xx699.blogspot.com/
172.217.21.161301 Moved Permanently 177 B IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 84274074597483a781eacf140c143d94
68c6670c7d7d62245aa8af4afff931cf02155108
1311b5a544005098b123fabc7d4e0276aa1576ca57018e22054f940923733667
GET / HTTP/1.1
Host: xx699.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://xx699.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sat, 03 Dec 2022 09:02:51 GMT
Expires: Sat, 03 Dec 2022 09:02:51 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 177
Server: GSE
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8684
Expires: Sat, 03 Dec 2022 11:27:35 GMT
Date: Sat, 03 Dec 2022 09:02:51 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5440
Cache-Control: max-age=97144
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:51 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 12:01:55 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 08:18:14 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2677
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2684
Expires: Sat, 03 Dec 2022 09:47:35 GMT
Date: Sat, 03 Dec 2022 09:02:51 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lgrc+Y/fTGyhRaenk6cv9PvUY2vxgufscumQKDzY6mTitHx7srqSjws0QfAsQuuqWDELZeS9r2w=
x-amz-request-id: C094NNJQ5JZ0PZ8X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 08:46:30 GMT
age: 981
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 82b76ca589dab1a017603e72a3b88a48
508aec57479a19c4074271246a27c6f0e311ee1e
809cde0622aec8a90e3c00512194696b02eb85d6c9536dbbe8557642d2149d95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 09:02:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xx699.blogspot.com/
172.217.21.161200 OK 20 kB IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6565)
Hash 33821fc169724bbae77aeb17eed64d83
ee0a48e0cf597d6166ce9be18a9f77198d08354a
8d83dae894bf2fae68fe05c33bb539c1dc427d4616ef696015ba4b1b4b88be45
GET / HTTP/1.1
Host: xx699.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sat, 03 Dec 2022 09:02:52 GMT
date: Sat, 03 Dec 2022 09:02:52 GMT
cache-control: private, max-age=0
last-modified: Sat, 03 Dec 2022 07:08:40 GMT
etag: W/"d6c317e7ede917de0832f4d7f228d7d243729eb6f4e14b29a82e530bba1c502e"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20016
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 08:11:17 GMT
cache-control: public,max-age=3600
age: 3095
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 82b76ca589dab1a017603e72a3b88a48
508aec57479a19c4074271246a27c6f0e311ee1e
809cde0622aec8a90e3c00512194696b02eb85d6c9536dbbe8557642d2149d95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 33d4c0eb73252b9ee70cebc62151b0dd
31bc157147ab1329097d7c6f60bd077186c24bf8
fbf26b2930e09e9f73ff165eba2ce1f953054ebb7f47d425fd656108131b5cba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 33d4c0eb73252b9ee70cebc62151b0dd
31bc157147ab1329097d7c6f60bd077186c24bf8
fbf26b2930e09e9f73ff165eba2ce1f953054ebb7f47d425fd656108131b5cba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 33d4c0eb73252b9ee70cebc62151b0dd
31bc157147ab1329097d7c6f60bd077186c24bf8
fbf26b2930e09e9f73ff165eba2ce1f953054ebb7f47d425fd656108131b5cba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 33d4c0eb73252b9ee70cebc62151b0dd
31bc157147ab1329097d7c6f60bd077186c24bf8
fbf26b2930e09e9f73ff165eba2ce1f953054ebb7f47d425fd656108131b5cba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 33d4c0eb73252b9ee70cebc62151b0dd
31bc157147ab1329097d7c6f60bd077186c24bf8
fbf26b2930e09e9f73ff165eba2ce1f953054ebb7f47d425fd656108131b5cba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 21a200da38bc57ee6e48da9f5d712d50
079f8d3825239306a750569bfb19cb3731fab7cd
0c34bb8557a248159f0c079b2d125b0ce730bfede5ff9e5a922046804761478c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 21a200da38bc57ee6e48da9f5d712d50
079f8d3825239306a750569bfb19cb3731fab7cd
0c34bb8557a248159f0c079b2d125b0ce730bfede5ff9e5a922046804761478c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
resources.blogblog.com/blogblog/data/res/3311276799-indie_compiled.js
216.58.207.233200 OK 47 kB URL HTTP/2 resources.blogblog.com/blogblog/data/res/3311276799-indie_compiled.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (1535)
Hash 86d0aad32713640aa4d2e424e27970fe
4c88bc29b3fffa6e4a83c4919fc313c86526c506
c8284a3e3b30fea7bcd94cad17349dfa579575eace1987ec50a21417c5a8c5e3
GET /blogblog/data/res/3311276799-indie_compiled.js HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 46621
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 13:49:20 GMT
expires: Tue, 06 Dec 2022 13:49:20 GMT
cache-control: public, max-age=604800
last-modified: Mon, 28 Nov 2022 14:50:39 GMT
content-type: text/javascript
age: 328412
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Last-Modified: Sat, 03 Dec 2022 07:32:06 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js
142.250.74.35200 OK 3.5 kB URL HTTP/2 www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js
IP 142.250.74.35:0
File type Unicode text, UTF-8 text, with very long lines (10473)
Hash 5f322b95a9dc592286f58bb0b446fb3a
7b504dd1f75dca0b6545643188e510cae4699c6a
a87b7a7bb8c3c8104355c38ea1e71953c2fc38320e3d32c675e753afa96eed15
GET /external_hosted/clipboardjs/clipboard.min.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 3475
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Dec 2022 09:02:52 GMT
expires: Sat, 03 Dec 2022 09:02:52 GMT
cache-control: public, max-age=0
last-modified: Wed, 14 Apr 2021 19:28:00 GMT
content-type: text/javascript
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/2342155703-widgets.js
216.58.207.233200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2342155703-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2221)
Hash 1217c8e34acb09c7cea97bae4d386ea1
55ee17703d0a7710943e93913bacb49220d98b4b
c2f23437ab938096bf8b40de8b08c4f27bb880b7ef8588481ec5ccc08b58870b
GET /static/v1/widgets/2342155703-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 05:43:29 GMT
expires: Wed, 29 Nov 2023 05:43:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 28 Nov 2022 14:50:39 GMT
content-type: text/javascript
age: 357563
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 221338
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 221317
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 21a200da38bc57ee6e48da9f5d712d50
079f8d3825239306a750569bfb19cb3731fab7cd
0c34bb8557a248159f0c079b2d125b0ce730bfede5ff9e5a922046804761478c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600
142.250.74.97200 OK 228 kB URL HTTP/2 themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, description=Sunset afterglow and twlight dunes in White Sands National Monument, software=Picasa], baseline, precision 8, 1600x1067, components 3\012- data
Size 228 kB (228521 bytes)
Hash e66ef1f4c654be20558150214aa2b85a
ad1dfbefad9a21e48aeeac1bae9f8a5b8ea1ef3c
6a5482e0dc4e77a6be20281b13d7ef4d8b67521e73b66bc633ea4e4242934be9
GET /image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600 HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Sun, 04 Dec 2022 09:02:52 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:52 GMT
server: fife
content-length: 228521
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 33d4c0eb73252b9ee70cebc62151b0dd
31bc157147ab1329097d7c6f60bd077186c24bf8
fbf26b2930e09e9f73ff165eba2ce1f953054ebb7f47d425fd656108131b5cba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 212ddc9ee683d7bedf9f17a6f4650ed4
30b189042c92c1280c586558aa48df829a13e3c1
1be512f38c979ff13a3f346b87015e71f0b471a9d980282651f6cfc6c9a3f2dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BE512F38C979FF13A3F346B87015E71F0B471A9D980282651F6CFC6C9A3F2DC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1944
Expires: Sat, 03 Dec 2022 09:35:16 GMT
Date: Sat, 03 Dec 2022 09:02:52 GMT
Connection: keep-alive
push.services.mozilla.com/
35.160.184.41101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.184.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UAv/iCSZYFp4yz9dOCWErA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eUyWV4gTOv29fVamEdkaRFwbgd8=
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBnfmlorEzuW2SutM6aRS1um-qhSk14zeK-4MbjNa3hz2-XkdWf9d0nTfUCMJrytTNbZ6QhXzqmregHnDzgH40_qPwN_LinqbhW4LO7JFZ5B5f9LzreGcwylvkkrufflnFc0spleMNENcsR6GeXoCJh5BrB0kXae5LTgcMMAmmcMjbwu_Sx4ZpjW7FLA/s400/FB_IMG_1668416530605.jpg
