByM3Nzc3NzdSByM5OWFhZGRaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D8006378722548583375%26origin%3Dhttp://astridberges-frisbey.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D6072607690950852570%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM5OTk5OTkiByM5OWFhZGQqByMwMDAwMDAyByNhYWRkOTk6ByM5OTk5OTlCByM5OWFhZGRKByM3Nzc3NzdSByM5OWFhZGRaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D8006378722548583375%26origin%3Dhttp://astridberges-frisbey.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&go=true
302 Found 497 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D6072607690950852570%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM5OTk5OTkiByM5OWFhZGQqByMwMDAwMDAyByNhYWRkOTk6ByM5OTk5OTlCByM5OWFhZGRKByM3Nzc3NzdSByM5OWFhZGRaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D8006378722548583375%26origin%3Dhttp://astridberges-frisbey.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D6072607690950852570%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM5OTk5OTkiByM5OWFhZGQqByMwMDAwMDAyByNhYWRkOTk6ByM5OTk5OTlCByM5OWFhZGRKByM3Nzc3NzdSByM5OWFhZGRaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D8006378722548583375%26origin%3Dhttp://astridberges-frisbey.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&go=true
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (543)
Hash 84058060f8014cc702f8d268db9c8f72
90fe4f524ac3a013c24c69ff4ca92ba3c7825c26
70cfb5d1ba8ac1edf7f9095f3bec2af130787c4b35921f229eed25d56d186247
GET /ServiceLogin?passive=true&continue=https://www.blogger.com/followers.g?blogID%3D6072607690950852570%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM5OTk5OTkiByM5OWFhZGQqByMwMDAwMDAyByNhYWRkOTk6ByM5OTk5OTlCByM5OWFhZGRKByM3Nzc3NzdSByM5OWFhZGRaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D8006378722548583375%26origin%3Dhttp://astridberges-frisbey.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&followup=https://www.blogger.com/followers.g?blogID%3D6072607690950852570%26colors%3DCgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM5OTk5OTkiByM5OWFhZGQqByMwMDAwMDAyByNhYWRkOTk6ByM5OTk5OTlCByM5OWFhZGRKByM3Nzc3NzdSByM5OWFhZGRaC3RyYW5zcGFyZW50%26pageSize%3D21%26postID%3D8006378722548583375%26origin%3Dhttp://astridberges-frisbey.blogspot.com/%26usegapi%3D1%26jsh%3Dm;/_/scs/abc-static/_/js/k%253Dgapi.lb.en.geaHZXF2-fw.O/d%253D1/rs%253DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/m%253D__features__%26bpli%3D1&go=true HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Dec 2022 20:49:38 GMT
location: https://www.blogger.com/followers.g?blogID=6072607690950852570&colors=Cgt0cmFuc3BhcmVudBILdHJhbnNwYXJlbnQaByM5OTk5OTkiByM5OWFhZGQqByMwMDAwMDAyByNhYWRkOTk6ByM5OTk5OTlCByM5OWFhZGRKByM3Nzc3NzdSByM5OWFhZGRaC3RyYW5zcGFyZW50&pageSize=21&postID=8006378722548583375&origin=http%3A%2F%2Fastridberges-frisbey.blogspot.com%2F&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__&bpli=1
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-y-jnUY3vt3cE72BE9GUjyA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 497
server: GSE
set-cookie: __Host-GAPS=1:5qqDmM9xrXkwiJ8br8sIvqCur0cT-Q:PyBXfP5XbiJKTzMn;Path=/;Expires=Mon, 02-Dec-2024 20:49:38 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/adsense/domains/caf.js
200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP
File type ASCII text, with very long lines (1885)
Hash 485e65610eb2ebdbcc10e85715122d37
9bfc3f3add23f16e5ae10206589119b638cf4f8a
5a0cd84826bed56584e38971c9addd985d0d3691cca725de30b8592154109afe
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.my.blueadvertise.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 03 Dec 2022 20:49:38 GMT
Expires: Sat, 03 Dec 2022 20:49:38 GMT
Cache-Control: private, max-age=3600
ETag: "13012075086301908205"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
200 OK 7.0 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
IP
File type ASCII text, with very long lines (316)
