firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 06:15:30 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VIjmyZzT1u-ebezyxi3h6xLZQvbgIqjkr_ijW8fLwFJtHHHg-752ig==
Age: 2413
crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
172.67.146.119200 OK 2.0 kB URL HTTP/1.1 crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
IP 172.67.146.119:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6254), with no line terminators
Hash 168fbdcc99da8cf66e6348a35f8967c7
1b1f14c928f682082c2f7a022e441e5426511e2d
f1bd0b1c81c3072171736e47042f8bf558d9e019c090611540bdbe5c482f8b40
Analyzer Verdict Alert quad9 Sinkholed
GET /?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DLJtU5caJIlTGNrQN5R5OMjGgU6u%2FFNdpSOgreaJTVAFURv3FGJB4lPyptWVIpjWAA31YK6kQx3KTS29gjfXjHI%2Bjc6RLjdGS56x8K2Xg4W0VcMdqHLbE%2B6309uEVtf2So%2Bu7NTr"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 751255d99a67b527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9451
Expires: Tue, 27 Sep 2022 09:33:14 GMT
Date: Tue, 27 Sep 2022 06:55:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
date: Mon, 26 Sep 2022 09:17:07 GMT
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _YgRlCtNFjononGoRzLdop8NcoRv1rkO7GbgRqTyPlyV3VOQChTBJA==
age: 77917
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 06:55:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
crystal-blocker.com/assets/css/crb-home.d303c3bf7be95e8c0998.css
172.67.146.119200 OK 1.8 kB URL HTTP/1.1 crystal-blocker.com/assets/css/crb-home.d303c3bf7be95e8c0998.css
IP 172.67.146.119:0
File type ASCII text, with very long lines (6210)
Hash 8bb7b1032d183f3b01f535365cb42d7c
644c63662e8642d34f3da21011597fbdf1e5eaac
78e31e9d0aa24265527cb9fd35869194b1b2f982e4816c937ab464b20f8fec6d
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/crb-home.d303c3bf7be95e8c0998.css HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: text/css; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255dc6e6ab527-OSL
Age: 135968
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sGvpPtNKRmQb1ZORp7dvm4Wl0yeuUt6p9p2rDmtLd08GBw7Fnw6r2Ts0SnNGS0c4SXZvFLLjID75QlYBAiZhHM7ZDZ31lg6G6u4hKDFOu3XHE5Pux66kgs777fpbmgMh7IIPilJZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/js/runtime.8c6c5b164346b79aab2e.js
172.67.146.119200 OK 923 B URL HTTP/1.1 crystal-blocker.com/assets/js/runtime.8c6c5b164346b79aab2e.js
IP 172.67.146.119:0
File type ASCII text, with very long lines (1710), with no line terminators
Hash dd7206ec3cb984a37c4f74734b151e2a
10c83c2d9f51b5b242214cb1f3efa59fe37ec43b
7bf3ef60931f9965b6db9f05d986b2c2b5be13f631f62eeec2348f150cfa48c9
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/runtime.8c6c5b164346b79aab2e.js HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255dc7b9fb506-OSL
Age: 56714
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8%2FOq9mIA6ce8q1SnKoER3DxhHDY1%2BTefvuIE06CrzS2%2BtS0DVm2t7VbXZshtu2FNkGfAMpboFnSfTAa0mFu4e9yD2PMLuLjckwBzr12t3UQMbeAH%2BfLLKP0ckg36dWMSHQ7WcQr"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/js/home.296b278c6ac838bba542.js
172.67.146.119200 OK 6.1 kB URL HTTP/1.1 crystal-blocker.com/assets/js/home.296b278c6ac838bba542.js
IP 172.67.146.119:0
File type ASCII text, with very long lines (17673), with no line terminators
Hash 491337af9bb13a925c0abf6826e8bb99
d2af5d2f89f3ddcffc32c33360a3ec8626c4e4a2
306de56eea05164c572ff42e8286be2df7eac02dc1cb4b0f9296b7e430ba43ba
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/home.296b278c6ac838bba542.js HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255dc7b3a1c06-OSL
Age: 64273
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2CwJWjYXFa%2FpQU4KQdNLunw9Plbq%2BKpJ%2FLu%2Bg%2FKqfRWJEQvLMTctgyFPwSRHwu9UVJYjNpSPPLMf%2FRIzAGSadaQHwP87jCRgKtEXIZ7QpT2e%2FmriLqSob7E7VkFimb%2BYQ25rdl0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/js/vendors.f767109d6b92982db992.js