142.250.74.97200 OK 34 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBnfmlorEzuW2SutM6aRS1um-qhSk14zeK-4MbjNa3hz2-XkdWf9d0nTfUCMJrytTNbZ6QhXzqmregHnDzgH40_qPwN_LinqbhW4LO7JFZ5B5f9LzreGcwylvkkrufflnFc0spleMNENcsR6GeXoCJh5BrB0kXae5LTgcMMAmmcMjbwu_Sx4ZpjW7FLA/s400/FB_IMG_1668416530605.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 400x266, components 3\012- data
Hash 6ebbcb16baf35d89a476b50b85f95037
08cbd695baa28c19522ce18158ce858a2f83d49c
a5ca5134c0b996ba42ae7e93ae0a2f87058c0b3ef372bcf99267ab0a7a84bf14
GET /img/b/R29vZ2xl/AVvXsEgBnfmlorEzuW2SutM6aRS1um-qhSk14zeK-4MbjNa3hz2-XkdWf9d0nTfUCMJrytTNbZ6QhXzqmregHnDzgH40_qPwN_LinqbhW4LO7JFZ5B5f9LzreGcwylvkkrufflnFc0spleMNENcsR6GeXoCJh5BrB0kXae5LTgcMMAmmcMjbwu_Sx4ZpjW7FLA/s400/FB_IMG_1668416530605.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v276"
expires: Sun, 04 Dec 2022 09:02:52 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="FB_IMG_1668416530605.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:52 GMT
server: fife
content-length: 33564
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglVpTdtwmyWjyHHn7PWUkIhcmTrlKOc6LZaQP8JAHU086ifLk_HNwRJQkHkUQ809cBXLxDpbcNn_APpvBNwSZfhvBBber52RIrxP5T_gq0s1v_GE3ohnEsLblFetFJpO1NQjkl1ByMSKwtUvxmEO8iIn2o01HvzPds24A_0bIQ1aJ_aU-Lyl3X8LXdpw/w400-h266/Picsart_22-11-26_21-22-02-624.jpg
142.250.74.97200 OK 44 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglVpTdtwmyWjyHHn7PWUkIhcmTrlKOc6LZaQP8JAHU086ifLk_HNwRJQkHkUQ809cBXLxDpbcNn_APpvBNwSZfhvBBber52RIrxP5T_gq0s1v_GE3ohnEsLblFetFJpO1NQjkl1ByMSKwtUvxmEO8iIn2o01HvzPds24A_0bIQ1aJ_aU-Lyl3X8LXdpw/w400-h266/Picsart_22-11-26_21-22-02-624.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 399x266, components 3\012- data
Hash 7bbdcdfefbe0cdc583c3ea6020329601
71161eb4db3273a179aa1d37d237384b34e8e4cf
992accfcb895883b3a95401aeec6c12f6494b438b6badd92dec0542242e7f577
GET /img/b/R29vZ2xl/AVvXsEglVpTdtwmyWjyHHn7PWUkIhcmTrlKOc6LZaQP8JAHU086ifLk_HNwRJQkHkUQ809cBXLxDpbcNn_APpvBNwSZfhvBBber52RIrxP5T_gq0s1v_GE3ohnEsLblFetFJpO1NQjkl1ByMSKwtUvxmEO8iIn2o01HvzPds24A_0bIQ1aJ_aU-Lyl3X8LXdpw/w400-h266/Picsart_22-11-26_21-22-02-624.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v2ba"
expires: Sun, 04 Dec 2022 09:02:52 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Picsart_22-11-26_21-22-02-624.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:52 GMT
server: fife
content-length: 43677
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglVpTdtwmyWjyHHn7PWUkIhcmTrlKOc6LZaQP8JAHU086ifLk_HNwRJQkHkUQ809cBXLxDpbcNn_APpvBNwSZfhvBBber52RIrxP5T_gq0s1v_GE3ohnEsLblFetFJpO1NQjkl1ByMSKwtUvxmEO8iIn2o01HvzPds24A_0bIQ1aJ_aU-Lyl3X8LXdpw/w945-h600-p-k-no-nu/Picsart_22-11-26_21-22-02-624.jpg
142.250.74.97200 OK 113 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglVpTdtwmyWjyHHn7PWUkIhcmTrlKOc6LZaQP8JAHU086ifLk_HNwRJQkHkUQ809cBXLxDpbcNn_APpvBNwSZfhvBBber52RIrxP5T_gq0s1v_GE3ohnEsLblFetFJpO1NQjkl1ByMSKwtUvxmEO8iIn2o01HvzPds24A_0bIQ1aJ_aU-Lyl3X8LXdpw/w945-h600-p-k-no-nu/Picsart_22-11-26_21-22-02-624.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 945x600, components 3\012- data
Size 113 kB (112890 bytes)
Hash 5e66470b106d2617c96a53c1b5992691
70280ec17addad30491171a2e865df1ed8eacd27
2b7fc921b3215ccaad4f857557ee34090d7b8f6a4bd040b085f69a787bf90e19
GET /img/b/R29vZ2xl/AVvXsEglVpTdtwmyWjyHHn7PWUkIhcmTrlKOc6LZaQP8JAHU086ifLk_HNwRJQkHkUQ809cBXLxDpbcNn_APpvBNwSZfhvBBber52RIrxP5T_gq0s1v_GE3ohnEsLblFetFJpO1NQjkl1ByMSKwtUvxmEO8iIn2o01HvzPds24A_0bIQ1aJ_aU-Lyl3X8LXdpw/w945-h600-p-k-no-nu/Picsart_22-11-26_21-22-02-624.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v2ba"
expires: Sun, 04 Dec 2022 09:02:52 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Picsart_22-11-26_21-22-02-624.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:52 GMT
server: fife
content-length: 112890
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoPyYCxYDZgV3Itu-chczSnMe3j8hntv82Mc7hs0Zl69aaNg9AntYKIibhlmy3K46FSS22V4hEmKBMFyyUrCyUIJWjOOzF80qLTM3ZdI7BCo532MTKT9_ANyTxyehki7VCdva6nfml0-8gzI3RS_1Fy2hXvFd2a642CMLEcjNJfo5e4OHLWc_9pqm1rA/s320/Screenshot_20221105-214315~2.png
142.250.74.97200 OK 139 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoPyYCxYDZgV3Itu-chczSnMe3j8hntv82Mc7hs0Zl69aaNg9AntYKIibhlmy3K46FSS22V4hEmKBMFyyUrCyUIJWjOOzF80qLTM3ZdI7BCo532MTKT9_ANyTxyehki7VCdva6nfml0-8gzI3RS_1Fy2hXvFd2a642CMLEcjNJfo5e4OHLWc_9pqm1rA/s320/Screenshot_20221105-214315~2.png
IP 142.250.74.97:0
File type PNG image data, 249 x 320, 8-bit/color RGB, non-interlaced\012- data
Size 139 kB (138632 bytes)
Hash 18b9376ade54e9c0168f1cead2f6eb6d
2ca9f81faa300d2bc1bc120b4a72f9d36288cbad
abcca3a06e248d53d4dbc0b829f459ea2165bc1f286f83ccd1a45d0924ecd80b
GET /img/b/R29vZ2xl/AVvXsEgoPyYCxYDZgV3Itu-chczSnMe3j8hntv82Mc7hs0Zl69aaNg9AntYKIibhlmy3K46FSS22V4hEmKBMFyyUrCyUIJWjOOzF80qLTM3ZdI7BCo532MTKT9_ANyTxyehki7VCdva6nfml0-8gzI3RS_1Fy2hXvFd2a642CMLEcjNJfo5e4OHLWc_9pqm1rA/s320/Screenshot_20221105-214315~2.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v23a"
expires: Sun, 04 Dec 2022 09:02:52 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Screenshot_20221105-214315~2.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:52 GMT
server: fife
content-length: 138632
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrDhA1n_ykL-uzgMuSjzxgrCziO2LkEiousppdf2GA96Mecn7QV2tVAqSD6UtFwgTY9gtugBcbxicM_WmCJMiZUZijZiPz8zYC6p54-hAfgvcsV2bsX2d_ljpylAH--gGXsbujurNCo9okuwbzVxOvRZqgq4iTuAmAaPxF0SA5b_7ZKgePN7UkXQCtIA/w300-h400/FB_IMG_1668397891289.jpg
142.250.74.97200 OK 53 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrDhA1n_ykL-uzgMuSjzxgrCziO2LkEiousppdf2GA96Mecn7QV2tVAqSD6UtFwgTY9gtugBcbxicM_WmCJMiZUZijZiPz8zYC6p54-hAfgvcsV2bsX2d_ljpylAH--gGXsbujurNCo9okuwbzVxOvRZqgq4iTuAmAaPxF0SA5b_7ZKgePN7UkXQCtIA/w300-h400/FB_IMG_1668397891289.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 300x400, components 3\012- data
Hash fc2785e5e5e8ea55a2da7d605575ad57
02a4db8380681dd450140ce719a84d6f87fa048c
54c828342f504ab957e7dbd90ec33572891885390ddc184acdda9aaaff9ba1b8
GET /img/b/R29vZ2xl/AVvXsEhrDhA1n_ykL-uzgMuSjzxgrCziO2LkEiousppdf2GA96Mecn7QV2tVAqSD6UtFwgTY9gtugBcbxicM_WmCJMiZUZijZiPz8zYC6p54-hAfgvcsV2bsX2d_ljpylAH--gGXsbujurNCo9okuwbzVxOvRZqgq4iTuAmAaPxF0SA5b_7ZKgePN7UkXQCtIA/w300-h400/FB_IMG_1668397891289.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v272"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="FB_IMG_1668397891289.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 53267
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTDaHJWnAeiPPgYpVpQAUJRycUuRxxwh7L6J6Nuuyzx_cbT2vmI10qG2b145Lk4Nkp5ybz0gcxRXRBEs6_CD8gH8DA5RTQFqEA9yliI_ZrAUbsmYX-PgaIsPfCq5JvNMPSDUo93e_Ca-Yb48pGSKoFarRro-DFTcE4coNDKRA_LSOb2qRciQ6LYeWsMQ/s400/Picsart_22-11-26_14-27-10-363.jpg
142.250.74.97200 OK 40 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTDaHJWnAeiPPgYpVpQAUJRycUuRxxwh7L6J6Nuuyzx_cbT2vmI10qG2b145Lk4Nkp5ybz0gcxRXRBEs6_CD8gH8DA5RTQFqEA9yliI_ZrAUbsmYX-PgaIsPfCq5JvNMPSDUo93e_Ca-Yb48pGSKoFarRro-DFTcE4coNDKRA_LSOb2qRciQ6LYeWsMQ/s400/Picsart_22-11-26_14-27-10-363.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 400x267, components 3\012- data
Hash b3b6edfd2b2012b51e5d4b98f42eae8c
5596c33a5ea65e03df7881b671090b3e258c883f
673fe98560ea2623bc928e8f7458025ee67e134054eb6c89fec3ac51d068b7ed
GET /img/b/R29vZ2xl/AVvXsEjTDaHJWnAeiPPgYpVpQAUJRycUuRxxwh7L6J6Nuuyzx_cbT2vmI10qG2b145Lk4Nkp5ybz0gcxRXRBEs6_CD8gH8DA5RTQFqEA9yliI_ZrAUbsmYX-PgaIsPfCq5JvNMPSDUo93e_Ca-Yb48pGSKoFarRro-DFTcE4coNDKRA_LSOb2qRciQ6LYeWsMQ/s400/Picsart_22-11-26_14-27-10-363.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v2b0"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Picsart_22-11-26_14-27-10-363.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 40206
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH3gbfoC2elzVYctdlnlFN5JPs3yBC6ZbsKpClDfxChogpIilgR10NTMwRpzcA2s4AXzTmkivWDHz_BdfWAMF9nfmCo1j3z_2pGfaET8RXnHQIBfJ0ZaRWGK7tBiSSJVXddBqQ_hM5jI4t9kttNHs1Pvn7sw7ednmb2kt2Z3PlGHW73LBX4gBkS4PMoQ/w400-h266/Picsart_22-11-14_11-03-59-784.jpg
142.250.74.97200 OK 42 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH3gbfoC2elzVYctdlnlFN5JPs3yBC6ZbsKpClDfxChogpIilgR10NTMwRpzcA2s4AXzTmkivWDHz_BdfWAMF9nfmCo1j3z_2pGfaET8RXnHQIBfJ0ZaRWGK7tBiSSJVXddBqQ_hM5jI4t9kttNHs1Pvn7sw7ednmb2kt2Z3PlGHW73LBX4gBkS4PMoQ/w400-h266/Picsart_22-11-14_11-03-59-784.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 399x266, components 3\012- data
Hash f55d517b83661e31f7caa6885766e4a6
ab58657b52ce4e38f1c1459bf2b7233d5f2f4129