Hash 3c7567521347bf95b105ffa7fdc7da86
08739adacbf1300c74d8ae1cf100d00d9fbd0e5f
0e32bca6b67dfdeed3f9b988ddcec1adf0502549a130a78c4ace64c318a7ea29
Analyzer Verdict Alert fortinet Malware
GET /scripts/maincaf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.my.blueadvertise.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7006
Connection: keep-alive
Server: nginx
Date: Sat, 03 Dec 2022 01:37:19 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
Accept-Ranges: bytes
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 9e68c5632e1f9f77f8da043a0495769a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: EkNzqIeB8A8BZ41cX6kCTOsd2sTsMLDFAMu4rjeeG5Zp9aSBb8ebVg==
Age: 69139
c.parkingcrew.net/scripts/sale_form.js
200 OK 761 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP
Hash 64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.my.blueadvertise.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 20:49:38 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8MTYweDYwMHwxNjB8NjAwfDM=
302 Found 0 B URL HTTP/1.1 my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8MTYweDYwMHwxNjB8NjAwfDM=
IP
ASN #133618 Trellian Pty. Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /__adserver/insertions/display.php?token=MTA4ODF8MTYweDYwMHwxNjB8NjAwfDM= HTTP/1.1
Host: my.blueadvertise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://astridberges-frisbey.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 03 Dec 2022 20:49:38 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1670100578.7077042; expires=Tue, 30-Nov-2032 20:49:38 GMT; Max-Age=315360000
Location: http://ww38.my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8MTYweDYwMHwxNjB8NjAwfDM=&subid1=20221204-0749-384a-8224-4c03782a4ae6
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
www.domainmarket.com/buynow/ymads.com
200 OK 15 kB URL HTTP/2 www.domainmarket.com/buynow/ymads.com
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (785)
Hash d971d4bbe6fe030f583fdb43f7f00d4c
b17c38e691e73f5ad225597f1bc15df3f8fc6fbb
a3dd60d4f7a29ebe617310d70b5454fa6b96bca398b69914752f11e26e64c05c
GET /buynow/ymads.com HTTP/1.1
Host: www.domainmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 20:49:38 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: GET
last-modified: Sat, 03 Dec 2022 12:04:38 GMT
cf-cache-status: HIT
age: 9593
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ES1xjVXWg02c5EK4%2BoIPswTdKSAtLbTCsnllEYmV%2BUVO8j8RgNDq8LFXzHxJOyFCfAZUBM21ddijs%2BLmqkE6HfLyAhrs1jQPezm7qdIbyb1fnA2FMsLkoHq1uRCm2mrcNC8U4Ow2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773f2b878d34b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.oregoncitylink.com/photo/craterlake.jpg
404 Not Found 12 kB URL HTTP/2 www.oregoncitylink.com/photo/craterlake.jpg
IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash 08ed412e4a0c90e92cb179fb543e762e
d9778467d98a36aa43e1208ebcd50ae3c5ecf7bb
2c6da5cf8db6cd6e3edd89bb51a7791687c231f11ac9aa17085f32d3dd53aa7b
GET /photo/craterlake.jpg HTTP/1.1
Host: www.oregoncitylink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://www.oregoncitylink.com/wp-json/>; rel="https://api.w.org/"
cache-control: no-cache, must-revalidate, max-age=0
x-cacheable: yes
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
content-length: 19084
date: Sat, 03 Dec 2022 20:49:38 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.comodoca.com/
200 OK 472 B IP
Hash 664fb2be037c5c8a303d025ee50c74e2
477331512912ec7ece391d132fd896bf76056af7
99c9f950351b44761d6716e1446bf9a0c63a50cf37c0b6f8a9d43d88049eac7b
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 20:49:39 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 20:15:24 GMT
Expires: Sat, 10 Dec 2022 20:15:23 GMT
Etag: "477331512912ec7ece391d132fd896bf76056af7"
Cache-Control: max-age=602143,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: MISS
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773f2b8aefa9fab4-OSL
