roguelineagesleepingforestmap.blogspot.com/
142.250.74.161301 Moved Permanently 191 B URL HTTP/1.1 roguelineagesleepingforestmap.blogspot.com/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash bb334c3199aea5a4c7c09fbf20be7497
964d2256b4ec19a2e20e494e78b4eb5feeccba78
5ac6254264e7eadb29da9eec5a10e78c8486c2e83678d17ad4624b12eaacd950
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: roguelineagesleepingforestmap.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://roguelineagesleepingforestmap.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Mon, 09 Jan 2023 08:07:07 GMT
Expires: Mon, 09 Jan 2023 08:07:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 191
Server: GSE
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 516b9d6951b09439a51d5284994ed92f
5c78edb38bae36caa8e2db8ed6635a32e46c91dd
eaaf4ebc59d2a06d02b552154c5adb7c713ffc4a7f5caabcff1c2b4cd6ec5c7b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EAAF4EBC59D2A06D02B552154C5ADB7C713FFC4A7F5CAABCFF1C2B4CD6EC5C7B"
Last-Modified: Fri, 06 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2212
Expires: Mon, 09 Jan 2023 08:43:59 GMT
Date: Mon, 09 Jan 2023 08:07:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b782882bdabaf3b08e64120922b4a4b7
2035ed7fc9fb5b6ee9715601ba43de5f94d0c0e9
3fe7d1a9a55b86ec25d02634749ccfae11f3477033ba8cd7ac4131b7948ba619
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FE7D1A9A55B86EC25D02634749CCFAE11F3477033BA8CD7AC4131B7948BA619"
Last-Modified: Sat, 07 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18394
Expires: Mon, 09 Jan 2023 13:13:41 GMT
Date: Mon, 09 Jan 2023 08:07:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 09 Jan 2023 07:48:21 GMT
content-type: application/json
age: 1126
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 75f0037a1d53a9a5321a796206ec3e24
70d42c9bf1334f20e1cea4ce3c8212e0e780ee77
80ec1e61f9563e799c9f44ea31e616c37daea1b9670091fbbc6efc39ebafe3d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80EC1E61F9563E799C9F44EA31E616C37DAEA1B9670091FBBC6EFC39EBAFE3D3"
Last-Modified: Fri, 06 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5013
Expires: Mon, 09 Jan 2023 09:30:40 GMT
Date: Mon, 09 Jan 2023 08:07:07 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: BCyeFEhcIWD8+SW3a8JcggrG3TVBncVqfoFnvyup//gEa9aVgINjSHRm/xW1KFe3ogusPlHj+Jo=
x-amz-request-id: V2NEQFWZQ9BHF5W7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 09 Jan 2023 07:16:06 GMT
age: 3061
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d30bb3817130265080e196a7256d42ca
e4ac9fc5713c48fc171535024b0bf324d6111d3a
9015c6479aa414ff4875d2ba16c57518c17fc66d9f6506290d2f9c418c6309f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 09 Jan 2023 08:07:07 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 09 Jan 2023 07:17:22 GMT
age: 2985
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
roguelineagesleepingforestmap.blogspot.com/
142.250.74.161200 OK 16 kB URL HTTP/2 roguelineagesleepingforestmap.blogspot.com/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (14233)
Hash 90b293ee2a0044fae316a102b6e1d06d
923da877cf4a03fd7d64dc9c02b9121fa5e4c9d9
edca1332f6034ca801b8169e2651bccc1c48f96916b646b6109e06c714b05edd
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: roguelineagesleepingforestmap.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Mon, 09 Jan 2023 08:07:07 GMT
date: Mon, 09 Jan 2023 08:07:07 GMT
cache-control: private, max-age=0
last-modified: Sat, 07 Jan 2023 04:31:36 GMT
etag: W/"1d8a5e3a4a4b3812f96e8f21ba0e4012cd41d4a47a8d463187a3f6f5f0553a7c"
x-robots-tag: all,noodp
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 15760
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d30bb3817130265080e196a7256d42ca
e4ac9fc5713c48fc171535024b0bf324d6111d3a
9015c6479aa414ff4875d2ba16c57518c17fc66d9f6506290d2f9c418c6309f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 54ac41a005cad66e958c904071ea1d4f
66932889be57eb15ab99237a69d292b12090c68d
52545e144a7ca5c37c5369d5f5b566b4e5e820b1920ab7fe8e413e7fe022e21b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4383
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Last-Modified: Mon, 09 Jan 2023 06:54:05 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
3.bp.blogspot.com/-dH83a-EWxQI/WUwQjo12WjI/AAAAAAAAFPM/GUuzo9rqoeYJnryg9Slr3L37faXCVlD0wCK4BGAYYCw/s1600/logo_650c697d3a6002c8f63991bb43c0d6b4.png
142.250.74.65200 OK 6.7 kB URL HTTP/2 3.bp.blogspot.com/-dH83a-EWxQI/WUwQjo12WjI/AAAAAAAAFPM/GUuzo9rqoeYJnryg9Slr3L37faXCVlD0wCK4BGAYYCw/s1600/logo_650c697d3a6002c8f63991bb43c0d6b4.png
IP 142.250.74.65:0
File type PNG image data, 200 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash 8b2271ebafdb2a99c69f429d440c555b
38ab355f4cad880637c156f6afe451a9df8cba60
180547af487d795d7fd737f992fb288eb9ec53b79404955a49dd36569e96a230
GET /-dH83a-EWxQI/WUwQjo12WjI/AAAAAAAAFPM/GUuzo9rqoeYJnryg9Slr3L37faXCVlD0wCK4BGAYYCw/s1600/logo_650c697d3a6002c8f63991bb43c0d6b4.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="logo_650c697d3a6002c8f63991bb43c0d6b4.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 6658
x-xss-protection: 0
date: Mon, 09 Jan 2023 06:34:02 GMT
