rellsafan.blogspot.dk/2013/05/spongebob-red-mist-compleate.html
142.250.74.161302 Moved Temporarily 206 B URL HTTP/1.1 rellsafan.blogspot.dk/2013/05/spongebob-red-mist-compleate.html
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash d89f98054ce658e8cd0bbadbf1cd7fbd
c83c7ded09b5dc6b416ffb6a39bb9af393a8196d
e526be4379dde143b1661fdda7f03b93e4fcc82a18bbbdc6f262d3c55c8b5609
GET /2013/05/spongebob-red-mist-compleate.html HTTP/1.1
Host: rellsafan.blogspot.dk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 08:08:05 GMT
Expires: Thu, 08 Dec 2022 08:08:05 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 206
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2164
Expires: Thu, 08 Dec 2022 08:44:10 GMT
Date: Thu, 08 Dec 2022 08:08:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10375
Expires: Thu, 08 Dec 2022 11:01:01 GMT
Date: Thu, 08 Dec 2022 08:08:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 07:08:10 GMT
content-type: application/json
age: 3596
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7895
Expires: Thu, 08 Dec 2022 10:19:41 GMT
Date: Thu, 08 Dec 2022 08:08:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zYo8Mg5c+2sduKzg+T2sdIJ9pqjLee9oJ+qbS6NwKPU4P6hcsUNoRGSU+R6gVrvS8Zfbgru9gYc=
x-amz-request-id: A9AZKM9VCEEXQYHR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 07:49:42 GMT
age: 1104
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 08:08:06 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 08:07:58 GMT
age: 8
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5166
Cache-Control: max-age=95090
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:06 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:32:56 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
142.250.74.161200 OK 43 kB URL HTTP/1.1 rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11231)
Hash 8fb3c2b431bc89ffd61be72bfd2c6a22
58f4e0a24f4896d0ce2509186dddb93c82d298a5
fcbb0b1fa1c429a90aa9fb95483493618c97c8ee236e3ff5e9f1594d1838ab44
GET /2013/05/spongebob-red-mist-compleate.html HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Thu, 08 Dec 2022 08:08:06 GMT
Date: Thu, 08 Dec 2022 08:08:06 GMT
Cache-Control: private, max-age=0
Last-Modified: Tue, 08 Nov 2022 03:19:31 GMT
ETag: W/"13a0adab9dd1a903bf9ff0aa9b94a33d91fcb7608bedfc77dca457027d7e9a97"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 42570
Server: GSE
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9195bbbda1f359d428a58be1900c7c96
7425c8d592b7b1563b5a7cc52ce8eef61ead0449
3bebaece5df45cb9b224e915055e865a06bf233c99267369cb60db15caa2c8c0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6559
Cache-Control: max-age=137537
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:06 GMT
Etag: "6390f808-118"
Expires: Fri, 09 Dec 2022 22:20:23 GMT
Last-Modified: Wed, 07 Dec 2022 20:31:04 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 88340a984105f6537a74a5198a569c8a
eca386f9fafa3be5aae2696dca30406bace829b4
2da3703b37eb2327164cbbe9f8e267e8daa93328692fb381c62e095bab37275c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4b1c4d797d1d2fef94993a69a7cb423a
d4d0f3b2eccd29dddef0f1ec51309de97c6c05a4
d2f98268392005d93b5bce9c019c360400b09ac369fc8e8cbc1edba7ed6d929d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/js/platform.js
142.250.74.78200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (1279)
Hash 7ac44ef24e267df17ff72f195b252806
62db12d9ce11a576ccd7fa3544d851c5fd42f3b7
aae7897e7b55999c1b3166309381d19ac488dced51e14071339d8b193a686a61
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Thu, 08 Dec 2022 08:08:06 GMT
expires: Thu, 08 Dec 2022 08:08:06 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4b1c4d797d1d2fef94993a69a7cb423a
d4d0f3b2eccd29dddef0f1ec51309de97c6c05a4
d2f98268392005d93b5bce9c019c360400b09ac369fc8e8cbc1edba7ed6d929d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/3222695235-widgets.js