172.67.146.119200 OK 33 kB URL HTTP/1.1 crystal-blocker.com/assets/js/vendors.f767109d6b92982db992.js
IP 172.67.146.119:0
File type Unicode text, UTF-8 text, with very long lines (65448)
Hash 21ef8c24a2bfe872b37d9c0884eede6c
4a5aa86377091dbf3bf906c4ec107f002046b398
64587de8bed141e939b6d0d8aa2e1b406e3afe5838a301f946c4bcdaa430c130
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendors.f767109d6b92982db992.js HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255dc7f0eb4eb-OSL
Age: 56714
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tiWK%2BjXDfToh2xQePoUcx0hf67Ube%2BbxNIqIZH1zboHsDZlKR%2Fy6lJhNWTy7TN61PnAgPzJ3QelgxYwaVSsQQD33IcEre2rXr52VTbc2ZEUEunE%2B%2BO%2Bqu4j3HuvS78aBSVJVNQ%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 06:55:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
crystal-blocker.com/assets/media/7ab05ca025ab63a5e68131bc5f81f9ce.svg
172.67.146.119200 OK 1.2 kB URL HTTP/1.1 crystal-blocker.com/assets/media/7ab05ca025ab63a5e68131bc5f81f9ce.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1082)
Hash df23de56683ad49e459371743a457af2
5fbd1529edaad22e0f4592fcdfd7c839a814dcf2
d180e58227cc77860dbcda6218fafbbb44043564cb742347243303638b9c4c13
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/7ab05ca025ab63a5e68131bc5f81f9ce.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255dd0c56b506-OSL
Age: 50831
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XlLCy8wKzFris4PNXaZPCdLdRrYIftz94X%2BNT0ycIAmBWSkjugtZmUs5yTzs3ZPcg5OVBDbX9r%2BxFz33mS8kO7u9a4tI6vW6hRGqk9Bra2daiQTfoTXhkipr%2BoU3zihanyIiHDNi"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/d7d4e8b56191dbb312411526be9dc4ce.svg
172.67.146.119200 OK 1.8 kB URL HTTP/1.1 crystal-blocker.com/assets/media/d7d4e8b56191dbb312411526be9dc4ce.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2095)
Hash ca5449c96512039d0c3f3c3dbcff6acf
0425910d41508e9d6e145675e5c249ea3405fe80
a24a709b43c40cb5ab8d145a109434488c0148cd2f1ca18b3a9795727c3c5775
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/d7d4e8b56191dbb312411526be9dc4ce.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255dd0fc5b4eb-OSL
Age: 50831
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rgrtP5dK6uJaGo29nohGQAz7zJCI0W1%2BKYkx29DOGcDBOIVXZVclcsNwc6eNUhmOcGn6EF8NSuviO5RJO1ZnB2LUXPuBVqIXlhE2ByWF6kiJ5xpLZ1lHHLergK0ZQMWWJ4eCVkG8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/27349af978f5991fe7fcf1cec71b57df.svg
172.67.146.119200 OK 1.3 kB URL HTTP/1.1 crystal-blocker.com/assets/media/27349af978f5991fe7fcf1cec71b57df.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (839)
Hash 790595d62881d955e2817bccb3e4756c
d60dfeb39a596d4e8f9642894c8b2e7adfb988ce
1b418fab41e5bb0991c2986dd0e5874261671a2d06d62e3b7688d949a0a8de95
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/27349af978f5991fe7fcf1cec71b57df.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255dd1c6eb506-OSL
Age: 50831
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VxvYSXxktRtSAdiwjSO5vr4PeD3cBaHY%2FN813srtzNjwU14%2FcJSt7zgu2BAitQ1cc%2Bn5lgypqNSmVNg0C3kKi6kJZQnVIAn1N4719pjog8ycnOkERi%2BpNyQO%2B%2BaKVPQ%2Bpfs9JKxV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/bc18d8f4758d51184bfdd85f7357b9a3.svg
172.67.146.119200 OK 1.3 kB URL HTTP/1.1 crystal-blocker.com/assets/media/bc18d8f4758d51184bfdd85f7357b9a3.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (837)
Hash 00332cc7d17d0e81f7cc4c745872adf9
5de580fddbaaabf6023efd58fb51e25433a7679b
2bc83263841bd6730ee4ba43236b062101d149c037f1e09bbc31a670e25e2dab
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/bc18d8f4758d51184bfdd85f7357b9a3.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255dd2ff0b4eb-OSL
Age: 50831
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcJ7T70atgGZgjgQahmLDfm167CkcsFTF2TzwIyySe8%2B6cckypg0lrrFrL08fAbNIxcD2v7U0gB4Gcn%2FIbsbDxHmbENXPqRNdZk8IJj3VRDFA3VIMyhsTYTgzY8dlGYR5%2BfWVuM1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/56b706933fc084a3c96ead1131e9d369.svg