expires: Sat, 07 Jan 2023 05:35:14 GMT
cache-control: public, max-age=86400, no-transform
age: 5586
etag: "v14f4"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3dc0cc679fc79033439c35043162b5b2
0dd38a1df4fe27ad09b76821e2a3fa304c19cf33
ed4d52a964d7192577a40500e3d30683be0a29dcb9e01535e35dbadd5c5ba1f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3dc0cc679fc79033439c35043162b5b2
0dd38a1df4fe27ad09b76821e2a3fa304c19cf33
ed4d52a964d7192577a40500e3d30683be0a29dcb9e01535e35dbadd5c5ba1f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 80c774ec8ec97a053b5800c72e4c4f7c
dae5670b100595815fe3f8056c70cb573c4134cb
9bf995e6d1febf80edcb6652d2a6acce3bb705c724667160817a4b7bd52517e6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3dc0cc679fc79033439c35043162b5b2
0dd38a1df4fe27ad09b76821e2a3fa304c19cf33
ed4d52a964d7192577a40500e3d30683be0a29dcb9e01535e35dbadd5c5ba1f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 267f690139bbb6fa1667cb2b8aea347b
81419a3d376c1c4aa742847e029189b55741a10b
9a5fb66a4fa8249e396b5b21a613f9ea60478026a638622ae9b5ac3060afb53c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/EsBdMgz04Mk/hqdefault.jpg
142.250.74.118200 OK 40 kB URL HTTP/2 i.ytimg.com/vi/EsBdMgz04Mk/hqdefault.jpg
IP 142.250.74.118:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash ce7153d56d4d96bd483571d7e29b9c0e
1094792d8584a7a4fd4423103f6ab6a0d3e1a103
a8e3d60cd5da65b35b95f73e582ae812136b54256b3eaacf01ea3237ac19ecd0
GET /vi/EsBdMgz04Mk/hqdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 40409
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 09 Jan 2023 06:53:26 GMT
expires: Mon, 09 Jan 2023 08:53:26 GMT
cache-control: public, max-age=7200
age: 4422
etag: "1599935687"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi/AfmOCZu1uX0/hqdefault.jpg
142.250.74.118200 OK 8.2 kB URL HTTP/2 i.ytimg.com/vi/AfmOCZu1uX0/hqdefault.jpg
IP 142.250.74.118:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash ada025bb61e937b4981ed3fb6c923afc
090d45339f318b25c86314009f2a5ad579a09199
94c2fd2e5e4938884d765e58c63638ae1643ada29ab407b883ef8b605ac2bb55
GET /vi/AfmOCZu1uX0/hqdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 8176
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 09 Jan 2023 08:07:08 GMT
expires: Mon, 09 Jan 2023 10:07:08 GMT
cache-control: public, max-age=7200
etag: "0"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi/ibWfPDFpRhY/mqdefault.jpg
142.250.74.118404 Not Found 1.1 kB URL HTTP/2 i.ytimg.com/vi/ibWfPDFpRhY/mqdefault.jpg
IP 142.250.74.118:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Hash e2ddfee11ae7edcae257da47f3a78a70
6e902fa6302eb30cd204579bca6a59b37233e262
20e9aab22032d85684d7d916a1013f7c577a132a5b10ea3fd3578e8d0b28a711
GET /vi/ibWfPDFpRhY/mqdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
vary: Origin
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: image/jpeg
date: Mon, 09 Jan 2023 08:07:08 GMT
expires: Mon, 09 Jan 2023 08:07:38 GMT
cache-control: public, max-age=30
x-content-type-options: nosniff
server: sffe
content-length: 1097
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/3675762886-widgets.js
216.58.207.233200 OK 56 kB URL HTTP/2 www.blogger.com/static/v1/widgets/3675762886-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2221)
Hash 05af587c82e2eb4eb2caa22ffae2168b
b5cf524b74f41124ccad34edff003b33f58a0662
6e23f93233f37dbe5f9ad92a416df7627e553b7ffa4b92e81e3b7e5880eb125a
GET /static/v1/widgets/3675762886-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56471
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Jan 2023 16:14:34 GMT
expires: Sat, 06 Jan 2024 16:14:34 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 04 Jan 2023 15:54:00 GMT
content-type: text/javascript
age: 229954
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi/lKSV38Zw-xA/maxresdefault.jpg
142.250.74.118200 OK 126 kB URL HTTP/2 i.ytimg.com/vi/lKSV38Zw-xA/maxresdefault.jpg
IP 142.250.74.118:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size 126 kB (126326 bytes)
Hash b69ce38104b13d287b5a843a2d57dfa2
7fd8ae13136b1f68873a48b7ad19f76230c975c3
fd8fe188a12965134f559a6e565e5770eb16f87278272a5a1db47c2d3c23fce1
GET /vi/lKSV38Zw-xA/maxresdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 126326
date: Mon, 09 Jan 2023 08:07:08 GMT
expires: Mon, 09 Jan 2023 10:07:08 GMT
cache-control: public, max-age=7200
etag: "1535608033"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi/A5pkYcRTK1w/maxresdefault.jpg
142.250.74.118200 OK 115 kB URL HTTP/2 i.ytimg.com/vi/A5pkYcRTK1w/maxresdefault.jpg
IP 142.250.74.118:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size 115 kB (114861 bytes)
Hash 9da5b06c2f3a3645421e1a9a7fc188e4
d2ba64cff72c9b5753389ac8165767182773cdaa
63e15e518c7f87a2b8d13073324ba9b7b88cd371b4c1ab0c7e45c5033dbd42ad
GET /vi/A5pkYcRTK1w/maxresdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 114861
date: Mon, 09 Jan 2023 08:07:08 GMT
expires: Mon, 09 Jan 2023 10:07:08 GMT
cache-control: public, max-age=7200
etag: "1558100324"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha3ij8TkE6g1LY2m7X2ncn-x-LgtdbpqivfE082d8XajztIkJe-RaGG7eStyDVEqtBFuyyqvnCHMo5vkQV_-YWgDsgSnqAKaUOXPocWvyAqmgqfB8eYYlg=s0-d