8ebb344bc18288afbceaa44a32666887cd9bd0843b332a20c4503b89924433f2
GET /img/b/R29vZ2xl/AVvXsEgH3gbfoC2elzVYctdlnlFN5JPs3yBC6ZbsKpClDfxChogpIilgR10NTMwRpzcA2s4AXzTmkivWDHz_BdfWAMF9nfmCo1j3z_2pGfaET8RXnHQIBfJ0ZaRWGK7tBiSSJVXddBqQ_hM5jI4t9kttNHs1Pvn7sw7ednmb2kt2Z3PlGHW73LBX4gBkS4PMoQ/w400-h266/Picsart_22-11-14_11-03-59-784.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v27c"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Picsart_22-11-14_11-03-59-784.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 41781
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSWsPoYLTxenozLuEAPDtmzBaQqmpb-mISmFE9Vov4rtwxBZcj7gE6NUymXl6l7YYyN2_L10DCJwG6iHCTWIrsplfprlO8qcxYmosIw1M1UsOYKgZJf3dy5ES9JswZgs2aUj68ZnLA_bybKvYKx-U5y4xeAfuMlK6WGZIiPPg_pUxYKteQNtR5nvqnSA/w400-h266/Picsart_22-11-26_06-40-53-755.jpg
142.250.74.97200 OK 40 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSWsPoYLTxenozLuEAPDtmzBaQqmpb-mISmFE9Vov4rtwxBZcj7gE6NUymXl6l7YYyN2_L10DCJwG6iHCTWIrsplfprlO8qcxYmosIw1M1UsOYKgZJf3dy5ES9JswZgs2aUj68ZnLA_bybKvYKx-U5y4xeAfuMlK6WGZIiPPg_pUxYKteQNtR5nvqnSA/w400-h266/Picsart_22-11-26_06-40-53-755.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 399x266, components 3\012- data
Hash 01cc6315b0eb9414ca9ad6acc72a7dfe
416e2c598985bf4c2bda6a34e5cc0a51af973016
85f3a8aeeaae2061c0789ed3323d4d8cbddcca91e94f5fbe5fd815bafd54d1d2
GET /img/b/R29vZ2xl/AVvXsEiSWsPoYLTxenozLuEAPDtmzBaQqmpb-mISmFE9Vov4rtwxBZcj7gE6NUymXl6l7YYyN2_L10DCJwG6iHCTWIrsplfprlO8qcxYmosIw1M1UsOYKgZJf3dy5ES9JswZgs2aUj68ZnLA_bybKvYKx-U5y4xeAfuMlK6WGZIiPPg_pUxYKteQNtR5nvqnSA/w400-h266/Picsart_22-11-26_06-40-53-755.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v2b4"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Picsart_22-11-26_06-40-53-755.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 39608
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlajjxRWPeZQ0EL6AHfO9Y26kxen4QhxRWycUzTBErxPoNmQxuZVx0S5_lpceCz5JzAq9I1n1UraIhfzHvXyNUGbVvSFN2Hz_u09eDbQFxVtepyXPRL_7TOusYOSI7_VhfZz5dkpN_SeVe5YI1tX6vLBJF_e-PYK-TjaiJ6QFaBc8eoYVHmq4rZBdIGw/s320/Screenshot_20221105-214340~3.png
142.250.74.97200 OK 102 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlajjxRWPeZQ0EL6AHfO9Y26kxen4QhxRWycUzTBErxPoNmQxuZVx0S5_lpceCz5JzAq9I1n1UraIhfzHvXyNUGbVvSFN2Hz_u09eDbQFxVtepyXPRL_7TOusYOSI7_VhfZz5dkpN_SeVe5YI1tX6vLBJF_e-PYK-TjaiJ6QFaBc8eoYVHmq4rZBdIGw/s320/Screenshot_20221105-214340~3.png
IP 142.250.74.97:0
File type PNG image data, 208 x 320, 8-bit/color RGB, non-interlaced\012- data
Size 102 kB (102070 bytes)
Hash e3263eb511f7a67243a73a1b200922c3
03bffddadc4db287044e68f447c3f7d74b7534cb
11422bb318005e5decec2b17f892d7f99696dce40660b70b69f4f7fddfcd8d27
GET /img/b/R29vZ2xl/AVvXsEjlajjxRWPeZQ0EL6AHfO9Y26kxen4QhxRWycUzTBErxPoNmQxuZVx0S5_lpceCz5JzAq9I1n1UraIhfzHvXyNUGbVvSFN2Hz_u09eDbQFxVtepyXPRL_7TOusYOSI7_VhfZz5dkpN_SeVe5YI1tX6vLBJF_e-PYK-TjaiJ6QFaBc8eoYVHmq4rZBdIGw/s320/Screenshot_20221105-214340~3.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v23f"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Screenshot_20221105-214340~3.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 102070
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5-rtNijLwQIecmg6xLxRRwx9MK9IkoTK7QzgulNR-QBxDhHg6XMhp0yw2DAtPub37MZrkALMCj5sGCmpwD8OR1LfbDoGErvB6Iw7v1d_eRp8j6TnGp--rpeVS652uIdt_wOuuPHi_CXaYExuZdk3OxAchDzHwuY4SiTGnZR3WdPuAHMUmd4Z3WAud9A/s400/Picsart_22-11-26_14-26-04-472.jpg
142.250.74.97200 OK 36 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5-rtNijLwQIecmg6xLxRRwx9MK9IkoTK7QzgulNR-QBxDhHg6XMhp0yw2DAtPub37MZrkALMCj5sGCmpwD8OR1LfbDoGErvB6Iw7v1d_eRp8j6TnGp--rpeVS652uIdt_wOuuPHi_CXaYExuZdk3OxAchDzHwuY4SiTGnZR3WdPuAHMUmd4Z3WAud9A/s400/Picsart_22-11-26_14-26-04-472.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 400x267, components 3\012- data
Hash 81d94de5d5806acb2cc73bbf7bac1185
f86de5a33a379c3df1160179662b480b291e0ce8
d87ca1c927a53a361857ee4db69262647178b135535ece85c2b816d12987c655
GET /img/b/R29vZ2xl/AVvXsEg5-rtNijLwQIecmg6xLxRRwx9MK9IkoTK7QzgulNR-QBxDhHg6XMhp0yw2DAtPub37MZrkALMCj5sGCmpwD8OR1LfbDoGErvB6Iw7v1d_eRp8j6TnGp--rpeVS652uIdt_wOuuPHi_CXaYExuZdk3OxAchDzHwuY4SiTGnZR3WdPuAHMUmd4Z3WAud9A/s400/Picsart_22-11-26_14-26-04-472.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v2b2"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Picsart_22-11-26_14-26-04-472.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 35965
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pl17932381.highperformancecpmgate.com/3d/93/47/3d934748ea0030a9eb009ab1a9551eac.js
173.233.137.52200 OK 13 kB URL HTTP/1.1 pl17932381.highperformancecpmgate.com/3d/93/47/3d934748ea0030a9eb009ab1a9551eac.js
IP 173.233.137.52:0
File type ASCII text, with very long lines (37158), with no line terminators
Hash 0cafe971c3c9ebfc8e353164ca00aa06
96fb8e08d0aa95b00b9327c6dc0f33732ef62bf3
623e96d2f640d01c797626ff5702a51e3c1cfa082b671adaaa89aaa7320f4cd2
Analyzer Verdict Alert quad9 Sinkholed
GET /3d/93/47/3d934748ea0030a9eb009ab1a9551eac.js HTTP/1.1
Host: pl17932381.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Dec 2022 09:02:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1357f1d838c815ff3778bf3cea66dd68
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoVCMENYKCVjOw_VSJeZ0ijcI4ivl41kDwFEbvrkArFN9qCOaJ8pkdIrukrCoXcuRyKB_1bkK6wgqud0cP67uiZGcuNsX33IhP7MzkIWVb6ynntuez_gtCSS9g6McqdScUZ-vO8kcLP4331KDXu4qDqr5qQJhf-s97CoypDysF2YPYxyd8tJ9iuNLBjA/s320/Screenshot_20221105-214323~4.png
142.250.74.97200 OK 147 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoVCMENYKCVjOw_VSJeZ0ijcI4ivl41kDwFEbvrkArFN9qCOaJ8pkdIrukrCoXcuRyKB_1bkK6wgqud0cP67uiZGcuNsX33IhP7MzkIWVb6ynntuez_gtCSS9g6McqdScUZ-vO8kcLP4331KDXu4qDqr5qQJhf-s97CoypDysF2YPYxyd8tJ9iuNLBjA/s320/Screenshot_20221105-214323~4.png
IP 142.250.74.97:0
File type PNG image data, 288 x 320, 8-bit/color RGB, non-interlaced\012- data
Size 147 kB (147114 bytes)
Hash 611ed00399ec995f60545dc9fb7a30e8
c4c2c76ed8494a40d649f779fcb200ac8b69d9c0
8696762dc0bd12cf6f6e7832fa207df87e3a2172a025316baba1a7b15a0a7411
GET /img/b/R29vZ2xl/AVvXsEhoVCMENYKCVjOw_VSJeZ0ijcI4ivl41kDwFEbvrkArFN9qCOaJ8pkdIrukrCoXcuRyKB_1bkK6wgqud0cP67uiZGcuNsX33IhP7MzkIWVb6ynntuez_gtCSS9g6McqdScUZ-vO8kcLP4331KDXu4qDqr5qQJhf-s97CoypDysF2YPYxyd8tJ9iuNLBjA/s320/Screenshot_20221105-214323~4.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v240"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Screenshot_20221105-214323~4.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 147114
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmkOodFPeFdCEI7sDbbsIWH7mtlHbyW_XpTSwLdhkO-hDlGhXDm-fdJynA4nV5OOTaBiw8me6utdFZULV5VJ2v48XVqPSdi-mXCB3gTqBPrxpTbRyPId87nSmx-YfBqGM2SOhWI9QJG6er0T3hI9cEQNIG9c4R6GHRsRm2DStuYhVfHqgcq6LQgrVz6A/s320/Screenshot_20221105-214236~2.png
142.250.74.97200 OK 89 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmkOodFPeFdCEI7sDbbsIWH7mtlHbyW_XpTSwLdhkO-hDlGhXDm-fdJynA4nV5OOTaBiw8me6utdFZULV5VJ2v48XVqPSdi-mXCB3gTqBPrxpTbRyPId87nSmx-YfBqGM2SOhWI9QJG6er0T3hI9cEQNIG9c4R6GHRsRm2DStuYhVfHqgcq6LQgrVz6A/s320/Screenshot_20221105-214236~2.png
IP 142.250.74.97:0
File type PNG image data, 201 x 320, 8-bit/color RGB, non-interlaced\012- data
Hash e402d0db2035a213be83860cac4a3609
19171ca9f8dda155bd4ac52a70e0b511af9f5cbe
be979fd4cde5b329fb9ffc9f7b6aa54fad30c49b404a763960788fbbdc5d8a61
GET /img/b/R29vZ2xl/AVvXsEjmkOodFPeFdCEI7sDbbsIWH7mtlHbyW_XpTSwLdhkO-hDlGhXDm-fdJynA4nV5OOTaBiw8me6utdFZULV5VJ2v48XVqPSdi-mXCB3gTqBPrxpTbRyPId87nSmx-YfBqGM2SOhWI9QJG6er0T3hI9cEQNIG9c4R6GHRsRm2DStuYhVfHqgcq6LQgrVz6A/s320/Screenshot_20221105-214236~2.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v23e"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Screenshot_20221105-214236~2.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 89060
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim6yVwFe6W-iCSFiLM0VVg85i7KzV2h1rK6YhiYNQ9pdLEwbwdJYEgXOkt3HwpXe9O2tNreUQo6bxZva7v1ZoNJFv-j_D-seWgh-sdNS1zcoynDmMxjdivBjhqt6aKr3csBUxc37fOTXIMeP2c1FUOtWKpn0MhoROE_ZEWni7qe4jSjcsdRkv8TVt-Tg/w420-h225/Picsart_22-11-14_10-16-06-341.jpg
142.250.74.97200 OK 37 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim6yVwFe6W-iCSFiLM0VVg85i7KzV2h1rK6YhiYNQ9pdLEwbwdJYEgXOkt3HwpXe9O2tNreUQo6bxZva7v1ZoNJFv-j_D-seWgh-sdNS1zcoynDmMxjdivBjhqt6aKr3csBUxc37fOTXIMeP2c1FUOtWKpn0MhoROE_ZEWni7qe4jSjcsdRkv8TVt-Tg/w420-h225/Picsart_22-11-14_10-16-06-341.jpg
IP 142.250.74.97:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 400x225, components 3\012- data