216.58.207.233200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/3222695235-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2221)
Hash 9f2f688aec73940034a0266a2a6266da
af9875c8064027204827b311250191c87e55366e
a78a0cfbae13cfc525657e31c2033d5c0281c5fbec2cf3e493ff75a7e097a02a
GET /static/v1/widgets/3222695235-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56718
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 02:14:06 GMT
expires: Thu, 07 Dec 2023 02:14:06 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 07 Dec 2022 00:52:16 GMT
content-type: text/javascript
age: 107640
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
216.58.207.227200 OK 11 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 11016, version 1.0\012- data
Hash 15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
GET /s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://rellsafan.blogspot.com
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11016
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 15:42:49 GMT
expires: Wed, 06 Dec 2023 15:42:49 GMT
cache-control: public, max-age=31536000
age: 145518
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4b1c4d797d1d2fef94993a69a7cb423a
d4d0f3b2eccd29dddef0f1ec51309de97c6c05a4
d2f98268392005d93b5bce9c019c360400b09ac369fc8e8cbc1edba7ed6d929d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rellsafan.blogspot.com/feeds/posts/default/-/Buku?alt=json-in-script&callback=related_results_labels&max-results=5
142.250.74.161200 OK 4.0 kB URL HTTP/1.1 rellsafan.blogspot.com/feeds/posts/default/-/Buku?alt=json-in-script&callback=related_results_labels&max-results=5
IP 142.250.74.161:0
File type Unicode text, UTF-8 text, with very long lines (15342)
Hash b5294dc65fefa808770fb5868e3e9bef
8681c4b3fb66673067c0d458cece5361edde137c
3da0db389737e93a42f0a7bc6c3a13a777d5520f013b98701caeac60a243a06a
GET /feeds/posts/default/-/Buku?alt=json-in-script&callback=related_results_labels&max-results=5 HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
Server: Blogger Render Server 1.0
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Encoding: gzip
Content-Length: 3982
X-Frame-Options: SAMEORIGIN
Date: Thu, 08 Dec 2022 08:08:07 GMT
Expires: Sun, 04 Dec 2022 23:24:55 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
Last-Modified: Tue, 08 Nov 2022 03:19:31 GMT
ETag: W/"aef190eea3911cf70d8b806cdcff1349a263c72ad615c2c4f87d221de0eef754"
Content-Type: text/javascript; charset=UTF-8
Age: 0
www.creativefabrica.com/wp-content/uploads/2018/01/freebie-banners4-neon-04.png
172.67.20.130200 OK 9.4 kB URL HTTP/2 www.creativefabrica.com/wp-content/uploads/2018/01/freebie-banners4-neon-04.png
IP 172.67.20.130:0
File type PNG image data, 300 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0d92beee5a55bb3d0bdd9e092e5925af
0468f853aa6dbc4741c4943012e06c1c5150e5c2
5c504c2fc52023f7bd038619eeac92316ae56a5d230b861abcc851ab81caf587
GET /wp-content/uploads/2018/01/freebie-banners4-neon-04.png HTTP/1.1
Host: www.creativefabrica.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:07 GMT
content-type: image/png
content-length: 9364
cf-bgj: imgq:100,h2pri
cf-polished: origSize=22835
etag: "5933-5639b551d4390"
last-modified: Thu, 25 Jan 2018 15:21:22 GMT
cache-control: max-age=16070400
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402e36c9f1c16-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.216.192.228101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.192.228:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4i9wZ0WnZhjeqoeeYIawcA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bDpy/cOSnbUsFrRIwJSRPR53iT4=
rellsafan.blogspot.com/js/cookienotice.js
142.250.74.161200 OK 2.0 kB URL HTTP/1.1 rellsafan.blogspot.com/js/cookienotice.js