216.58.207.225404 Not Found 1.2 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha3ij8TkE6g1LY2m7X2ncn-x-LgtdbpqivfE082d8XajztIkJe-RaGG7eStyDVEqtBFuyyqvnCHMo5vkQV_-YWgDsgSnqAKaUOXPocWvyAqmgqfB8eYYlg=s0-d
IP 216.58.207.225:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x90, components 3\012- data
Hash 9fe85dcb3fe48e26d43227a130d47e6a
918db738002dda86a37aca5f2bece573f89d8084
57eb79ec23f95554cfee51062e26a0e62c8b095b030bf7aa4068894370e1052e
GET /blogger_img_proxy/ANbyha3ij8TkE6g1LY2m7X2ncn-x-LgtdbpqivfE082d8XajztIkJe-RaGG7eStyDVEqtBFuyyqvnCHMo5vkQV_-YWgDsgSnqAKaUOXPocWvyAqmgqfB8eYYlg=s0-d HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
access-control-allow-origin: *
timing-allow-origin: *
content-type: image/jpeg
x-content-type-options: nosniff
date: Mon, 09 Jan 2023 08:07:08 GMT
server: fife
content-length: 1187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3dc0cc679fc79033439c35043162b5b2
0dd38a1df4fe27ad09b76821e2a3fa304c19cf33
ed4d52a964d7192577a40500e3d30683be0a29dcb9e01535e35dbadd5c5ba1f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/wIBjhO-N7rA/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==&rs=AOn4CLBlPwRR9QZGQcfBGEF7eZXaSq0EsQ
142.250.74.118200 OK 6.1 kB URL HTTP/2 i.ytimg.com/vi/wIBjhO-N7rA/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==&rs=AOn4CLBlPwRR9QZGQcfBGEF7eZXaSq0EsQ
IP 142.250.74.118:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 168x94, components 3\012- data
Hash 77154a3239bad22935b6d058750f3abf
a67101c593e426f9744649382e7475c3956c8bb2
03a9980a5fe9dafe7234b423de89a0cad6e63dc08e615641238087275070b946
GET /vi/wIBjhO-N7rA/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==&rs=AOn4CLBlPwRR9QZGQcfBGEF7eZXaSq0EsQ HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 6092
date: Mon, 09 Jan 2023 08:07:08 GMT
expires: Mon, 09 Jan 2023 10:07:08 GMT
cache-control: public, max-age=7200
etag: "1561829058"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi/wcH6p7vYPLI/maxresdefault.jpg
142.250.74.118200 OK 102 kB URL HTTP/2 i.ytimg.com/vi/wcH6p7vYPLI/maxresdefault.jpg
IP 142.250.74.118:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size 102 kB (102232 bytes)
Hash 4b0c8b1a908a39aff0658462bce7e4f4
ee43f3c05b722da243ea8f20b402ce37b97ffdd0
aceb0ab0fb3f4eb96a10dfb06a0f31445009214dcdf76f1a423de582b92af3f0
GET /vi/wcH6p7vYPLI/maxresdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 102232
date: Mon, 09 Jan 2023 08:07:08 GMT
expires: Mon, 09 Jan 2023 10:07:08 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 80c774ec8ec97a053b5800c72e4c4f7c
dae5670b100595815fe3f8056c70cb573c4134cb
9bf995e6d1febf80edcb6652d2a6acce3bb705c724667160817a4b7bd52517e6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 267f690139bbb6fa1667cb2b8aea347b
81419a3d376c1c4aa742847e029189b55741a10b
9a5fb66a4fa8249e396b5b21a613f9ea60478026a638622ae9b5ac3060afb53c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
devforum.roblox.com/uploads/default/original/4X/5/6/8/568bd0ab62bb99b3a2b7bdfa9c38c6d39b13c229.png
2.18.173.201404 Not Found 162 B URL HTTP/2 devforum.roblox.com/uploads/default/original/4X/5/6/8/568bd0ab62bb99b3a2b7bdfa9c38c6d39b13c229.png
IP 2.18.173.201:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 70461da8b94c6ca5d2fda3260c5a8c3b
994bc667720c21257500e29038c1a5f61e25da1e
f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee
GET /uploads/default/original/4X/5/6/8/568bd0ab62bb99b3a2b7bdfa9c38c6d39b13c229.png HTTP/1.1
Host: devforum.roblox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
content-length: 162
server: nginx
date: Mon, 09 Jan 2023 08:07:08 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c45d2bb874e7fdce3e60a1b3ddbc6a0c
6c9ac71707c612dfa716d7dc58988bf59b51079c
042ae465c3a6bfe522cb3cbd528c950179c244a04f7e8930199fb384d06a61e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5843
Cache-Control: max-age=172160
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Etag: "63bbb1d9-117"
Expires: Wed, 11 Jan 2023 07:56:28 GMT
Last-Modified: Mon, 09 Jan 2023 06:19:05 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
35.163.217.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.217.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: v/HRdIq2UoDIRxM1Z5Uj7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WX03CcPUjfT5ubKMmvRTPIh2ZGY=
images-na.ssl-images-amazon.com/images/I/61XJqv1S9xL._AC_SX679_.jpg
54.230.82.142200 OK 22 kB URL HTTP/2 images-na.ssl-images-amazon.com/images/I/61XJqv1S9xL._AC_SX679_.jpg
IP 54.230.82.142:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 679x679, components 3\012- data
Hash 3e008dbc0ae8cf4f7e109093fd9d7da1
19aa842e9662cf1c294e429c5cd200e698c3b33f
a0173749c34d0fb822790345f4325f9f20927a7da596ed7ba5a6b4d1a0715718
GET /images/I/61XJqv1S9xL._AC_SX679_.jpg HTTP/1.1
Host: images-na.ssl-images-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 22516
server: Server
date: Mon, 09 Jan 2023 08:07:08 GMT
x-amz-ir-id: af57e5ab-3a99-480b-ac4d-e9bdca7e16d8
expires: Sun, 04 Jan 2043 08:07:08 GMT
cache-control: max-age=630720000,public
surrogate-key: x-cache-014 /images/I/61XJqv1S9xL
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