ww38.my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz&subid1=20221204-0749-38de-8bf5-e679ababdfea&_xafvr=NzcyNGY3NzUyMjIzNGZlMDk3ZjEyZTJiOGZjNzQwMjhmZmVhY2M3ZSw2MzhiYjY2MmIwY2U1
200 OK 2.7 kB URL HTTP/1.1 ww38.my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz&subid1=20221204-0749-38de-8bf5-e679ababdfea&_xafvr=NzcyNGY3NzUyMjIzNGZlMDk3ZjEyZTJiOGZjNzQwMjhmZmVhY2M3ZSw2MzhiYjY2MmIwY2U1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash b48ffb17459c50cd06875f8d5393a5aa
0724a54ce8ec570fecd3eb7c96311dc6c026794e
4752625ca685dfd8dfa9b16dce166ea2624521f0cf4c3360889a6852cd9a28f7
GET /__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz&subid1=20221204-0749-38de-8bf5-e679ababdfea&_xafvr=NzcyNGY3NzUyMjIzNGZlMDk3ZjEyZTJiOGZjNzQwMjhmZmVhY2M3ZSw2MzhiYjY2MmIwY2U1 HTTP/1.1
Host: ww38.my.blueadvertise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz&subid1=20221204-0749-38de-8bf5-e679ababdfea
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 20:49:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_yahoo
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
c.parkingcrew.net/scripts/sale_form.js
200 OK 761 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP
Hash 64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.my.blueadvertise.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Dec 2022 20:49:39 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
ww38.my.blueadvertise.com/favicon.ico
200 OK 0 B URL HTTP/1.1 ww38.my.blueadvertise.com/favicon.ico
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ww38.my.blueadvertise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.my.blueadvertise.com/__adserver/insertions/display.php?token=MTA4ODF8NzI4eDkwfDcyOHw5MHwz&subid1=20221204-0749-38de-8bf5-e679ababdfea&_xafvr=NzcyNGY3NzUyMjIzNGZlMDk3ZjEyZTJiOGZjNzQwMjhmZmVhY2M3ZSw2MzhiYjY2MmIwY2U1
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 20:49:39 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4107
Expires: Sat, 03 Dec 2022 21:58:06 GMT
Date: Sat, 03 Dec 2022 20:49:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4107
Expires: Sat, 03 Dec 2022 21:58:06 GMT
Date: Sat, 03 Dec 2022 20:49:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4107
Expires: Sat, 03 Dec 2022 21:58:06 GMT
Date: Sat, 03 Dec 2022 20:49:39 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7dc00fa-a8d3-44bf-ba84-1998d8dd7c5a.jpeg
200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7dc00fa-a8d3-44bf-ba84-1998d8dd7c5a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fcb89ca25035b2bbb71ae5dd175fcd40
544428cdad754b1bb7be3cd46a79bf078fd5b450
36dcbbe6cd2710ee502776b4bcf32053e92b750a55e2bd4cdeadbc694c7c2699
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7dc00fa-a8d3-44bf-ba84-1998d8dd7c5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: c824c317-e6e3-4006-9f9d-ea54e8170a4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cf2_tGErIAMF8_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63896b97-7fc523296afea4dd4b5d1de8;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 03:05:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tp50A9LYeT1RvSPImBUoQNKtarPryKb8Zacm_nxqDh-gegwdQov7Nw==
via: 1.1 40b967aa4aa18637c4b91214147f3cb4.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 03:50:52 GMT
age: 61127
etag: "544428cdad754b1bb7be3cd46a79bf078fd5b450"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e74254b3fdce7d6b84a71a7aff43789
65c8b4abf957f9b54d99d0f78559e639adb29efb
f278c3cc6734da7188862a8c651c803e7ac1fda82234e191761453cb1359d3ee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5354
x-amzn-requestid: 3d58ffea-3433-4c5c-a60b-17f6de3a33e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsnvG44oAMFfyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427ca-63b375f04189b7ce7d84cd5d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:15:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GBhAilKMKo9RvIzqzF9V4jTZbvpa2rPZeoy6Jy8fMc1-JO078OAYzQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:53:40 GMT