Hash fe2d1f51126524601d0963b5a148a682
d01a072afb8af42bc07bed2a189b9014bc3543b8
73d37d873cd21c9d9b6c313ec38963b5d1fe8ea445033dade01a1e87de89ae1b
GET /img/b/R29vZ2xl/AVvXsEim6yVwFe6W-iCSFiLM0VVg85i7KzV2h1rK6YhiYNQ9pdLEwbwdJYEgXOkt3HwpXe9O2tNreUQo6bxZva7v1ZoNJFv-j_D-seWgh-sdNS1zcoynDmMxjdivBjhqt6aKr3csBUxc37fOTXIMeP2c1FUOtWKpn0MhoROE_ZEWni7qe4jSjcsdRkv8TVt-Tg/w420-h225/Picsart_22-11-14_10-16-06-341.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v278"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Picsart_22-11-14_10-16-06-341.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 36717
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWfS7TAsSegoZbU3-9UNRpxdaMoVFPQEYaHZ7J8GtONDyvVUBkZzeCLGVAD_FQqOPYQvgQkDbXxzaFpUqcJn0OrDzLEZMh9EMo8B6Hg6lJrFt7SSVKis0Kq1D_JrF3hePaQLJwNnP4ctwUtr4eRv-AfZzFhQ4kMST72utpQTQ6LSWi9H7CJMECSLcOlw/w283-h400/Screenshot_20221113-093747~2.png
142.250.74.97200 OK 141 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWfS7TAsSegoZbU3-9UNRpxdaMoVFPQEYaHZ7J8GtONDyvVUBkZzeCLGVAD_FQqOPYQvgQkDbXxzaFpUqcJn0OrDzLEZMh9EMo8B6Hg6lJrFt7SSVKis0Kq1D_JrF3hePaQLJwNnP4ctwUtr4eRv-AfZzFhQ4kMST72utpQTQ6LSWi9H7CJMECSLcOlw/w283-h400/Screenshot_20221113-093747~2.png
IP 142.250.74.97:0
File type PNG image data, 282 x 400, 8-bit/color RGB, non-interlaced\012- data
Size 141 kB (141072 bytes)
Hash 6167f9e9825473e996b9806c38f37a2b
49bea70fdc1f044dfc1ebe9d3a6698f9b05655ac
299759c34e100458f410958a2235c6b48423c9c6ac017b96b8a60884f861efea
GET /img/b/R29vZ2xl/AVvXsEiWfS7TAsSegoZbU3-9UNRpxdaMoVFPQEYaHZ7J8GtONDyvVUBkZzeCLGVAD_FQqOPYQvgQkDbXxzaFpUqcJn0OrDzLEZMh9EMo8B6Hg6lJrFt7SSVKis0Kq1D_JrF3hePaQLJwNnP4ctwUtr4eRv-AfZzFhQ4kMST72utpQTQ6LSWi9H7CJMECSLcOlw/w283-h400/Screenshot_20221113-093747~2.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v270"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Screenshot_20221113-093747~2.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 141072
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp9Z_8r9e6t1lpBcVAbkJbovmusM3dUUmdAeFWa5Gidrwt8Uyl4aq_jKiz-GQ4StJVEzSq5-kz9skrRIS2ryYexq_Tumg9GWViiI7UEb-vQ5_w0eIq-kVD8xJUf5TXllh2juYsCFVBIJnXdIgn7UIiSk21aDVleaOdbQIisGxGvZHyEdu8Gud1UFxTlQ/s320/Screenshot_20221105-214355~4.png
142.250.74.97200 OK 83 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp9Z_8r9e6t1lpBcVAbkJbovmusM3dUUmdAeFWa5Gidrwt8Uyl4aq_jKiz-GQ4StJVEzSq5-kz9skrRIS2ryYexq_Tumg9GWViiI7UEb-vQ5_w0eIq-kVD8xJUf5TXllh2juYsCFVBIJnXdIgn7UIiSk21aDVleaOdbQIisGxGvZHyEdu8Gud1UFxTlQ/s320/Screenshot_20221105-214355~4.png
IP 142.250.74.97:0
File type PNG image data, 190 x 320, 8-bit/color RGB, non-interlaced\012- data
Hash 8099caac6852650a6d155ad51aae42ab
45ebfcaa2039736700488a51e1e7f71609aaa3d7
832030c782e713b3b88f5b2fcd541222a50f679a2b591673ddbf5847ed535f1f
GET /img/b/R29vZ2xl/AVvXsEjp9Z_8r9e6t1lpBcVAbkJbovmusM3dUUmdAeFWa5Gidrwt8Uyl4aq_jKiz-GQ4StJVEzSq5-kz9skrRIS2ryYexq_Tumg9GWViiI7UEb-vQ5_w0eIq-kVD8xJUf5TXllh2juYsCFVBIJnXdIgn7UIiSk21aDVleaOdbQIisGxGvZHyEdu8Gud1UFxTlQ/s320/Screenshot_20221105-214355~4.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v23d"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Screenshot_20221105-214355~4.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 82599
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19602
Expires: Sat, 03 Dec 2022 14:29:35 GMT
Date: Sat, 03 Dec 2022 09:02:53 GMT
Connection: keep-alive
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGC478zZBQPlZfBKn5EgkLVeWpjIVFklOnlF4NCG3nG4A0QMVWjhkzQGJ4BLmPxrrxihwEhruqLNJ_eD69VStXO4k4RVklURYKrk2a982Is7jf-hef-nx5F4kCQ8jO-7O2aHxTa_eJe7diXo8lvSQuCh5qlj8TXdL8k-dGfrFUuXUKsBqDSSu0tARdkw/w400-h266/Screenshot_20221125-185509~2.png
142.250.74.97200 OK 150 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGC478zZBQPlZfBKn5EgkLVeWpjIVFklOnlF4NCG3nG4A0QMVWjhkzQGJ4BLmPxrrxihwEhruqLNJ_eD69VStXO4k4RVklURYKrk2a982Is7jf-hef-nx5F4kCQ8jO-7O2aHxTa_eJe7diXo8lvSQuCh5qlj8TXdL8k-dGfrFUuXUKsBqDSSu0tARdkw/w400-h266/Screenshot_20221125-185509~2.png
IP 142.250.74.97:0
File type PNG image data, 400 x 266, 8-bit/color RGB, non-interlaced\012- data
Size 150 kB (150158 bytes)
Hash 26869596d6c9c6031fd7177ff6a32b86
6c5cf0751cdbe8f5c4cfd4fb656e7e2cbd550da2
1485b5341ecf995d4db0f467e71c30ad97346959e953afd320091b0ca19ceda9
GET /img/b/R29vZ2xl/AVvXsEgGC478zZBQPlZfBKn5EgkLVeWpjIVFklOnlF4NCG3nG4A0QMVWjhkzQGJ4BLmPxrrxihwEhruqLNJ_eD69VStXO4k4RVklURYKrk2a982Is7jf-hef-nx5F4kCQ8jO-7O2aHxTa_eJe7diXo8lvSQuCh5qlj8TXdL8k-dGfrFUuXUKsBqDSSu0tARdkw/w400-h266/Screenshot_20221125-185509~2.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v28b"
expires: Sun, 04 Dec 2022 09:02:53 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Screenshot_20221125-185509~2.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Sat, 03 Dec 2022 09:02:53 GMT
server: fife
content-length: 150158
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 8be4570a1d9d09c7b793e97ee1f6edaf
cb101195afa0dbb473bcd5050ee2ab4a25af825f
b69ece6aab66eec92b6b3bd8c8e6febd027c8dac1a86faaed1b217dec8e784b1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Dec 2022 09:02:53 GMT
Last-Modified: Sat, 03 Dec 2022 07:40:00 GMT
Server: ECS (nyb/1D1E)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XoFWzCjq7-RooQ8tc3Odo-PmSEnL84RFro-Drm9Dh1mh5uXG6rlMZw==
Age: 4973
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 533edfb2e8594527124ee5e6254f3195
56ca13439a347dfb5e13491ad8348aeb158b1096
6c0c0f1485d1588109c537053e1d9936fd7fe63458af91c95b51e8fb3787b55c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 09:02:53 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xx699.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; expires=Tue, 30 Nov 2032 09:02:53 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 533edfb2e8594527124ee5e6254f3195
56ca13439a347dfb5e13491ad8348aeb158b1096
6c0c0f1485d1588109c537053e1d9936fd7fe63458af91c95b51e8fb3787b55c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Cookie: uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 09:02:53 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://xx699.blogspot.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19602
Expires: Sat, 03 Dec 2022 14:29:35 GMT
Date: Sat, 03 Dec 2022 09:02:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2aecb4f85e02ebc697bb91bb67456d82
2ef35add95a18ac5846ee32df0dd0a63700a2133
4bc2f398453e4555768605e037634156176592626df384f881d782e85b316ca9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BC2F398453E4555768605E037634156176592626DF384F881D782E85B316CA9"
Last-Modified: Fri, 02 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4366
Expires: Sat, 03 Dec 2022 10:15:39 GMT
Date: Sat, 03 Dec 2022 09:02:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 77a6b6638e0ee5ec4eeb988d3d3af050
219272781fc7a6ac331496b257c7976daa7b62de
d3092d8548c448fab08751eb00cce0ffb883786084d77320da1e0a858b70c5cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3092D8548C448FAB08751EB00CCE0FFB883786084D77320DA1E0A858B70C5CB"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8454
Expires: Sat, 03 Dec 2022 11:23:47 GMT
Date: Sat, 03 Dec 2022 09:02:53 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=561d005a-895e-44d9-bdcf-5c8115fd4088&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3d934748ea0030a9eb009ab1a9551eac&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=561d005a-895e-44d9-bdcf-5c8115fd4088&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3d934748ea0030a9eb009ab1a9551eac&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=561d005a-895e-44d9-bdcf-5c8115fd4088&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=3d934748ea0030a9eb009ab1a9551eac&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 03 Dec 2022 09:02:54 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da5c0a2ce2e6b08f5c375d8cbf47aadd
Strict-Transport-Security: max-age=0; includeSubdomains
friendshipmale.com/sfp.js
172.64.140.24200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.140.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash bbdab10331308e0fd9873163902eb9f3
dc6eeb5154a484f845aa7508e583170aae3aacfb
3cd678defcf11cee2737af94aa322788785d70612a6fcd6ea12e3becc0ef101e