edge-cache-tag: x-cache-014,/images/I/61XJqv1S9xL
access-control-allow-origin: *
last-modified: Mon, 17 Oct 2016 21:59:51 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: U8vzMxglHGS7WvQQPmruvqyoHnbLeB-lfQjw190UsK0M2xz3ATsoRg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 351d91e449c1bf6b91a9221e5fdb8112
46cf5ea7b5cd8fabe8d76f6f01089c16f52d2100
42372abc587c7209afaaf2667903f60f794a83cd5aa3b1a4fa576cd2fbc8c065
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "42372ABC587C7209AFAAF2667903F60F794A83CD5AA3B1A4FA576CD2FBC8C065"
Last-Modified: Sun, 08 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5303
Expires: Mon, 09 Jan 2023 09:35:31 GMT
Date: Mon, 09 Jan 2023 08:07:08 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 351d91e449c1bf6b91a9221e5fdb8112
46cf5ea7b5cd8fabe8d76f6f01089c16f52d2100
42372abc587c7209afaaf2667903f60f794a83cd5aa3b1a4fa576cd2fbc8c065
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "42372ABC587C7209AFAAF2667903F60F794A83CD5AA3B1A4FA576CD2FBC8C065"
Last-Modified: Sun, 08 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5303
Expires: Mon, 09 Jan 2023 09:35:31 GMT
Date: Mon, 09 Jan 2023 08:07:08 GMT
Connection: keep-alive
bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
172.67.154.29200 OK 5.5 kB URL HTTP/2 bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
IP 172.67.154.29:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash a996bfa3a871dc06459e9e5b4f9ca729
9377d7514c08a12e43bc23e11ffb92ced0303c68
bc56f0804756c072b7775fd5b05f0bf5a202e8d57f8d0daac6887479a989e425
Analyzer Verdict Alert fortinet Phishing
GET /index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0 HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:08 GMT
content-type: text/html
last-modified: Mon, 27 Jun 2022 12:44:26 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F13x0atA7cTa6tol6sJWHbksu62lxsHLpW1QEav4lry%2BfbYm0o533XwVROeWU9YSG0AoMmg7oDaP1HKVG6QMPa5hgSKSwBNWYiY%2BhAUW8pQ7Bm9PSWF3%2BeRnXA8kJrVtOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 786bad76cfbdb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js
151.101.193.229200 OK 2.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/js-base64@3.7.2/base64.min.js
IP 151.101.193.229:0
File type ASCII text, with very long lines (4802)
Hash 18914b05d782cca37716837edf14fa8a
c563d127cf718dd86389fdd007b4c51b6bb58dc3
4bded663a5f9ccaa1eb7c1692c1c7df756a7d0e037d19466979fb90c56fbefdf
GET /npm/js-base64@3.7.2/base64.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.7.2
x-jsd-version-type: version
etag: W/"1405-lMmxLE0z8/TnsipvbhQg5ckAA8Q"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 09 Jan 2023 08:07:08 GMT
age: 5292353
x-served-by: cache-fra-eddf8230097-FRA, cache-bma1680-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2068
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 3.6 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash 0ff837801249bc0ffa3f3495004e5562
8aeb60fa1e74b3904c24086b8f7b4a0f67c32675
1be4a3e432d8ba26291d680aa0c789b2238cef9f74c3ebcc44a888b9b566c8cf
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 09 Jan 2023 08:07:08 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "7E97D827F23AE3F758F745A3EBCDE77D93BED707"
Expires: Mon, 09 Jan 2023 19:00:00 GMT
Last-Modified: Mon, 09 Jan 2023 07:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1892
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 786bad7859bcb4f1-OSL
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash e0ab4f7d3ed3540e7e14d17c701c54d6
9990f48876e99f6c1014cb36d8b293c3d2450720
ef436b06ea587654322853c8523360b8ffa18d0cff4e98e7c9d5df0c3edad85d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5031
Cache-Control: max-age=158749
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Etag: "63bb80a2-118"
Expires: Wed, 11 Jan 2023 04:12:57 GMT
Last-Modified: Mon, 09 Jan 2023 02:49:06 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 6845714035871de50607bf6185f94f64
c8b0da305ef4c6a587307d87224ce7ae19ac31dc
75d805e1f96447b58ac3f8226c16c4b13d4e664e1e508be26e9968510145017a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
188.114.98.234200 OK 73 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP 188.114.98.234:0
Hash 3a834decac30f999829071d0e1b5bc75
8bdfbe71a171af1c06dfc80202c9cd643e27a462
022730f997e44b66b9ef1dc4df3978974900fc9a87549c68245b4388f7934cb8
GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:09 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/15/2022 13:52:58
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 2592a65eb99a2e0b1589fa2d13a6191c
cdn-cache: HIT
cf-cache-status: HIT
age: 1551035
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 786bad794fefb515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 6845714035871de50607bf6185f94f64
c8b0da305ef4c6a587307d87224ce7ae19ac31dc
75d805e1f96447b58ac3f8226c16c4b13d4e664e1e508be26e9968510145017a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 6845714035871de50607bf6185f94f64
c8b0da305ef4c6a587307d87224ce7ae19ac31dc
75d805e1f96447b58ac3f8226c16c4b13d4e664e1e508be26e9968510145017a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf
IP 142.250.74.35:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open Sans LightRegular1.10;1ASC;OpenSans-LightVersion 1.10OpenSans-Lighthttp://www.apache.org/li\012- data
Hash a69c5fa643b7208c4922909701e399ac
0560e8f641340a70d9c36b3d4106e42ac395f829
0a8b75177ccda56113a7a1bb9214c38276257846f9323226f74831f74ffc721f
GET /s/opensans/v14/DXI1ORHCpsQm3Vp6mXoaTYnF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18391
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 07 Jan 2023 18:09:08 GMT
expires: Sun, 07 Jan 2024 18:09:08 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Jun 2017 16:45:42 GMT
content-type: font/ttf
age: 136681
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v14/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf
142.250.74.35200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v14/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf
IP 142.250.74.35:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansRegular1.10;1ASC;OpenSans-RegularOpen Sans RegularVersion 1.10OpenSans-Regularhttp://ww\012- data
Hash 8c20320e2a77d984348f9e9aa7296b9d
0939a63b6a9982ab64f044dfc3a21dac2bca0499
0be48b762bdf588db02112492dfadcb3a098fad3ac5aa2ccc80568b799462c52
GET /s/opensans/v14/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17789
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 07 Jan 2023 18:09:08 GMT
expires: Sun, 07 Jan 2024 18:09:08 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Jun 2017 16:46:31 GMT
content-type: font/ttf
age: 136681
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
142.250.74.35200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf
IP 142.250.74.35:0
File type TrueType Font data, 17 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, Open SansBold1.10;1ASC;OpenSans-BoldOpen Sans BoldVersion 1.10OpenSans-Boldhttp://www.apache.org\012- data
Hash 5498784000b038638befe230ea392271
efef80115bdabd927501563197827a7ae837a19f
5848ca5f4af491c37907f2e4cb0e240166572edc90615a96d4702f2dce34800b
GET /s/opensans/v14/k3k702ZOKiLJc3WVjuplzInF5uFdDttMLvmWuJdhhgs.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bux.wellter.de
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 07 Jan 2023 18:09:08 GMT
expires: Sun, 07 Jan 2024 18:09:08 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Jun 2017 16:46:24 GMT
content-type: font/ttf
age: 136681
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 30 kB IP 93.184.220.29:0
Hash d0ccea84dc3999faac560469d8b7aaa6
0c7d66525f14dba3e3ee00c822d27e81f37b3ad6
64f9f9e3b2deada3fe6f7dc4d93a9e82f3301d075c1accadac4ace127cb057bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5032
Cache-Control: max-age=158749
Content-Type: application/ocsp-response
Date: Mon, 09 Jan 2023 08:07:09 GMT
Etag: "63bb80a2-118"
Expires: Wed, 11 Jan 2023 04:12:58 GMT
Last-Modified: Mon, 09 Jan 2023 02:49:06 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
bux.wellter.de/images/bootstrap.min.css
172.67.154.29200 OK 21 kB URL HTTP/2 bux.wellter.de/images/bootstrap.min.css
IP 172.67.154.29:0
File type ASCII text, with very long lines (65371)
Hash a92e586a708d3576a86231b817468d42
bef5ce95563904600e8b2e63563c04c249d0be4b
03206358d50dd6be0b7689d28e444d6f310dba2bc7be4886b198f32e9e3ded5a
GET /images/bootstrap.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:08 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-1d990"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4c%2BISU2q5aQZ2HpAZLlizJt0IsCWmiKD%2FgP5MWitmhXfC3vkpP9K0FV1TV4dfy%2FB3xVSUA%2FReYk0JliYumwjxm8YsIn07dgnDDP76ACvZGwVfPylX5TUZ6tEHJ8w2uwWHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 786bad77b912b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2f5d8bdd7ae7c2d96fcd15cacbd8058f
73c85676fd650b342783d4c41e19dda6bb0270cf
9efef74a5589e28b36fa6cf8835c8b4e7ca42b8173c0e0c84f70948995ddc557
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9EFEF74A5589E28B36FA6CF8835C8B4E7CA42B8173C0E0C84F70948995DDC557"
Last-Modified: Sat, 07 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8720
Expires: Mon, 09 Jan 2023 10:32:29 GMT
Date: Mon, 09 Jan 2023 08:07:09 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:05:56 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 969509130
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ab3dba7adf91752d308ad3e92fb5cc6a
5e13bfaa9143b3db7576566d0db5d0cbed3c6b73
fba490271153050b3c1d46668ac9abf95e84b312e1e1e3905f43f407514001ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBA490271153050B3C1D46668AC9ABF95E84B312E1E1E3905F43F407514001EF"
Last-Modified: Mon, 09 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16823
Expires: Mon, 09 Jan 2023 12:47:32 GMT
Date: Mon, 09 Jan 2023 08:07:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ab3dba7adf91752d308ad3e92fb5cc6a
5e13bfaa9143b3db7576566d0db5d0cbed3c6b73
fba490271153050b3c1d46668ac9abf95e84b312e1e1e3905f43f407514001ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBA490271153050B3C1D46668AC9ABF95E84B312E1E1E3905F43F407514001EF"
Last-Modified: Mon, 09 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16823
Expires: Mon, 09 Jan 2023 12:47:32 GMT
Date: Mon, 09 Jan 2023 08:07:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ab3dba7adf91752d308ad3e92fb5cc6a