IP 142.250.74.161:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
Date: Thu, 08 Dec 2022 08:08:07 GMT
Expires: Thu, 15 Dec 2022 08:08:07 GMT
Cache-Control: public, max-age=604800
Last-Modified: Thu, 08 Dec 2022 05:55:54 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
3.bp.blogspot.com/-y_SplN5nRUo/ThRsui1KpcI/AAAAAAAAC44/r___MTFs7QM/s1600/555px-RedMistTitle.png
142.250.74.161200 OK 387 kB URL HTTP/1.1 3.bp.blogspot.com/-y_SplN5nRUo/ThRsui1KpcI/AAAAAAAAC44/r___MTFs7QM/s1600/555px-RedMistTitle.png
IP 142.250.74.161:0
File type PNG image data, 555 x 420, 8-bit/color RGB, non-interlaced\012- data
Size 387 kB (387049 bytes)
Hash 2452f548e8ed85062b996293a69895c3
9d143204c66a8aed362b9fd11bd42c43a81174ae
c59f5a1ad576b8490d7ee8c16b8ef8b5a2fd6dcb09371d972f7dabf822b657fe
GET /-y_SplN5nRUo/ThRsui1KpcI/AAAAAAAAC44/r___MTFs7QM/s1600/555px-RedMistTitle.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "vb8e"
Expires: Fri, 09 Dec 2022 08:08:07 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="555px-RedMistTitle.png"
Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Thu, 08 Dec 2022 08:08:07 GMT
Server: fife
Content-Length: 387049
X-XSS-Protection: 0
pl16755500.effectivegatetocontent.com/90/86/4c/90864c62ef21460f04f5706b43519352.js
34.160.73.230200 OK 2.6 kB URL HTTP/1.1 pl16755500.effectivegatetocontent.com/90/86/4c/90864c62ef21460f04f5706b43519352.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
Analyzer Verdict Alert quad9 Sinkholed
GET /90/86/4c/90864c62ef21460f04f5706b43519352.js HTTP/1.1
Host: pl16755500.effectivegatetocontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:35 GMT
ETag: "638fbf07-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_Q+w0uYuamJPL+uY1BJfsP3i8FbEMay2IoKJOGxY+ytd8MeJemr8asUsHN3+Ku+pjUhPh4R7D2hIlOV5FjtDc/g
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
pl16755600.effectivegatetocontent.com/0e247b08df0ac66b734889c8d0551184/invoke.js
34.160.73.230200 OK 2.6 kB URL HTTP/1.1 pl16755600.effectivegatetocontent.com/0e247b08df0ac66b734889c8d0551184/invoke.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
Analyzer Verdict Alert quad9 Sinkholed
GET /0e247b08df0ac66b734889c8d0551184/invoke.js HTTP/1.1
Host: pl16755600.effectivegatetocontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:36 GMT
ETag: "638fbf08-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_KnuZheANV2fnThBwUsZae+XBP5bGgtgHnH8yBIRUVkeAWI5IzmgsOAvlcq6LJyzqOKrN70DcbnBlQRPndQ0peQ
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
www.youtube.com/embed/ldnWyy-nnOU
142.250.74.46301 Moved Permanently 0 B URL HTTP/1.1 www.youtube.com/embed/ldnWyy-nnOU
IP 142.250.74.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /embed/ldnWyy-nnOU HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 08 Dec 2022 08:08:07 GMT
Location: https://www.youtube.com/embed/ldnWyy-nnOU
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rellsafan.blogspot.com/feeds/posts/summary/-/Buku?alt=json-in-script&callback=bacaJuga&max-results=5
142.250.74.161200 OK 4.0 kB URL HTTP/1.1 rellsafan.blogspot.com/feeds/posts/summary/-/Buku?alt=json-in-script&callback=bacaJuga&max-results=5
IP 142.250.74.161:0
File type Unicode text, UTF-8 text, with very long lines (15328)
Hash 866f29b37e42dc24efb6171d79e4d3a2
f959b3acb590a7e8d9fe2efc49a31bf6bd086a0c
efb1cb41d5719d6f3f971ccd121ee6a02ae8591508b8da33bd336870ee26500a
GET /feeds/posts/summary/-/Buku?alt=json-in-script&callback=bacaJuga&max-results=5 HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"d8becf70d5dcd73a3ae7c5db1590a5056df8c8b116649ca058c56a184c71684f"
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/javascript; charset=UTF-8
Server: blogger-renderd
Expires: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Tue, 08 Nov 2022 03:19:31 GMT
Content-Encoding: gzip
Content-Length: 3981
X-Frame-Options: SAMEORIGIN