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 09:02:53 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 2d160d70151ac669e4d22f0fdc9d235d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 03 Dec 2022 09:02:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bo9eOOwe02tHtj%2FzjKzVY5rhstFpvzDruC2n2U6s6%2Bt9nInXwonblLhisWBrIhjYuOTavsHXZA%2FYpn40jfjJZUwyal5nuibLBjqU5UYnfERagKjq7chF1yfDlBr39WVbliMv9jw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b203f18d58885-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8740
Expires: Sat, 03 Dec 2022 11:28:34 GMT
Date: Sat, 03 Dec 2022 09:02:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8740
Expires: Sat, 03 Dec 2022 11:28:34 GMT
Date: Sat, 03 Dec 2022 09:02:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8740
Expires: Sat, 03 Dec 2022 11:28:34 GMT
Date: Sat, 03 Dec 2022 09:02:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8740
Expires: Sat, 03 Dec 2022 11:28:34 GMT
Date: Sat, 03 Dec 2022 09:02:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:54 GMT
age: 41100
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e545217-31b4-442a-abef-bcaaffcd0407.png
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e545217-31b4-442a-abef-bcaaffcd0407.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 249aec334460c66dc88b9e8def4e48df
f86d1d278ba5b24587b10519b1b30d75044efd97
b083151804ced0533a5b33302ef110b50ddc4bf653de0fb8f6c7711f4bc29fe2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e545217-31b4-442a-abef-bcaaffcd0407.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9449
x-amzn-requestid: c21c52f9-d971-46d9-b632-0439a0e23da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZkxHKbIAMFxkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6fb7-2b8cc0982af568626f4a4bbf;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:35:51 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: h_QxhlhIxUS0VSjt1z50xNf0u1eB6c1WPTJUfvwGQA-t4M0zmXo2AA==
via: 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:03:42 GMT
etag: "f86d1d278ba5b24587b10519b1b30d75044efd97"
content-type: image/jpeg
age: 39552
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 37430
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ffa12df550123f63b20f67437cd8a04
398fd2d837c73f54c4591b69cd683f29bdf9184a
fd9ac4396488098923c27531295e64475047dd008a901e59915109a73a69f305
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6119
x-amzn-requestid: b0bf3aed-f968-4ebb-953e-35300d74ef16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdCe8GgNIAMFQag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63884ac5-4b20ca67753e65c5232660f5;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 06:33:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: axyk2U1R7AX1RVQmdc303S2S2CUs_RgphyeYPsbGveGHMAjY3KEzdw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 13:19:35 GMT
age: 70999
etag: "398fd2d837c73f54c4591b69cd683f29bdf9184a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dcdb77a21f91a4a280ac9a8efbc48bbd
74c974eaf1cbdf6c5ae11793e42caf4c4e4cb25d
5ee7c45f21b38c653d03a24b10a190a9e9266226d221b006e787cd3719088d7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e765102-d7b9-4765-a166-db04ae6113bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11233
x-amzn-requestid: 04a762c8-8d2a-405a-a2e2-386a4da3c57f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZxHZEJXoAMFzqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386fbc8-174cbfee1ea6b7093fc18c58;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 06:44:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3tSASLdggPnNrG2bqgvMF5fbE-EoamXkl6kX-kLSPkJwmIdQ6NMsJQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:53:20 GMT
age: 40174
etag: "74c974eaf1cbdf6c5ae11793e42caf4c4e4cb25d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59297fb7-bcb3-48eb-83b5-7d264b21c3db.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59297fb7-bcb3-48eb-83b5-7d264b21c3db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 436b46a2eea584bd8ec1dba5603c8659
fed437d1919af63f9d58396f318568aadae3d868
fff21dd129f35807bfc29c6582661a79e764238076e540968b57fcad18811566
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59297fb7-bcb3-48eb-83b5-7d264b21c3db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8016
x-amzn-requestid: bfb5f288-4467-467a-9b30-1055a4e6bc54
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZPeE4nIAMFvnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2f-53a5a66704157f4e003ecfa4;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:35 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lUqXgbpEaZh9DO_rv0K5pzHUAF1DsASkKYNTU6t5AUWZjHNV9LRojA==
via: 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:43:49 GMT
age: 40745
etag: "fed437d1919af63f9d58396f318568aadae3d868"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
organexpectationsmaintain.com/sbar.json?key=3d934748ea0030a9eb009ab1a9551eac&uuid=561d005a-895e-44d9-bdcf-5c8115fd4088%3A1%3A1
192.243.59.13200 OK 5.0 kB URL HTTP/1.1 organexpectationsmaintain.com/sbar.json?key=3d934748ea0030a9eb009ab1a9551eac&uuid=561d005a-895e-44d9-bdcf-5c8115fd4088%3A1%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7226), with no line terminators
Hash 2b322123a49d5cbff2ae718950a0270f
2fb1c1e24de2b41dab4ef04ef33511798952a5ad
095dca4e8eb5553ba186ae2d22c197b4d733e239315bfa0fcec550e63dfe10da
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=3d934748ea0030a9eb009ab1a9551eac&uuid=561d005a-895e-44d9-bdcf-5c8115fd4088%3A1%3A1 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 09:02:54 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://xx699.blogspot.com
Access-Control-Allow-Origin: https://xx699.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17831882; expires=Sun, 04 Dec 2022 09:02:54 GMT; secure; SameSite=None
uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; expires=Sat, 10 Dec 2022 09:02:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 04 Dec 2022 09:02:54 GMT; secure; SameSite=None
uncs=1; expires=Sun, 04 Dec 2022 09:02:54 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 04 Dec 2022 09:02:54 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 04 Dec 2022 09:02:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4390c7a9f3e5911135e8cc6e20afb487
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c770ed8e1043091817cf67c2338116d2
eb799e23dbf7d7fd82d63ec0220007e5b8196e48
addff025294dc6a89ff5f686910eb51ba8791c40f50b1c6b63ddc4c8db5808cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADDFF025294DC6A89FF5F686910EB51BA8791C40F50B1C6B63DDC4C8DB5808CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3453
Expires: Sat, 03 Dec 2022 10:00:27 GMT
Date: Sat, 03 Dec 2022 09:02:54 GMT
Connection: keep-alive
organexpectationsmaintain.com/ren.gif?sid=H4sIAAAAAAAC%2F6xST2gdVRe%2F068f5ePb5PsQRLQ4%2BKQomJc7eTPJm5YSmj%2Btz6ZJSFICbsqde%2B%2B8XN%2BducPcO29esqpWpFAXqShoN52cJI3VYlt3BRV5caMBoU9B3sLgzm2l0IUreS%2BR6kJw4YGZ8zv87r38fuect9azPYQhI925c2pVSEmGvDK2X1gSMVO5tmcWbQeX8Ql7ScQj7gm71fulzeMO9sr4RfsMpw01NIwdjB3s2KdFykPVGuqzIJJbvlP2cdkdLjueC630z7XOLNDEAtbcQ%2F8HwTr%2FXv76Lgjahji6M8l1w6jkpakok8SoFJps%2B3zciFUeQ%2FQYhqkFYbx9cBqU7iD0%2FiFQ8faBA1DNzZ4DCEQHWT84EMTbBzIhaG7tKw0k8BgC9l%2FIm23gsg2CtIGqSyDYfQRAGczMQhzdmFFpTlb2WdJjO%2Bjwo4cg8g46%2FOMTEEefjEvRsheUzIxQsYZWWIBotUHU25BkO2BWLRD5DlDzBgj2LRp6NA1xtDmrpQLBus97Iw7D2CODVd%2Fjg67L%2FMGA0XDQo1XH8ULm4mq13yIh2iDCNki%2BBkRbkPU%2BYUEWWpAlFkSsaxPPDzEeDYOwUqm6lNJKhVKvOsI8VnGrIYaM9jysgUnWgMo1oOlFSNKL0BBrkGZfgl4uQDMLtEHQZAXkHEGuEeQEQS4Q5AZB3iy2mNTDurjBpM4C5yAPH%2BRKsaFMfZ1sKVPnMVpP9tD%2Feo2zBp78Bhq8a1eYX3FH3SonGFcw8XmAsU8Ch%2Fie53BCQYsChD7Ut7kqOujZI0chER105LNnICA7oOUOUDEAJDsKJN8YHcZAljfcKobV%2BNNWa8T3y4FUdZ0oU6YqAqYKSMxhMCvWutxDT%2FXH6JKfgNPdsV9%2Fllcm3nsdaFpAkhbwmvgKQV1e3phXOdqcV7lGd2cTIyKxSnojXjDEcPTRWb6Sq5TVJvXazVO0R%2FTgrUWuzTSJmYjrGn08Lhjj6WmVUo4%2Br%2BklHsxlenk8S%2BMsmZ6bOF2LkpRrLVTcBiLut14FKjroPwOH%2Bsv79PgJEOkOpFl3ctmY5PjQEJWCNsoJlY1yTCK%2BX49pTsxJz61UHO8YYYL9jsVJJueS1vQrYm7p%2FAUMUbY7du%2BDXlwDodpAkzdvl0qTUwsT87W5xdrsTKnUfW6hsRIzm%2FG6vbNlhztbdpPLhoq0CVSc6QfX37lzu1SaPjV%2FZupC7dypM1OlUvflv1BnlrMoiImQf1fhh6VSbaIvY%2F6fevKYiOrmpKAqvlkqLdYWp3uChx5cf3drUTAd8HrKY82NbYQMMnbcdjDG9szsWTtUab8LD65fuwg62UUHAVohSOXjOkgsyLNiIx0Odseujj58e3HkHkjRQf73KUi%2BO%2FbLwYaRoADN%2F3DxMV7Xl6GeWkDMJYijApppAU1ZAJFroLN%2FbZgk3R37rtIPCKS1EcjU2gxkKq%2Fub7IWXZt7IQ45HuZB6AfhKMHMD10%2FIL7DRwOPOGB0h14Z%2BOI3AAAA%2F%2F8BAAD%2F%2F5eMqx8DBgAA