5e13bfaa9143b3db7576566d0db5d0cbed3c6b73
fba490271153050b3c1d46668ac9abf95e84b312e1e1e3905f43f407514001ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBA490271153050B3C1D46668AC9ABF95E84B312E1E1E3905F43F407514001EF"
Last-Modified: Mon, 09 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16823
Expires: Mon, 09 Jan 2023 12:47:32 GMT
Date: Mon, 09 Jan 2023 08:07:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ab3dba7adf91752d308ad3e92fb5cc6a
5e13bfaa9143b3db7576566d0db5d0cbed3c6b73
fba490271153050b3c1d46668ac9abf95e84b312e1e1e3905f43f407514001ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBA490271153050B3C1D46668AC9ABF95E84B312E1E1E3905F43F407514001EF"
Last-Modified: Mon, 09 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16823
Expires: Mon, 09 Jan 2023 12:47:32 GMT
Date: Mon, 09 Jan 2023 08:07:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ab3dba7adf91752d308ad3e92fb5cc6a
5e13bfaa9143b3db7576566d0db5d0cbed3c6b73
fba490271153050b3c1d46668ac9abf95e84b312e1e1e3905f43f407514001ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FBA490271153050B3C1D46668AC9ABF95E84B312E1E1E3905F43F407514001EF"
Last-Modified: Mon, 09 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16823
Expires: Mon, 09 Jan 2023 12:47:32 GMT
Date: Mon, 09 Jan 2023 08:07:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71367d17-5f39-4d68-acc2-9e84cc70b6ee.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71367d17-5f39-4d68-acc2-9e84cc70b6ee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 958d699fe0e01f8f1e6002637f87ab63
9feb324f4c37992e68e04762494841d532b3da2b
a20dce10643f6cb9aed206ca177c54538076e61568528e5fdc2744d8cc25846a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71367d17-5f39-4d68-acc2-9e84cc70b6ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10157
x-amzn-requestid: cc023618-8a3b-452e-84cc-04c8b5f48a3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eWhZ8Es5IAMFYtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8e2a5-6d9f330a4b3df85c661c1bd6;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 03:10:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: yaahmIYHAzMWPmbF_6RRTXc-boEiyV4AgS6BLMUTxVhSOos78xvtYQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 f3ac324bf05099849ebda59e8136db0e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 03:38:39 GMT
age: 16110
etag: "9feb324f4c37992e68e04762494841d532b3da2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash afcc8f4875f4b74ca0640829b689731e
584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df
3e487396389c4330abc99bc99053eecc6aaf56f7afa398d70c30e1f4709577a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd91e555-c9f3-4166-92be-27db2e1919b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13626
x-amzn-requestid: 4769eaeb-0c78-4054-ad47-eefdd6ab2d03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eWHMZErbIAMF6sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8b8b5-4c7bacfe060899044e361f70;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 00:11:33 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: H3uGFYbyPSwFZQCvn99EtVQw1Xz9DBbTgrK2FmfoKYBcZXkj60CbuQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 abbf2df97f9d83839470842dc2e68cb6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 13:24:11 GMT
age: 67378
etag: "584d0e11665ae89f9a294baf1e9bb4f0e4e9a4df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c35b6f8-ae25-4552-b3cc-44e57542d5ec.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c35b6f8-ae25-4552-b3cc-44e57542d5ec.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210f951bd43cd838048f3568adb84c8c
db87b6eeaad681f1232c104dd4d0a902a921ed6d
b0d21c80c6c53ba04c8b216f6428a0e8b8eff4ca16f44c31782857d4a2749c39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c35b6f8-ae25-4552-b3cc-44e57542d5ec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9407
x-amzn-requestid: 08f125d6-46ed-4a83-98bc-94f688def00c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eP6aMG3loAMFU5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b63dda-06f1fa975f43a24564b86524;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 03:02:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k0I4uqn27E14rCjKRum0DI7tFL0wolIQzcIKK5WVdsqhcds4uIF0ig==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 07:01:34 GMT
age: 3935
etag: "db87b6eeaad681f1232c104dd4d0a902a921ed6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f66a423-2d06-442e-9b60-52f1638487d5.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f66a423-2d06-442e-9b60-52f1638487d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0defc5fd929d3ca7df12b102b551453
f44e4ac4a10991e12994e3b5d6f3cc1b1658967a
f551a1c156ec30405668d66bff9e1359805b773457602e44748be80cbb1f8a23
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f66a423-2d06-442e-9b60-52f1638487d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4687
x-amzn-requestid: 18bf71d4-030e-4a08-ae18-48fe037e6e0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eWhZ7GzXIAMFnFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b8e2a5-710f414a2d1b239f6d59d73a;Sampled=0