age: 53759
etag: "65c8b4abf957f9b54d99d0f78559e639adb29efb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 75d7d60cd808587791afb60d73adcb47
19b66b63f8bb28fb54969651c130a507a15b3747
c0c96935405b389daaa139655d67acd960b9c3a2db641944f38e73b9575b47e4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=101273
Date: Sat, 03 Dec 2022 20:49:39 GMT
Etag: "638a8688-1d7"
Expires: Mon, 05 Dec 2022 00:57:32 GMT
Last-Modified: Fri, 02 Dec 2022 23:13:12 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: ZqGQot9bbvYc9sLOV0t9F7EYA85TE2E-3dE10Xy8jQjQ3OtFihiZNA==
Age: 6260
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 06:00:50 GMT
age: 53329
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:54 GMT
age: 83505
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 79835
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3abdcce275bb9723b4ac1d0c38cc8891
91f0d888c38db0899f106b652e3dcac062648099
ff411fc0d5abaf519d6600961ec51ad71ad9a02e23cc02ad818e27f0324b3d1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7657
x-amzn-requestid: c0dbd862-41cf-4fa8-ab6b-256763c63fbf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1Fo6IAMF9EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-554ffbc83fd70c557437120f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ElvfdUly4Rb3YOQyMO2C_VelFUe6xcFbMh6x5fNrRzGjKCITdGSwLQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:47 GMT
age: 83512
etag: "91f0d888c38db0899f106b652e3dcac062648099"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
brigi-jar.com/lander?dn=blueadvertise.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1
200 OK 11 kB URL HTTP/2 brigi-jar.com/lander?dn=blueadvertise.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1996)
Hash 62a334dfc3a0349484ed1fb174f89732
86af3264c5316ec2b35d8dfc81ba17d2efcab33c
a5e497e9878a0e7a4420911c875cfa65b0af86f574efa7bbfda7e8494be30742
GET /lander?dn=blueadvertise.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1 HTTP/1.1
Host: brigi-jar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww38.my.blueadvertise.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 20:49:40 GMT
content-type: text/html;charset=UTF-8
content-length: 11029
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
brigi-jar.com/main.js
200 OK 480 B IP
Hash 91558066fecbfc1f6f77842f6aa85a6c
6bb5c5f2cb4efaf30a8ab810e1b453dcb4df108e
efa0d78cbfa66831e490b26d1bb55b14f6c9f8f3a04b1d08403947abd25908ed
GET /main.js HTTP/1.1
Host: brigi-jar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/lander?dn=blueadvertise.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 20:49:40 GMT
content-type: application/javascript
content-length: 480
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Wed, 23 Nov 2022 08:14:12 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
brigi-jar.com/style.css
200 OK 6.0 kB IP
Hash 2eb024ad11ef5f2e503bfb60117c25d8
235b5ca1205cc2ca3d0b8e4f98ce022512b05c0f
d8efc1d8e1100baf07f4105119fde6f8fe760a9efebf189adc5d9b3dfccc9e0a
GET /style.css HTTP/1.1
Host: brigi-jar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/lander?dn=blueadvertise.com&feedid=c29bc710-7228-11ec-932e-0a0baae9769b&tag=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 20:49:40 GMT
content-type: text/css
content-length: 5981
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Wed, 23 Nov 2022 08:14:12 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins:300
200 OK 870 B URL HTTP/2 fonts.googleapis.com/css?family=Poppins:300
IP
Hash 1bf2015aca78b0e8cd527eb10931e485
a48cf4928dfcf57b93a405257dafcb7573ca9032
a9ca9f20aa5a812dbf9aed92988f26dda6a1c05985cdc335bbab51d64dbb47f5
GET /css?family=Poppins:300 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 20:49:40 GMT
date: Sat, 03 Dec 2022 20:49:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
brigi-jar.com/empty.gif
200 OK 305 B IP