192.243.59.13200 OK 7 B URL HTTP/1.1 organexpectationsmaintain.com/ren.gif?sid=H4sIAAAAAAAC%2F6xST2gdVRe%2F068f5ePb5PsQRLQ4%2BKQomJc7eTPJm5YSmj%2Btz6ZJSFICbsqde%2B%2B8XN%2BducPcO29esqpWpFAXqShoN52cJI3VYlt3BRV5caMBoU9B3sLgzm2l0IUreS%2BR6kJw4YGZ8zv87r38fuect9azPYQhI925c2pVSEmGvDK2X1gSMVO5tmcWbQeX8Ql7ScQj7gm71fulzeMO9sr4RfsMpw01NIwdjB3s2KdFykPVGuqzIJJbvlP2cdkdLjueC630z7XOLNDEAtbcQ%2F8HwTr%2FXv76Lgjahji6M8l1w6jkpakok8SoFJps%2B3zciFUeQ%2FQYhqkFYbx9cBqU7iD0%2FiFQ8faBA1DNzZ4DCEQHWT84EMTbBzIhaG7tKw0k8BgC9l%2FIm23gsg2CtIGqSyDYfQRAGczMQhzdmFFpTlb2WdJjO%2Bjwo4cg8g46%2FOMTEEefjEvRsheUzIxQsYZWWIBotUHU25BkO2BWLRD5DlDzBgj2LRp6NA1xtDmrpQLBus97Iw7D2CODVd%2Fjg67L%2FMGA0XDQo1XH8ULm4mq13yIh2iDCNki%2BBkRbkPU%2BYUEWWpAlFkSsaxPPDzEeDYOwUqm6lNJKhVKvOsI8VnGrIYaM9jysgUnWgMo1oOlFSNKL0BBrkGZfgl4uQDMLtEHQZAXkHEGuEeQEQS4Q5AZB3iy2mNTDurjBpM4C5yAPH%2BRKsaFMfZ1sKVPnMVpP9tD%2Feo2zBp78Bhq8a1eYX3FH3SonGFcw8XmAsU8Ch%2Fie53BCQYsChD7Ut7kqOujZI0chER105LNnICA7oOUOUDEAJDsKJN8YHcZAljfcKobV%2BNNWa8T3y4FUdZ0oU6YqAqYKSMxhMCvWutxDT%2FXH6JKfgNPdsV9%2Fllcm3nsdaFpAkhbwmvgKQV1e3phXOdqcV7lGd2cTIyKxSnojXjDEcPTRWb6Sq5TVJvXazVO0R%2FTgrUWuzTSJmYjrGn08Lhjj6WmVUo4%2Br%2BklHsxlenk8S%2BMsmZ6bOF2LkpRrLVTcBiLut14FKjroPwOH%2Bsv79PgJEOkOpFl3ctmY5PjQEJWCNsoJlY1yTCK%2BX49pTsxJz61UHO8YYYL9jsVJJueS1vQrYm7p%2FAUMUbY7du%2BDXlwDodpAkzdvl0qTUwsT87W5xdrsTKnUfW6hsRIzm%2FG6vbNlhztbdpPLhoq0CVSc6QfX37lzu1SaPjV%2FZupC7dypM1OlUvflv1BnlrMoiImQf1fhh6VSbaIvY%2F6fevKYiOrmpKAqvlkqLdYWp3uChx5cf3drUTAd8HrKY82NbYQMMnbcdjDG9szsWTtUab8LD65fuwg62UUHAVohSOXjOkgsyLNiIx0Odseujj58e3HkHkjRQf73KUi%2BO%2FbLwYaRoADN%2F3DxMV7Xl6GeWkDMJYijApppAU1ZAJFroLN%2FbZgk3R37rtIPCKS1EcjU2gxkKq%2Fub7IWXZt7IQ45HuZB6AfhKMHMD10%2FIL7DRwOPOGB0h14Z%2BOI3AAAA%2F%2F8BAAD%2F%2F5eMqx8DBgAA
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F6xST2gdVRe%2F068f5ePb5PsQRLQ4%2BKQomJc7eTPJm5YSmj%2Btz6ZJSFICbsqde%2B%2B8XN%2BducPcO29esqpWpFAXqShoN52cJI3VYlt3BRV5caMBoU9B3sLgzm2l0IUreS%2BR6kJw4YGZ8zv87r38fuect9azPYQhI925c2pVSEmGvDK2X1gSMVO5tmcWbQeX8Ql7ScQj7gm71fulzeMO9sr4RfsMpw01NIwdjB3s2KdFykPVGuqzIJJbvlP2cdkdLjueC630z7XOLNDEAtbcQ%2F8HwTr%2FXv76Lgjahji6M8l1w6jkpakok8SoFJps%2B3zciFUeQ%2FQYhqkFYbx9cBqU7iD0%2FiFQ8faBA1DNzZ4DCEQHWT84EMTbBzIhaG7tKw0k8BgC9l%2FIm23gsg2CtIGqSyDYfQRAGczMQhzdmFFpTlb2WdJjO%2Bjwo4cg8g46%2FOMTEEefjEvRsheUzIxQsYZWWIBotUHU25BkO2BWLRD5DlDzBgj2LRp6NA1xtDmrpQLBus97Iw7D2CODVd%2Fjg67L%2FMGA0XDQo1XH8ULm4mq13yIh2iDCNki%2BBkRbkPU%2BYUEWWpAlFkSsaxPPDzEeDYOwUqm6lNJKhVKvOsI8VnGrIYaM9jysgUnWgMo1oOlFSNKL0BBrkGZfgl4uQDMLtEHQZAXkHEGuEeQEQS4Q5AZB3iy2mNTDurjBpM4C5yAPH%2BRKsaFMfZ1sKVPnMVpP9tD%2Feo2zBp78Bhq8a1eYX3FH3SonGFcw8XmAsU8Ch%2Fie53BCQYsChD7Ut7kqOujZI0chER105LNnICA7oOUOUDEAJDsKJN8YHcZAljfcKobV%2BNNWa8T3y4FUdZ0oU6YqAqYKSMxhMCvWutxDT%2FXH6JKfgNPdsV9%2Fllcm3nsdaFpAkhbwmvgKQV1e3phXOdqcV7lGd2cTIyKxSnojXjDEcPTRWb6Sq5TVJvXazVO0R%2FTgrUWuzTSJmYjrGn08Lhjj6WmVUo4%2Br%2BklHsxlenk8S%2BMsmZ6bOF2LkpRrLVTcBiLut14FKjroPwOH%2Bsv79PgJEOkOpFl3ctmY5PjQEJWCNsoJlY1yTCK%2BX49pTsxJz61UHO8YYYL9jsVJJueS1vQrYm7p%2FAUMUbY7du%2BDXlwDodpAkzdvl0qTUwsT87W5xdrsTKnUfW6hsRIzm%2FG6vbNlhztbdpPLhoq0CVSc6QfX37lzu1SaPjV%2FZupC7dypM1OlUvflv1BnlrMoiImQf1fhh6VSbaIvY%2F6fevKYiOrmpKAqvlkqLdYWp3uChx5cf3drUTAd8HrKY82NbYQMMnbcdjDG9szsWTtUab8LD65fuwg62UUHAVohSOXjOkgsyLNiIx0Odseujj58e3HkHkjRQf73KUi%2BO%2FbLwYaRoADN%2F3DxMV7Xl6GeWkDMJYijApppAU1ZAJFroLN%2FbZgk3R37rtIPCKS1EcjU2gxkKq%2Fub7IWXZt7IQ45HuZB6AfhKMHMD10%2FIL7DRwOPOGB0h14Z%2BOI3AAAA%2F%2F8BAAD%2F%2F5eMqx8DBgAA HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Cookie: u_pl=17831882; uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 09:02:54 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2e2c6772912f101d777532fcecf50056
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7007a042a79310c8938c279ae7eec8e5
8b72d7da27205ce31ff5497ba5428808a498dd7e
8188a5b1208fea4f2bdb97e404aefeb04a89ad62bc16ba2512e3a660b68b67af
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8188A5B1208FEA4F2BDB97E404AEFEB04A89AD62BC16BA2512E3A660B68B67AF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3773
Expires: Sat, 03 Dec 2022 10:05:47 GMT
Date: Sat, 03 Dec 2022 09:02:54 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7007a042a79310c8938c279ae7eec8e5
8b72d7da27205ce31ff5497ba5428808a498dd7e
8188a5b1208fea4f2bdb97e404aefeb04a89ad62bc16ba2512e3a660b68b67af
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8188A5B1208FEA4F2BDB97E404AEFEB04A89AD62BC16BA2512E3A660B68B67AF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3773
Expires: Sat, 03 Dec 2022 10:05:47 GMT
Date: Sat, 03 Dec 2022 09:02:54 GMT
Connection: keep-alive
organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Findex.html&l=1317&fd=122
192.243.59.13200 OK 0 B URL HTTP/1.1 organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Findex.html&l=1317&fd=122
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Findex.html&l=1317&fd=122 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Cookie: u_pl=17831882; uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 09:02:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/img/close.png
172.64.109.13200 OK 49 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/img/close.png
IP 172.64.109.13:0
File type PNG image data, 2063 x 2063, 8-bit/color RGBA, non-interlaced\012- data
Hash c468e1d251e84cbbd9fd43f1bf756866
29512569a2da569797a545eb36c6176d6285a8da
b0da14eff7c6fe39d973148b55c51ee6ce3948e76e488c401eb6dca5dfbd1cd8
GET /sb/interstitial/rtb/default/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 09:02:54 GMT
content-type: image/png
content-length: 48623
last-modified: Wed, 23 Jun 2021 13:33:23 GMT
etag: "60d33823-bdef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1537738
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxVVL9Y5zbeWUKlXs4rIE1LTdveW%2FjOAxxlHTOi8A%2BSbHVW3sD4n3YUyA3UqBgkVUyJm1Ru%2BGBF2chzxuMFipTKlocdRS9aLFGSzajALil0wsqnfOLTy05XoaYyehi6UDHG07gUYvtde"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b20471cee71d5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 09:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7007a042a79310c8938c279ae7eec8e5
8b72d7da27205ce31ff5497ba5428808a498dd7e
8188a5b1208fea4f2bdb97e404aefeb04a89ad62bc16ba2512e3a660b68b67af
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8188A5B1208FEA4F2BDB97E404AEFEB04A89AD62BC16BA2512E3A660B68B67AF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3773
Expires: Sat, 03 Dec 2022 10:05:47 GMT
Date: Sat, 03 Dec 2022 09:02:54 GMT
Connection: keep-alive
organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fstyle.css&l=5338&fd=240
192.243.59.13200 OK 0 B URL HTTP/1.1 organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fstyle.css&l=5338&fd=240
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fstyle.css&l=5338&fd=240 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Cookie: u_pl=17831882; uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 09:02:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fanimate.css&l=79249&fd=330
192.243.59.13200 OK 0 B URL HTTP/1.1 organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fanimate.css&l=79249&fd=330
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fcss%2Fanimate.css&l=79249&fd=330 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Cookie: u_pl=17831882; uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 09:02:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
click.pclk.name/thumbnail?seat=543315&adid=543315&i=dlPpxLJiPWU_0&imgt=icon
173.239.53.24302 Found 0 B URL HTTP/1.1 click.pclk.name/thumbnail?seat=543315&adid=543315&i=dlPpxLJiPWU_0&imgt=icon
IP 173.239.53.24:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?seat=543315&adid=543315&i=dlPpxLJiPWU_0&imgt=icon HTTP/1.1
Host: click.pclk.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1670058174094-7-8932-1178228-ee032338-d24e-957d-3eec-6da6abb87dfd&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DfaHBhHQZqW6vxrOv_PxFpKKOvowDcyhPTvfWKh4b3UxM4xE3Ekes0GiflwEiNzRntiJztNadogZLNbZXdiesi0kBUZqca0fvZtKsWHtUUE2z7JfHeCmz8TZteCrGB2aKQmw2T1trlgpAJpH_RszLAHABsPo7og5Yk-LtVQOKg0n1C5uC0l6knOXeyt0bqzyUis2Cjidnve7ZyOlv-mQg5TxIqZodCWzdg6JP9x5-d3COGLpMfJf5CJP7D9RMHk2JoKUP9Af31EO7GmATJ2LhaN1UuuJrQ8Pvu8MoLwp6rBi8qKrXAe-983NLf8jiSySksnDEqpWkCRUFL1RjmPGXesifXBkJrRgbOkQNYd6DZupt5Dg_LY0QbzQlDy031scNZJ7VozUHC2M6mr9pBtCVxkboF-LzlP3NR5FSjaKkzn3TSMOyKUu47M22YLnIvjxpBVC5Cp3S9r60tstDF8ffOtk52u24atu75wCsiJt88yGfjYvYeJHoP6h5oyIt-YWqX7RN8QZsH-QBA9mywur_9yH3NQ_T3DQH-MFfgMSt_ztiSTBzB4SxpNyJIaZUKBsINPCzKzRLFZVDtFXCs0lztMNrzqzKMV7lrCcEl2wi_qlYhxJx
Pragma: no-cache
organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fjquery-3.2.1.min.js&l=129575&fd=667
192.243.59.13200 OK 0 B URL HTTP/1.1 organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fjquery-3.2.1.min.js&l=129575&fd=667