x-amzn-remapped-date: Sat, 07 Jan 2023 03:10:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wkKw4Bgb_vxuY641mGDczUNQUfGXiozbOtpFwfK6aThfJj_q5T_IDg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 09 Jan 2023 03:49:53 GMT
age: 15436
etag: "f44e4ac4a10991e12994e3b5d6f3cc1b1658967a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca7956cf-b613-4307-88cb-8cc1a3fda11c.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca7956cf-b613-4307-88cb-8cc1a3fda11c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa9ed964b2f5f08ec571b525992f1566
9de0dfe9d1018726f1504b26964629f419700a49
d75747ac8726cbbe7583c48c2522cecc0c3ed6a0fa3694513c694876847b5944
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca7956cf-b613-4307-88cb-8cc1a3fda11c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9594
x-amzn-requestid: 7844d69e-b683-47ed-8ad8-a26f67916de1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eJ4BbFjnIAMFhSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b3d3a2-6da6fede0b33969b774aab38;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 07:05:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1h_UiB89mG6qQdHyosgLG4MYT3KBOyDxLsBCuKuK7smmTWAiEsncxw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 08:43:20 GMT
age: 84229
etag: "9de0dfe9d1018726f1504b26964629f419700a49"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37629fba-d878-4757-bbb5-ec6764ae2a28.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37629fba-d878-4757-bbb5-ec6764ae2a28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97daf64b02d7b3d266c7cd921d0684f7
74fa41865d65ef95126bcb1072bbf578bda031b0
bcaaf9e89d8af2bbddd4c000cd2facfadebce0cffb119b7583823190c5cb009e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37629fba-d878-4757-bbb5-ec6764ae2a28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10768
x-amzn-requestid: 321c3466-ab77-4fff-a022-436634c89dad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ecWFvEXAoAMFltg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bb36f1-55e48ac47077b4a270456423;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 21:34:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C6psC2HUUWMvrUWxBnkvQFrNS2Qg_dCys7fnUFl2AI3qRkbFUxRuyw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 21:40:33 GMT
age: 37596
etag: "74fa41865d65ef95126bcb1072bbf578bda031b0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1673251616359&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0roblox-abx.js=raeksooka|template=Fastink.xml|raeksooka=roguelineagesleepingforestmap.blogspot.com|roguelineagesleepingforestmap.blogspot.com=direct|ref=direct|tags=roblox-abx.js&@ohttps%3A%2F%2Froguelineagesleepingforestmap.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-28005845&@b3:1673251616&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0&@w
54.39.128.117200 OK 51 B URL HTTP/1.1 s4.histats.com/stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1673251616359&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0roblox-abx.js=raeksooka|template=Fastink.xml|raeksooka=roguelineagesleepingforestmap.blogspot.com|roguelineagesleepingforestmap.blogspot.com=direct|ref=direct|tags=roblox-abx.js&@ohttps%3A%2F%2Froguelineagesleepingforestmap.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-28005845&@b3:1673251616&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0&@w
IP 54.39.128.117:0
File type ASCII text, with no line terminators
Hash b8415a3261696a6677342f2bf581120c
a94161f46cbf6a4cb8548e8963e88fefcbf187e3
e692af21619457e117db085d7b3222fc522f6b7ee8136ae13a1af5d73b8ec475
GET /stats/0.php?4275781&@f16&@g1&@h1&@i1&@j1673251616359&@k0&@l1&@mRoblox%20Robux%20Generator%202022&@n0roblox-abx.js=raeksooka|template=Fastink.xml|raeksooka=roguelineagesleepingforestmap.blogspot.com|roguelineagesleepingforestmap.blogspot.com=direct|ref=direct|tags=roblox-abx.js&@ohttps%3A%2F%2Froguelineagesleepingforestmap.blogspot.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-28005845&@b3:1673251616&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbux.wellter.de%2Findex.html%3Ftrack%3DWyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 09 Jan 2023 08:07:09 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 51
Connection: close
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7478553b-0929-4671-8115-a5fd59ca43a1.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7478553b-0929-4671-8115-a5fd59ca43a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 921da729b03484c8525882e0689f13f9
1de15df26541c49b829c5bc1c8e59eb1be7051c1
b3cfbac9089c6a086cc78dca0c0eeb74d7a2ea8b781e6e78de1f327fef67fd53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7478553b-0929-4671-8115-a5fd59ca43a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13257
x-amzn-requestid: f73bd9e9-5576-4430-800c-b6137894046d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eaAirEFXoAMFzdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba47aa-04958f082a507ed607216cb3;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 04:33:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: v3x6P8QkYxGA43tAesN-p01OpifPEPkNTGiVLfV7_2BQA5Dh8bGx9A==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 08 Jan 2023 21:41:03 GMT
age: 37573