172.67.146.119200 OK 2.3 kB URL HTTP/1.1 crystal-blocker.com/assets/media/56b706933fc084a3c96ead1131e9d369.svg
IP 172.67.146.119:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (831)
Hash 8574baf17043cd38752b9c4147ff8761
4ca37f5f62f12c051ef504da87b3ef0976ec2182
acad7906c1f9fc77f358f496e45ed3aa891c85bba77c63098d2a60839ab18b8d
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/56b706933fc084a3c96ead1131e9d369.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255dd0c0b1c06-OSL
Age: 55738
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2B96derTX3VtBtqPhfHi8RbecwL4wx0LHWZhmfxLbMAHfCBocYkK1DwznB1saFMjlK0ln0PE%2FmoD%2ByH0U1LFHAp6zQtKL%2BT7pJ1PaGYvCGD2Ekju3aBqE5LVvH9umAsPcUCzN6Hx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
crystal-blocker.com/assets/media/303cbcad896fb6361c2574fc511f4fb4.png
172.67.146.119200 OK 606 kB URL HTTP/1.1 crystal-blocker.com/assets/media/303cbcad896fb6361c2574fc511f4fb4.png
IP 172.67.146.119:0
File type PNG image data, 2305 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size 606 kB (605782 bytes)
Hash 83f963888aa3e127af1518faee9cce5d
11b29a56d6fd1472440bd56f7c3d2bf804ca2f08
e43d72064c5694542683360c1e19afd98e9e93ce138f35eee2141433624b9d46
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/303cbcad896fb6361c2574fc511f4fb4.png HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: image/png
Content-Length: 605782
Connection: keep-alive
CF-Ray: 751255dd0f7d1bfa-OSL
Accept-Ranges: bytes
Age: 50830
Cache-Control: max-age=2592000
ETag: assets/media/303cbcad896fb6361c2574fc511f4fb4.12f6e97b94.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WqUTUqpcREo7bRa%2FU3twRNrBPhxHqwcjGRx%2FJgjOmGlsZ0Mik2jYKcMiBRgxRuUlJXfW0yzxhaQ6DOJgAgAdeg0C%2FqcmEfQevXVDi0KxAD0PbCTd3JqgGw5C92X%2BD6QLt0Tv320W"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 06:55:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 06:55:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 06:55:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2
142.250.74.163200 OK 5.4 kB URL HTTP/2 fonts.gstatic.com/s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 5384, version 1.0\012- data
Hash 9b626017702a3f43af4052d4c2154dcf
9a21c3f3a89e056a3957fb271ba0dee66e44ddef
93e051a858871edb3ae5f429957710e1fd61737f138600b5f7bef481b06f8cf6
GET /s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://crystal-blocker.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 22:48:31 GMT
expires: Thu, 21 Sep 2023 22:48:31 GMT
cache-control: public, max-age=31536000
age: 461233
last-modified: Wed, 27 Apr 2022 15:37:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/quantico/v15/rax5HiSdp9cPL3KIF7TQAShdu08.woff2
142.250.74.163200 OK 5.4 kB URL HTTP/2 fonts.gstatic.com/s/quantico/v15/rax5HiSdp9cPL3KIF7TQAShdu08.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 5436, version 1.0\012- data
Hash e3190d514df1ee7be5ce8298d50f091b
942516b22878bbdcbfc391fb5124481d0412b1c0
87c8dc997480fca2cbc1dced6fe5c57ca1d762134028716adb41d14410fa3163
GET /s/quantico/v15/rax5HiSdp9cPL3KIF7TQAShdu08.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://crystal-blocker.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5436
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 21:37:06 GMT
expires: Thu, 21 Sep 2023 21:37:06 GMT
cache-control: public, max-age=31536000
age: 465518
last-modified: Wed, 27 Apr 2022 15:38:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
crystal-blocker.com/assets/images/crb.ico
172.67.146.119200 OK 14 kB URL HTTP/1.1 crystal-blocker.com/assets/images/crb.ico
IP 172.67.146.119:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 6dad091aa2a02d75f3471dfbeb19ae6c
81182541c0d711505c9f981237f093792c9bc102
23323e58592a3b65b62bd83382c297965216f754f92edbb2041dcc0bf7541d8e