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fjquery-3.2.1.min.js&l=129575&fd=667 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Cookie: u_pl=17831882; uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 09:02:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fscript.js&l=749&fd=263
192.243.59.13200 OK 0 B URL HTTP/1.1 organexpectationsmaintain.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fscript.js&l=749&fd=263
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Frtb%2Fdefault%2F3%2Fjs%2Fscript.js&l=749&fd=263 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Cookie: u_pl=17831882; uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 09:02:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8041142ff08476755693849725d84345
b029395266121f44b7c18c8af800638e624f39f9
dee0a5c40b2dd541b8796d25484edef02737c1ab21f1c93493ccdcc042b8922b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DEE0A5C40B2DD541B8796D25484EDEF02737C1AB21F1C93493CCDCC042B8922B"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21380
Expires: Sat, 03 Dec 2022 14:59:15 GMT
Date: Sat, 03 Dec 2022 09:02:55 GMT
Connection: keep-alive
organexpectationsmaintain.com/impr.gif?sid=H4sIAAAAAAAC%2F6xSX2gcVRe%2F068f5eN7yfchiGhxcKUomM2d3Zlkt6WE5k%2Fr2jQJSUrAl3Ln3jub696ZO8y9s7PJU7UihfqQioL2pZOTpLFabOtbQUU2vmhA6CrIPhh887VS6INPspuV6oPggwdmzu%2Fwu%2Ffy%2B51z3tpI9xGGlHTnz6k1ISUZ8YrYfmFZRExl2p5dsh1cxCfsZRGNuifsVu%2BXNI872CviF%2B0znDbUSAk7GDvYsU%2BLhAeqNdJnQcS3qk6xiotuqeh4LrSSP9c6tUATC1hzH%2F0fBOv8e%2BXruyBoG6LwzhTXDaPil6bDVBKjEmiynfNRI1JZBOFjGCQWBNHO4DQo3UHo%2FUOgop2BA1DNrZ4D8EUHWT844Ec7A5ngN7cPlPoSeAQ%2B%2By9kzTZw2QZB2kDVJRDsPgKgDGbnIApvzKokI6sHLOmxHXT40UMQWQcd%2FvEJiMJPJqRo2YtKpkaoSEMryEG02iDqbYjTXTBrFohsF6h5AwT7Fo08moEo3JrTUoFg3ee9UYdh7JHhStXjw67LqsM%2Bo8GwRyuO4wXMxZVKv0VCtEEEbZB8HYi2IO19woI0sCCNLQhZ1yZeNcB4LPCDcrniUkrLZUq9yijzWNmtBBhS2vOwDiZeByrXgSYXIU4uQkOsQ5J%2BCXolB80s0AZBk%2BWQcQSZRpARBJlAkBkEWTPfZlKXdH6DSZ36ziCXBrmcbypT3yDbytR5hDbiffS%2FXuOsoSe%2FgQbv2mVWLbtjboUTjMuYVLmPcZX4Dql6nsMJBS1yEPpQ3%2Baa6KBnjxyFWHTQkc%2BeAZ%2Fsgpa7QMUQkPQokGxzrISBrGy6FQxr0aet1mi1WvSlqutYmSJVITCVQ2wOg1m1NuQ%2Beqo%2FRpf8BJzujf%2F6s7wy%2Bd7rQJMc4iSH18RXCOry8uaCytDWgso0ujsXGxGKNdIb8aIhhqOPzvLVTCWsNqXXb56iPaIHby1xbWZIxERU1%2BjjCcEYT06rhHL0eU0vc38%2B1SsTaRKl8cz85OlaGCdca6GiNhBxv%2FUqUNFB%2Fxk61F%2FepydOgEh2IUm7UyvGxMdHRqgUtFGMqWwUIxLyg3pcc2JOem657HjHCBPsdyxOMjkft2ZeEfPL5y9gCNO98Xsf9OIaCNUGGr95u1CYml6cXKjNL9XmZguF7nOLjdWI2YzX7d1tO9jdtptcNlSoja%2BiVD%2B4%2Fs6d24XCzKmFM9MXaudOnZkuFLov%2F4U6s5KGfkSE%2FLsKPywUapN9GQv%2F1JPHRFg3JwVV0c1CYam2NNMTPPLg%2BrvbS4Jpn9cTHmlubCOkn7LjtoMxtmfnztqBSvpdeHD92kXQ8R4aBGiFIJGPaz%2B2IEvzzaTk741fHXv49tLoPZCig6rfJyD53vgvgw0jfg6a%2F%2BHiY7yhL0M9sYCYSxCFOTSTHJoyByLXQaf%2F2jRxsjf%2BXbkf4Etr05eJteXLRF492GQturbnuLziV8YoYz6nzBkrlStljEuMuWNV7lTB6A69MvTFbwAAAP%2F%2FAQAA%2F%2F%2BDhCX5AwYAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 organexpectationsmaintain.com/impr.gif?sid=H4sIAAAAAAAC%2F6xSX2gcVRe%2F068f5eN7yfchiGhxcKUomM2d3Zlkt6WE5k%2Fr2jQJSUrAl3Ln3jub696ZO8y9s7PJU7UihfqQioL2pZOTpLFabOtbQUU2vmhA6CrIPhh887VS6INPspuV6oPggwdmzu%2Fwu%2Ffy%2B51z3tpI9xGGlHTnz6k1ISUZ8YrYfmFZRExl2p5dsh1cxCfsZRGNuifsVu%2BXNI872CviF%2B0znDbUSAk7GDvYsU%2BLhAeqNdJnQcS3qk6xiotuqeh4LrSSP9c6tUATC1hzH%2F0fBOv8e%2BXruyBoG6LwzhTXDaPil6bDVBKjEmiynfNRI1JZBOFjGCQWBNHO4DQo3UHo%2FUOgop2BA1DNrZ4D8EUHWT844Ec7A5ngN7cPlPoSeAQ%2B%2By9kzTZw2QZB2kDVJRDsPgKgDGbnIApvzKokI6sHLOmxHXT40UMQWQcd%2FvEJiMJPJqRo2YtKpkaoSEMryEG02iDqbYjTXTBrFohsF6h5AwT7Fo08moEo3JrTUoFg3ee9UYdh7JHhStXjw67LqsM%2Bo8GwRyuO4wXMxZVKv0VCtEEEbZB8HYi2IO19woI0sCCNLQhZ1yZeNcB4LPCDcrniUkrLZUq9yijzWNmtBBhS2vOwDiZeByrXgSYXIU4uQkOsQ5J%2BCXolB80s0AZBk%2BWQcQSZRpARBJlAkBkEWTPfZlKXdH6DSZ36ziCXBrmcbypT3yDbytR5hDbiffS%2FXuOsoSe%2FgQbv2mVWLbtjboUTjMuYVLmPcZX4Dql6nsMJBS1yEPpQ3%2Baa6KBnjxyFWHTQkc%2BeAZ%2Fsgpa7QMUQkPQokGxzrISBrGy6FQxr0aet1mi1WvSlqutYmSJVITCVQ2wOg1m1NuQ%2Beqo%2FRpf8BJzujf%2F6s7wy%2Bd7rQJMc4iSH18RXCOry8uaCytDWgso0ujsXGxGKNdIb8aIhhqOPzvLVTCWsNqXXb56iPaIHby1xbWZIxERU1%2BjjCcEYT06rhHL0eU0vc38%2B1SsTaRKl8cz85OlaGCdca6GiNhBxv%2FUqUNFB%2Fxk61F%2FepydOgEh2IUm7UyvGxMdHRqgUtFGMqWwUIxLyg3pcc2JOem657HjHCBPsdyxOMjkft2ZeEfPL5y9gCNO98Xsf9OIaCNUGGr95u1CYml6cXKjNL9XmZguF7nOLjdWI2YzX7d1tO9jdtptcNlSoja%2BiVD%2B4%2Fs6d24XCzKmFM9MXaudOnZkuFLov%2F4U6s5KGfkSE%2FLsKPywUapN9GQv%2F1JPHRFg3JwVV0c1CYam2NNMTPPLg%2BrvbS4Jpn9cTHmlubCOkn7LjtoMxtmfnztqBSvpdeHD92kXQ8R4aBGiFIJGPaz%2B2IEvzzaTk741fHXv49tLoPZCig6rfJyD53vgvgw0jfg6a%2F%2BHiY7yhL0M9sYCYSxCFOTSTHJoyByLXQaf%2F2jRxsjf%2BXbkf4Etr05eJteXLRF492GQturbnuLziV8YoYz6nzBkrlStljEuMuWNV7lTB6A69MvTFbwAAAP%2F%2FAQAA%2F%2F%2BDhCX5AwYAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F6xSX2gcVRe%2F068f5eN7yfchiGhxcKUomM2d3Zlkt6WE5k%2Fr2jQJSUrAl3Ln3jub696ZO8y9s7PJU7UihfqQioL2pZOTpLFabOtbQUU2vmhA6CrIPhh887VS6INPspuV6oPggwdmzu%2Fwu%2Ffy%2B51z3tpI9xGGlHTnz6k1ISUZ8YrYfmFZRExl2p5dsh1cxCfsZRGNuifsVu%2BXNI872CviF%2B0znDbUSAk7GDvYsU%2BLhAeqNdJnQcS3qk6xiotuqeh4LrSSP9c6tUATC1hzH%2F0fBOv8e%2BXruyBoG6LwzhTXDaPil6bDVBKjEmiynfNRI1JZBOFjGCQWBNHO4DQo3UHo%2FUOgop2BA1DNrZ4D8EUHWT844Ec7A5ngN7cPlPoSeAQ%2B%2By9kzTZw2QZB2kDVJRDsPgKgDGbnIApvzKokI6sHLOmxHXT40UMQWQcd%2FvEJiMJPJqRo2YtKpkaoSEMryEG02iDqbYjTXTBrFohsF6h5AwT7Fo08moEo3JrTUoFg3ee9UYdh7JHhStXjw67LqsM%2Bo8GwRyuO4wXMxZVKv0VCtEEEbZB8HYi2IO19woI0sCCNLQhZ1yZeNcB4LPCDcrniUkrLZUq9yijzWNmtBBhS2vOwDiZeByrXgSYXIU4uQkOsQ5J%2BCXolB80s0AZBk%2BWQcQSZRpARBJlAkBkEWTPfZlKXdH6DSZ36ziCXBrmcbypT3yDbytR5hDbiffS%2FXuOsoSe%2FgQbv2mVWLbtjboUTjMuYVLmPcZX4Dql6nsMJBS1yEPpQ3%2Baa6KBnjxyFWHTQkc%2BeAZ%2Fsgpa7QMUQkPQokGxzrISBrGy6FQxr0aet1mi1WvSlqutYmSJVITCVQ2wOg1m1NuQ%2Beqo%2FRpf8BJzujf%2F6s7wy%2Bd7rQJMc4iSH18RXCOry8uaCytDWgso0ujsXGxGKNdIb8aIhhqOPzvLVTCWsNqXXb56iPaIHby1xbWZIxERU1%2BjjCcEYT06rhHL0eU0vc38%2B1SsTaRKl8cz85OlaGCdca6GiNhBxv%2FUqUNFB%2Fxk61F%2FepydOgEh2IUm7UyvGxMdHRqgUtFGMqWwUIxLyg3pcc2JOem657HjHCBPsdyxOMjkft2ZeEfPL5y9gCNO98Xsf9OIaCNUGGr95u1CYml6cXKjNL9XmZguF7nOLjdWI2YzX7d1tO9jdtptcNlSoja%2BiVD%2B4%2Fs6d24XCzKmFM9MXaudOnZkuFLov%2F4U6s5KGfkSE%2FLsKPywUapN9GQv%2F1JPHRFg3JwVV0c1CYam2NNMTPPLg%2BrvbS4Jpn9cTHmlubCOkn7LjtoMxtmfnztqBSvpdeHD92kXQ8R4aBGiFIJGPaz%2B2IEvzzaTk741fHXv49tLoPZCig6rfJyD53vgvgw0jfg6a%2F%2BHiY7yhL0M9sYCYSxCFOTSTHJoyByLXQaf%2F2jRxsjf%2BXbkf4Etr05eJteXLRF492GQturbnuLziV8YoYz6nzBkrlStljEuMuWNV7lTB6A69MvTFbwAAAP%2F%2FAQAA%2F%2F%2BDhCX5AwYAAA%3D%3D HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Cookie: u_pl=17831882; uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 09:02:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2c8ea6064d6bdc5b5777252f10e7a1d2
Strict-Transport-Security: max-age=0; includeSubdomains
organexpectationsmaintain.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 organexpectationsmaintain.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: organexpectationsmaintain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Cookie: u_pl=17831882; uid_id2=561d005a-895e-44d9-bdcf-5c8115fd4088:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 03 Dec 2022 09:02:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1670058174094-7-8932-1178228-ee032338-d24e-957d-3eec-6da6abb87dfd&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DfaHBhHQZqW6vxrOv_PxFpKKOvowDcyhPTvfWKh4b3UxM4xE3Ekes0GiflwEiNzRntiJztNadogZLNbZXdiesi0kBUZqca0fvZtKsWHtUUE2z7JfHeCmz8TZteCrGB2aKQmw2T1trlgpAJpH_RszLAHABsPo7og5Yk-LtVQOKg0n1C5uC0l6knOXeyt0bqzyUis2Cjidnve7ZyOlv-mQg5TxIqZodCWzdg6JP9x5-d3COGLpMfJf5CJP7D9RMHk2JoKUP9Af31EO7GmATJ2LhaN1UuuJrQ8Pvu8MoLwp6rBi8qKrXAe-983NLf8jiSySksnDEqpWkCRUFL1RjmPGXesifXBkJrRgbOkQNYd6DZupt5Dg_LY0QbzQlDy031scNZJ7VozUHC2M6mr9pBtCVxkboF-LzlP3NR5FSjaKkzn3TSMOyKUu47M22YLnIvjxpBVC5Cp3S9r60tstDF8ffOtk52u24atu75wCsiJt88yGfjYvYeJHoP6h5oyIt-YWqX7RN8QZsH-QBA9mywur_9yH3NQ_T3DQH-MFfgMSt_ztiSTBzB4SxpNyJIaZUKBsINPCzKzRLFZVDtFXCs0lztMNrzqzKMV7lrCcEl2wi_qlYhxJx
38.100.129.136302 Found 0 B URL HTTP/2 us.doctorpost.net/metrics/save.img?event=impressions&bid-id=v2-1670058174094-7-8932-1178228-ee032338-d24e-957d-3eec-6da6abb87dfd&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DfaHBhHQZqW6vxrOv_PxFpKKOvowDcyhPTvfWKh4b3UxM4xE3Ekes0GiflwEiNzRntiJztNadogZLNbZXdiesi0kBUZqca0fvZtKsWHtUUE2z7JfHeCmz8TZteCrGB2aKQmw2T1trlgpAJpH_RszLAHABsPo7og5Yk-LtVQOKg0n1C5uC0l6knOXeyt0bqzyUis2Cjidnve7ZyOlv-mQg5TxIqZodCWzdg6JP9x5-d3COGLpMfJf5CJP7D9RMHk2JoKUP9Af31EO7GmATJ2LhaN1UuuJrQ8Pvu8MoLwp6rBi8qKrXAe-983NLf8jiSySksnDEqpWkCRUFL1RjmPGXesifXBkJrRgbOkQNYd6DZupt5Dg_LY0QbzQlDy031scNZJ7VozUHC2M6mr9pBtCVxkboF-LzlP3NR5FSjaKkzn3TSMOyKUu47M22YLnIvjxpBVC5Cp3S9r60tstDF8ffOtk52u24atu75wCsiJt88yGfjYvYeJHoP6h5oyIt-YWqX7RN8QZsH-QBA9mywur_9yH3NQ_T3DQH-MFfgMSt_ztiSTBzB4SxpNyJIaZUKBsINPCzKzRLFZVDtFXCs0lztMNrzqzKMV7lrCcEl2wi_qlYhxJx