etag: "1de15df26541c49b829c5bc1c8e59eb1be7051c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bux.wellter.de/images/animate.css
172.67.154.29200 OK 0 B URL HTTP/2 bux.wellter.de/images/animate.css
IP 172.67.154.29:0
GET /images/animate.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:08 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=68796
etag: W/"5d9ca488-10cbc"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RkxY3cqkCAkkURlEJd55EHMUd6%2FC39iHhcPugOJ7DsCnyYZRtv6uGZKu%2Ftqu7k2p5JXZFZhYg2cq0f%2BRhGkPT2h4hsOPJYnIskelgf8eoOaydI31QIL7uPZg8Fb5YufJmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 786bad77b914b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/magnific-popup.css
172.67.154.29200 OK 0 B URL HTTP/2 bux.wellter.de/images/magnific-popup.css
IP 172.67.154.29:0
GET /images/magnific-popup.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:08 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7946
etag: W/"5d9ca488-1f0a"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDu6RQq1cgW1j5D7z%2B9PkOgP6MU6Fp5C7DCK7%2FGec9cbA5zhoVY978nPcU002suYeiTr2KubdQtVCDGjUWYZbJDphqIrzT%2FtG40SgUiftw%2Fbw9rmengUFHHQw8nw9j2F5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 786bad77c91ab4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
172.67.154.29200 OK 0 B URL HTTP/2 bux.wellter.de/images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700
IP 172.67.154.29:0
GET /images/css8a7c8a7c8a7c.css?family=Open+Sans:300,400,700 HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:08 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=773
etag: W/"5d9ca488-305"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OTIvL8s2U1XVaujoxikheJhzYESBcSgwQhYtDGYYGrBbf2gGCpCk%2F1ZkdQ8a0EAHM6lvFKiHJNfimuUiHwg2ReBC0YeIp4tqTBZ3Yzw1oxJCduNP6FjteD2Fm9a%2FZcwFlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 786bad77b906b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/sweetalert2.min.css
172.67.154.29200 OK 0 B URL HTTP/2 bux.wellter.de/images/sweetalert2.min.css
IP 172.67.154.29:0
GET /images/sweetalert2.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:08 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-36a4"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eovmATESwicN7GHOz0gyhAikMXRxEh0ALjFzEvT1GmNvXxkY%2FVv%2BQDL1WOVjLyddBNrPUGcalajSrH2xTN8UbOL2b1F5I5liZCJfq5YDvjjch%2Bm074Sx%2BOTr5IIGiL7vVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 786bad77b915b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/fancyselect.css
172.67.154.29200 OK 0 B URL HTTP/2 bux.wellter.de/images/fancyselect.css
IP 172.67.154.29:0
GET /images/fancyselect.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:08 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4253
etag: W/"5d9ca488-109d"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BLa1TtaxAdZDOIHyTMceLgIkMY088ots%2B58567f1t%2F88s0yBuChWDDvx%2F5NRJcQ0%2BS0CdHgQYKmmsnGoxR4OnnLvq4%2BcNAC3uiKJR6n3Hb7qdTzMRSw9%2FFFD5WiV9Ap%2FFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 786bad77c91fb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/style.css
172.67.154.29200 OK 0 B URL HTTP/2 bux.wellter.de/images/style.css
IP 172.67.154.29:0
GET /images/style.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:08 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=50839
etag: W/"5d9ca488-c697"
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64OGGRjrtyEmXsjRNXBGcOvAnZO%2BZ9q1k2wgAAWVv1BAJBG7guOrb%2BKR%2BDblOucxXdo8bEb95kv9rnb55Wu4B8icfxQGjluptlJtCUePB9MwwNrUcs7Hnk8kgkY%2F0MlKsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 786bad77c921b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bux.wellter.de/images/font-awesome.min.css
172.67.154.29200 OK 0 B URL HTTP/2 bux.wellter.de/images/font-awesome.min.css
IP 172.67.154.29:0
GET /images/font-awesome.min.css HTTP/1.1
Host: bux.wellter.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bux.wellter.de/index.html?track=WyJyb2Jsb3gtYWJ4LmpzIiwicmFla3Nvb2thIiwidGVtcGxhdGUiLCJGYXN0aW5rLnhtbCIsInJhZWtzb29rYSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsInJvZ3VlbGluZWFnZXNsZWVwaW5nZm9yZXN0bWFwLmJsb2dzcG90LmNvbSIsImRpcmVjdCIsInJlZiIsImRpcmVjdCIsInRhZ3MiLCJyb2Jsb3gtYWJ4LmpzIl0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 09 Jan 2023 08:07:08 GMT
content-type: text/css
last-modified: Tue, 08 Oct 2019 15:00:24 GMT
etag: W/"5d9ca488-6c3d"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mVnmN8aVd10aSJd5nRdvCoq21fUokrjoiwpdmXzachixBixi7JoC6hGPe0rLyYRVaZRGlA1kXnG1WwmzU3MIuKAcOztG3ZA%2FBGpuvtUfR3gkXM5aeOih3sKU37Bx2JEung%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 786bad77b90fb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mtevor.com/cluster-v2/roblox-abx.js
172.96.187.226200 OK 0 B URL HTTP/2 mtevor.com/cluster-v2/roblox-abx.js
IP 172.96.187.226:0
GET /cluster-v2/roblox-abx.js HTTP/1.1
Host: mtevor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://roguelineagesleepingforestmap.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: PHP/5.6.40
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
content-encoding: br
vary: Accept-Encoding
date: Mon, 09 Jan 2023 08:07:08 GMT
server: LiteSpeed
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2