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/images/crb.ico HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 751255de288f1bfa-OSL
Age: 54466
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GxjXA1sR1uztx796bKHwLlO2N8X8C3s%2BDJGKgQ2lBz6ElNFJjJgNIafz7Nkw596DdMwlqxDVWOgwxz%2BUx4wvi68oZ8cZNRjgc9vpjy3vAj8BmpLvf6RZ2g3fN64%2BwXtv7VCy2jg5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 06:55:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 06:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 06:52:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NrAkdYzKJItyCj5AUBm5VgkkCEVUk9LaabOheXErd2qbvaPX1l_MqQ==
Age: 2698
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5905
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 06:55:44 GMT
Last-Modified: Tue, 27 Sep 2022 05:17:19 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.212.166.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.212.166.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8lJVOdol5/XDV1dhNDnVNQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DJVvkxYEjunYjbK4+wIiAc8RmS4=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4648
Expires: Tue, 27 Sep 2022 08:13:14 GMT
Date: Tue, 27 Sep 2022 06:55:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4648
Expires: Tue, 27 Sep 2022 08:13:14 GMT
Date: Tue, 27 Sep 2022 06:55:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4648
Expires: Tue, 27 Sep 2022 08:13:14 GMT
Date: Tue, 27 Sep 2022 06:55:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: fe9ec409-2757-4910-8443-5b4d3be7efd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlATEp8oAMFd9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b9b-3230e97a4fe34413285eb578;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kRSg9NTTAgeAJgIZ_C9_rRodCX4bzGduJEvNPNHUya0Moa2vsmWSoQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:38:57 GMT
age: 33409
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bs6HOUmHOoYKDuzBoVHhcr8d4HP4bBmwUF3EtOmwKXo7ozhfaIYEvw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:07 GMT
age: 33399
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2267eb0a20554688393db616344441ee
49546314082f2e4f4c4c2686cc0ca281ae6bae47
4e37955fb99beb25ceb9deb7c4398914af4192c2e3614e5d68cdafa8c85b256e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe94c315c-bcc5-4538-9c7b-7c0a9f2dccbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7146
x-amzn-requestid: 0470759c-7b3e-4e73-a4fa-15f9f3919834
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZASNOGKzIAMFfaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ffd87-7856f7180fa1045a6092b335;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 07:04:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Kxa2h6hEjuAgCj3z9G2K1FzuWUMA3c5-9LM8KpjqmdP9Zm8RPoSxGg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 07:31:34 GMT
age: 84252
etag: "49546314082f2e4f4c4c2686cc0ca281ae6bae47"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14218a43c5e5bbce546735a780c8ccce
61676358cdbb2373bc644e66f8a84fbc8cc5daf6
905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JXEBo_L_xKuKdeoOXEJ6FO7ZVsZVQzUmQFe7fYcxaHRQNEq1HWp6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:37:50 GMT
age: 19076
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 56c3768b851e6a5206cbfbe3f5a97cae
2a2fabd9f9792daf9c058fc754d5616267b703f1
668dba22a0c81c4580637806c293521b176512b18ebcc2fe951be2f27f43134d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10864
x-amzn-requestid: a6be937a-3e8f-4dad-bbca-f28554f5ff21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YioQqFHsoAMFxXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632420d0-78fecb9e2f76416044839a35;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:08:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: l-svEjPVAfeYvCQAHsARjTk9PNdkVGUJA_2415312kWF2x6MDI7o7A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 07:52:33 GMT