IP 38.100.129.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /metrics/save.img?event=impressions&bid-id=v2-1670058174094-7-8932-1178228-ee032338-d24e-957d-3eec-6da6abb87dfd&img=https%3A%2F%2Ftrack.trackingtraffo.com%2Fpush%2Fic%3Fauth%3Dpz6u78%26c%3DfaHBhHQZqW6vxrOv_PxFpKKOvowDcyhPTvfWKh4b3UxM4xE3Ekes0GiflwEiNzRntiJztNadogZLNbZXdiesi0kBUZqca0fvZtKsWHtUUE2z7JfHeCmz8TZteCrGB2aKQmw2T1trlgpAJpH_RszLAHABsPo7og5Yk-LtVQOKg0n1C5uC0l6knOXeyt0bqzyUis2Cjidnve7ZyOlv-mQg5TxIqZodCWzdg6JP9x5-d3COGLpMfJf5CJP7D9RMHk2JoKUP9Af31EO7GmATJ2LhaN1UuuJrQ8Pvu8MoLwp6rBi8qKrXAe-983NLf8jiSySksnDEqpWkCRUFL1RjmPGXesifXBkJrRgbOkQNYd6DZupt5Dg_LY0QbzQlDy031scNZJ7VozUHC2M6mr9pBtCVxkboF-LzlP3NR5FSjaKkzn3TSMOyKUu47M22YLnIvjxpBVC5Cp3S9r60tstDF8ffOtk52u24atu75wCsiJt88yGfjYvYeJHoP6h5oyIt-YWqX7RN8QZsH-QBA9mywur_9yH3NQ_T3DQH-MFfgMSt_ztiSTBzB4SxpNyJIaZUKBsINPCzKzRLFZVDtFXCs0lztMNrzqzKMV7lrCcEl2wi_qlYhxJx HTTP/1.1
Host: us.doctorpost.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Sat, 03 Dec 2022 09:02:55 GMT
content-length: 0
location: https://track.trackingtraffo.com/push/ic?auth=pz6u78&c=faHBhHQZqW6vxrOv_PxFpKKOvowDcyhPTvfWKh4b3UxM4xE3Ekes0GiflwEiNzRntiJztNadogZLNbZXdiesi0kBUZqca0fvZtKsWHtUUE2z7JfHeCmz8TZteCrGB2aKQmw2T1trlgpAJpH_RszLAHABsPo7og5Yk-LtVQOKg0n1C5uC0l6knOXeyt0bqzyUis2Cjidnve7ZyOlv-mQg5TxIqZodCWzdg6JP9x5-d3COGLpMfJf5CJP7D9RMHk2JoKUP9Af31EO7GmATJ2LhaN1UuuJrQ8Pvu8MoLwp6rBi8qKrXAe-983NLf8jiSySksnDEqpWkCRUFL1RjmPGXesifXBkJrRgbOkQNYd6DZupt5Dg_LY0QbzQlDy031scNZJ7VozUHC2M6mr9pBtCVxkboF-LzlP3NR5FSjaKkzn3TSMOyKUu47M22YLnIvjxpBVC5Cp3S9r60tstDF8ffOtk52u24atu75wCsiJt88yGfjYvYeJHoP6h5oyIt-YWqX7RN8QZsH-QBA9mywur_9yH3NQ_T3DQH-MFfgMSt_ztiSTBzB4SxpNyJIaZUKBsINPCzKzRLFZVDtFXCs0lztMNrzqzKMV7lrCcEl2wi_qlYhxJx
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 411f0580e41b8c663276421f11cc67d8
273e570b706320eee29faa7c69498eabb433a82b
ec324f143f05c34d4d3f4a6078bba6cf9d90f8390e092ce64282dbbdff961b39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 09:02:55 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 00:04:39 GMT
Expires: Thu, 08 Dec 2022 00:04:38 GMT
Etag: "273e570b706320eee29faa7c69498eabb433a82b"
Cache-Control: max-age=399102,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 773b204fac40fab8-OSL
track.trackingtraffo.com/push/ic?auth=pz6u78&c=faHBhHQZqW6vxrOv_PxFpKKOvowDcyhPTvfWKh4b3UxM4xE3Ekes0GiflwEiNzRntiJztNadogZLNbZXdiesi0kBUZqca0fvZtKsWHtUUE2z7JfHeCmz8TZteCrGB2aKQmw2T1trlgpAJpH_RszLAHABsPo7og5Yk-LtVQOKg0n1C5uC0l6knOXeyt0bqzyUis2Cjidnve7ZyOlv-mQg5TxIqZodCWzdg6JP9x5-d3COGLpMfJf5CJP7D9RMHk2JoKUP9Af31EO7GmATJ2LhaN1UuuJrQ8Pvu8MoLwp6rBi8qKrXAe-983NLf8jiSySksnDEqpWkCRUFL1RjmPGXesifXBkJrRgbOkQNYd6DZupt5Dg_LY0QbzQlDy031scNZJ7VozUHC2M6mr9pBtCVxkboF-LzlP3NR5FSjaKkzn3TSMOyKUu47M22YLnIvjxpBVC5Cp3S9r60tstDF8ffOtk52u24atu75wCsiJt88yGfjYvYeJHoP6h5oyIt-YWqX7RN8QZsH-QBA9mywur_9yH3NQ_T3DQH-MFfgMSt_ztiSTBzB4SxpNyJIaZUKBsINPCzKzRLFZVDtFXCs0lztMNrzqzKMV7lrCcEl2wi_qlYhxJx
88.214.206.175302 Found 0 B URL HTTP/1.1 track.trackingtraffo.com/push/ic?auth=pz6u78&c=faHBhHQZqW6vxrOv_PxFpKKOvowDcyhPTvfWKh4b3UxM4xE3Ekes0GiflwEiNzRntiJztNadogZLNbZXdiesi0kBUZqca0fvZtKsWHtUUE2z7JfHeCmz8TZteCrGB2aKQmw2T1trlgpAJpH_RszLAHABsPo7og5Yk-LtVQOKg0n1C5uC0l6knOXeyt0bqzyUis2Cjidnve7ZyOlv-mQg5TxIqZodCWzdg6JP9x5-d3COGLpMfJf5CJP7D9RMHk2JoKUP9Af31EO7GmATJ2LhaN1UuuJrQ8Pvu8MoLwp6rBi8qKrXAe-983NLf8jiSySksnDEqpWkCRUFL1RjmPGXesifXBkJrRgbOkQNYd6DZupt5Dg_LY0QbzQlDy031scNZJ7VozUHC2M6mr9pBtCVxkboF-LzlP3NR5FSjaKkzn3TSMOyKUu47M22YLnIvjxpBVC5Cp3S9r60tstDF8ffOtk52u24atu75wCsiJt88yGfjYvYeJHoP6h5oyIt-YWqX7RN8QZsH-QBA9mywur_9yH3NQ_T3DQH-MFfgMSt_ztiSTBzB4SxpNyJIaZUKBsINPCzKzRLFZVDtFXCs0lztMNrzqzKMV7lrCcEl2wi_qlYhxJx
IP 88.214.206.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push/ic?auth=pz6u78&c=faHBhHQZqW6vxrOv_PxFpKKOvowDcyhPTvfWKh4b3UxM4xE3Ekes0GiflwEiNzRntiJztNadogZLNbZXdiesi0kBUZqca0fvZtKsWHtUUE2z7JfHeCmz8TZteCrGB2aKQmw2T1trlgpAJpH_RszLAHABsPo7og5Yk-LtVQOKg0n1C5uC0l6knOXeyt0bqzyUis2Cjidnve7ZyOlv-mQg5TxIqZodCWzdg6JP9x5-d3COGLpMfJf5CJP7D9RMHk2JoKUP9Af31EO7GmATJ2LhaN1UuuJrQ8Pvu8MoLwp6rBi8qKrXAe-983NLf8jiSySksnDEqpWkCRUFL1RjmPGXesifXBkJrRgbOkQNYd6DZupt5Dg_LY0QbzQlDy031scNZJ7VozUHC2M6mr9pBtCVxkboF-LzlP3NR5FSjaKkzn3TSMOyKUu47M22YLnIvjxpBVC5Cp3S9r60tstDF8ffOtk52u24atu75wCsiJt88yGfjYvYeJHoP6h5oyIt-YWqX7RN8QZsH-QBA9mywur_9yH3NQ_T3DQH-MFfgMSt_ztiSTBzB4SxpNyJIaZUKBsINPCzKzRLFZVDtFXCs0lztMNrzqzKMV7lrCcEl2wi_qlYhxJx HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 03 Dec 2022 09:02:56 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National Casino black.png
ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
142.132.194.196200 OK 4.5 kB URL HTTP/1.1 ads.trackingtraffo.com/creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png
IP 142.132.194.196:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 58be17b22d6e1178a54c92cf862c817e
b821bc2f016751647df49e49863077e927a70322
9cc4f3f40313b08baf54c956685ac7a21ac8a3573908b9763865c6f613ce1b5f
GET /creatives/k1qy286gxmd5g3dpr397nw5v/1659514995116-National%20Casino%20black.png HTTP/1.1
Host: ads.trackingtraffo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 03 Dec 2022 09:02:56 GMT
Content-Type: image/png
Content-Length: 4456
Last-Modified: Wed, 03 Aug 2022 08:23:15 GMT
Connection: keep-alive
ETag: "62ea3073-1168"
Accept-Ranges: bytes
cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/interstitial/rtb/default/3/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/interstitial/rtb/default/3/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 09:02:54 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-525"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 03 Dec 2022 10:02:54 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.74:0
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 09:02:54 GMT
date: Sat, 03 Dec 2022 09:02:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/style.css
IP 172.64.109.13:0
GET /sb/interstitial/rtb/default/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 09:02:54 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:21 GMT
etag: W/"60d33821-14da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dg2zmA3RU1YAdkZ5XAPj5%2B%2Bchhd111cweBwW1Ow164mWKcPwCpuzZ6iJnp1Nwo4GOpJu5D9zNRkgzRPeLCn0al9Hx%2B051GzKWO9jR4jscw8BVBsv0Q%2F%2B4P%2BHh8bPD6D2b9lXvgPzuims"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b2046eca771d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/css/animate.css
IP 172.64.109.13:0
GET /sb/interstitial/rtb/default/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 09:02:54 GMT
content-type: text/css
last-modified: Wed, 23 Jun 2021 13:33:20 GMT
etag: W/"60d33820-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IxOmsRqsx8Mlj15MN93lSn6edXaaU31IcyO2IAToc2imS6BPOnSnFElyo7%2BQC591moaFNl7Q9mGVpM%2FdF4q9%2FYkiqqKDMQFPY7kyHRhR6MSqqmhXNmpVpNx06L%2BlBJESrCsRY2iqpqFA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b2046dc9871d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js
IP 172.64.109.13:0
GET /sb/interstitial/rtb/default/3/js/jquery-3.2.1.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Dec 2022 09:02:55 GMT
content-type: application/javascript
last-modified: Wed, 23 Jun 2021 13:33:25 GMT
etag: W/"60d33825-1fa27"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dVE60%2Fy3reKx6P3%2F2xHpUCbJ8pT0bjlvG82%2B9nviIoCcGsDc%2B0wZd6Cw2F3AmeJ0Yvg%2FHyknUwtWxvSmEahlSPybYZss7s0TspSICKPg3Q%2Bl0bLkVE9yxLFK6u8k0U%2FY6n%2BbnLkXTsFI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b2046eca571d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/script.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/rtb/default/3/js/script.js
IP 172.64.109.13:0
GET /sb/interstitial/rtb/default/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xx699.blogspot.com
Connection: keep-alive
Referer: https://xx699.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Dec 2022 09:02:55 GMT
content-type: application/javascript
last-modified: Wed, 23 Jun 2021 13:33:24 GMT
etag: W/"60d33824-2ed"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kEfzvzX9dmqluCQaj6hUCgm1tg7NAJ5cqJ0Th9D270z6g4sYKC3EbixZ4e3qR9qgz55NpR8VrNWusqSiCfx9CyWAvA%2F7fstZ8CHaNm3ojGCbrnds3LFr%2BwXsNOq7meIrc7rX3BKw%2Bk1j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773b204a9a1471d5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2