File type gzip compressed data, max compression\012- data
Hash 0e4da4b3bc3bba23f60dd4974b10c21c
be8e7f89addca9a10e1abb72ccddae57658acbdb
650a74064e976721467d1c9b78552092c46bfc52d4914d4971d2d29bce648942
GET /empty.gif HTTP/1.1
Host: brigi-jar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 20:49:40 GMT
content-type: image/gif
content-length: 42
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Wed, 23 Nov 2022 08:14:12 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://brigi-jar.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 21:48:50 GMT
expires: Thu, 30 Nov 2023 21:48:50 GMT
cache-control: public, max-age=31536000
age: 255650
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 20:49:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash ca55a81e6602392abf6aa41bc3af8f1c
aa5e941842248912347a29da396cb8c1407ca873
7e415ca05b75f8f72681ae38cd9a48f3bd5bc00f06d5856d89af11f6b94bafe1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=101251
Date: Sat, 03 Dec 2022 20:49:40 GMT
Etag: "638a8d7b-1d7"
Expires: Mon, 05 Dec 2022 00:57:11 GMT
Last-Modified: Fri, 02 Dec 2022 23:42:51 GMT
Server: ECS (dcb/7EC7)
X-Cache: Miss from cloudfront
Via: 1.1 667bc9576cb65b03461f4c2ed893152e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: CvwEwLC2byvIPMRMdJYvqnObK6LukCoYHPnzTaWjcOOsMazGe8_kxA==
Age: 4460
assetscdn.com/img/arrows.png
200 OK 25 kB URL HTTP/2 assetscdn.com/img/arrows.png
IP
File type gzip compressed data, max compression\012- data
Hash cb13d5df3713128759159b441b230119
d7ba791e1ac8de05bf3dcdf9d89c5f37df7a3d94
a4ca3bfbf08b0ef7d08f1348024d09d59178fddb5a710fb3069cdc2e6d3df4fd
GET /img/arrows.png HTTP/1.1
Host: assetscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 24415
date: Wed, 02 Nov 2022 00:53:07 GMT
last-modified: Thu, 04 Aug 2022 10:09:47 GMT
etag: "c97abaaf2fb3de553aa0531e97dff187"
cache-control: public, max-age=31556926
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 990c1aa70667fe4e8f93d88ac8400fc4.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: FiSdiJ6Y0gCqQGlJhdmqKdkhR6I2NagAYFxt15GxN8n7dNxyc7jPUw==
age: 2750194
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Poppins
IP
GET /css?family=Poppins HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://brigi-jar.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 20:49:40 GMT
date: Sat, 03 Dec 2022 20:49:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hugedomains.com/domain_profile.cfm?d=ad-u.com
200 OK 0 B URL HTTP/2 www.hugedomains.com/domain_profile.cfm?d=ad-u.com
IP
GET /domain_profile.cfm?d=ad-u.com HTTP/1.1
Host: www.hugedomains.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 20:49:38 GMT
content-type: text/html; charset=utf-8
cache-control: private
vary: Accept-Encoding
set-cookie: site_version_phase=108; expires=Tue, 28-Nov-2023 20:49:38 GMT; path=/
site_version=HDv3; expires=Tue, 28-Nov-2023 20:49:38 GMT; path=/
captcha-tracker=; expires=Fri, 02-Dec-2022 20:49:38 GMT; path=/
x-powered-by: ASP.NET
lb: TclPrdLbHd1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QF6KJR6ckyVWb2l7TodMQIZaGBCb8cLWOWhgEAQaVBYkkeyZmJcfMnPJhc7wZCrSALP%2FF2dZtc%2B4ifbmPZZILm88k31jk087AyF5mUMJ2TAbhUreiN3jxqOoNo9PTYz1r%2Fyjj0E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773f2b859f5d1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
hit.bugsy.me/photos/470/IMG_7824.jpg
404 Not Found 0 B URL HTTP/2 hit.bugsy.me/photos/470/IMG_7824.jpg
IP
GET /photos/470/IMG_7824.jpg HTTP/1.1
Host: hit.bugsy.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://astridberges-frisbey.blogspot.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
age: 0
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 03 Dec 2022 20:49:38 GMT
etag: 1500220612-ssl-df
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01GKCW0W82S4H7D7NKAVKNQWYA
X-Firefox-Spdy: h2
142.250.74.161
95.101.10.105
5.79.79.212
103.224.182.251
23.52.86.179
162.244.239.58
104.18.32.68
35.197.227.153
185.53.178.30