age: 82993
etag: "2a2fabd9f9792daf9c058fc754d5616267b703f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35b718e0-3d37-4447-a38f-12fa37aeae57.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35b718e0-3d37-4447-a38f-12fa37aeae57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e88b78ede0e4583585d6bb805fb39470
edff303440c5972381295b4b2602bd3f77f6702a
ce55a1ff5c71ec43884b74a08cd32ef75cb0632a91f3fe8b150f5ead499375a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F35b718e0-3d37-4447-a38f-12fa37aeae57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6487
x-amzn-requestid: f292e8c1-3e79-4f59-a3aa-6863330835d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VioHHQIAMFlmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfaa-65955b7d7998a0dc6eded103;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Wx3JPGA6ZeR_7v1MXPDgc2T3RQ2mm48Q9Cb9kydTN9O1OUHlXO4NxQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 23:03:14 GMT
age: 28352
etag: "edff303440c5972381295b4b2602bd3f77f6702a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
crystal-blocker.com/assets/media/c2367138ed1f72424223aa2c72c08c35.png
172.67.146.119200 OK 0 B URL HTTP/1.1 crystal-blocker.com/assets/media/c2367138ed1f72424223aa2c72c08c35.png
IP 172.67.146.119:0
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/c2367138ed1f72424223aa2c72c08c35.png HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: image/png
Content-Length: 96328
Connection: keep-alive
CF-Ray: 751255dd0f500b02-OSL
Accept-Ranges: bytes
Age: 50831
Cache-Control: max-age=2592000
ETag: assets/media/c2367138ed1f72424223aa2c72c08c35.23e205f3eb.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZ%2B4xRk%2FJ2Ss0gw35wdXjDDOZfGjvSxBriuEyTNd9E9EqyFTP5QI0cx4X7z89NrxOF%2BhLZCer7SPggCEfxvKAEFnYNX3OF9LFR9Ep%2F%2BbxTdb2W8pXCXgxsI0TeRNGKWeItLgN5Jd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap
IP 142.250.74.10:0
GET /css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://crystal-blocker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 06:55:44 GMT
date: Tue, 27 Sep 2022 06:55:44 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto&display=swap
IP 142.250.74.10:0
GET /css2?family=Roboto&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://crystal-blocker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 06:55:44 GMT
date: Tue, 27 Sep 2022 06:55:44 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
crystal-blocker.com/assets/media/deddcf701154302a2852f7d01e10dac5.png
172.67.146.119200 OK 0 B URL HTTP/1.1 crystal-blocker.com/assets/media/deddcf701154302a2852f7d01e10dac5.png
IP 172.67.146.119:0
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/media/deddcf701154302a2852f7d01e10dac5.png HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo12v1s&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=nvGTnjRJvciAJp6XDELSRGMi8bxM0XIED85WTKXHHnFMjdSCIJKYVvyQ4SJoG4eZm9NLmXlsRdZq6OzUFLZtAXS7paMzvQSgDknzn55NFAs5gcVYOvcgzk6NxjDT3yeiMzc1dEJwJ0plz3BsgZsdMc_tLgnJDsIDJZRdAppeBZYTaYROND4-xDJKwG5r-v7yruyyL4wWVHMi5c0IQVBr8-k8ZwPro2m1y_jbSQDbyBudWe-UWNRGiwRpJ0fe77twCziz9tK0aNp6-aCNLfuI8GkotljCMR9jgzUp4byX4H2PapZbNj3SglVOpdQREv_jqkNSotp5gQ5VDunjNaHsP4QBVylepdcEh4Mx4WKOg8Yv-gx5JNCUsRSXBXKQc-bSKzTEiNUaqky8ZlLz4u7qN3IeG9vlm1oa4mlBszxPDdM&lptoken=16c6641d261e3542282a
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 06:55:44 GMT
Content-Type: image/png
Content-Length: 217986
Connection: keep-alive
CF-Ray: 751255dd0f69b527-OSL
Accept-Ranges: bytes
Age: 50831
Cache-Control: max-age=2592000
ETag: assets/media/deddcf701154302a2852f7d01e10dac5.f76402aa01.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qD5elJvxPexKabZrCmi99GL0lmv7V39Il3gS3yv9Lso61op%2BMvaxcxL%2F7XM%2BOyyiBQ46tQPrkLW%2FJNAvqTl49zQlUvBnV2FNqDcxFl7TfYUMqk1YThKusnVVIpuBilNG7Ouhl3zD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h2=":443"; ma=60