rellsafan.blogspot.com/feeds/posts/summary/-/Movie?alt=json-in-script&callback=bacaJuga&max-results=5
142.250.74.161200 OK 3.7 kB URL HTTP/1.1 rellsafan.blogspot.com/feeds/posts/summary/-/Movie?alt=json-in-script&callback=bacaJuga&max-results=5
IP 142.250.74.161:0
File type Unicode text, UTF-8 text, with very long lines (15051)
Hash dcae270a209d62bafdf3bb690ba98c46
b5999be71c3498d8f43aa606db14647d656798ce
ee868cf6eafbfd15b87cc4920192acbca88553d0542872bb5f844dcbcb3920d7
GET /feeds/posts/summary/-/Movie?alt=json-in-script&callback=bacaJuga&max-results=5 HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"71c6be5731622c8c30cd0e305830b7f5fe289a4d02bb23fe096bc44c6c0c23bb"
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/javascript; charset=UTF-8
Server: blogger-renderd
Expires: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Tue, 08 Nov 2022 03:19:31 GMT
Content-Encoding: gzip
Content-Length: 3706
X-Frame-Options: SAMEORIGIN
rellsafan.blogspot.com/feeds/posts/default/-/Movie?alt=json-in-script&callback=related_results_labels&max-results=5
142.250.74.161200 OK 3.7 kB URL HTTP/1.1 rellsafan.blogspot.com/feeds/posts/default/-/Movie?alt=json-in-script&callback=related_results_labels&max-results=5
IP 142.250.74.161:0
File type Unicode text, UTF-8 text, with very long lines (15065)
Hash 1940a303fa4edf045a4c005abfcb156f
09565a12a066ade79f991129620fd76ce8abb7fe
603d67eadfbe8795ce1cfc324a39ace258e51483a214736211bbe0d7d8720c6c
GET /feeds/posts/default/-/Movie?alt=json-in-script&callback=related_results_labels&max-results=5 HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"40717166282fb82bacf6a3c3c9894233e033d4ae569d391c993126412fd17d8f"
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/javascript; charset=UTF-8
Server: blogger-renderd
Expires: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Tue, 08 Nov 2022 03:19:31 GMT
Content-Encoding: gzip
Content-Length: 3708
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pl16755600.effectivegatetocontent.com/0e247b08df0ac66b734889c8d0551184/invoke.js
34.160.73.230200 OK 2.6 kB URL HTTP/1.1 pl16755600.effectivegatetocontent.com/0e247b08df0ac66b734889c8d0551184/invoke.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
Analyzer Verdict Alert quad9 Sinkholed
GET /0e247b08df0ac66b734889c8d0551184/invoke.js HTTP/1.1
Host: pl16755600.effectivegatetocontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:21 GMT
ETag: "638fbef9-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_KnuZheANV2fnThBwUsZae+XBP5bGgtgHnH8yBIRUVkeAWI5IzmgsOAvlcq6LJyzqOKrN70DcbnBlQRPndQ0peQ
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:48:03 GMT
expires: Fri, 01 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 555604
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 16:40:43 GMT
expires: Fri, 01 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 574044
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rellsafan.blogspot.com/feeds/posts/default/-/Trik?alt=json-in-script&callback=related_results_labels&max-results=5
142.250.74.161200 OK 4.1 kB URL HTTP/1.1 rellsafan.blogspot.com/feeds/posts/default/-/Trik?alt=json-in-script&callback=related_results_labels&max-results=5
IP 142.250.74.161:0
File type ASCII text, with very long lines (15984)
Hash 1cdc3903f7eb08d58dc54c78d5c9393a
cf1fe4117c981f0fc9c6eb26aac01d0a6f5a8998
70baeb6e45363a12f5e6bfed33811136be277cfdf7fd94b042dc0a4b9596422c
GET /feeds/posts/default/-/Trik?alt=json-in-script&callback=related_results_labels&max-results=5 HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"7721df9ab301970a973f831c01b4893d0b963c5b3e48604992b1e4482ffb9efd"
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/javascript; charset=UTF-8
Server: blogger-renderd
Expires: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Tue, 08 Nov 2022 03:19:31 GMT
Content-Encoding: gzip
Content-Length: 4136
X-Frame-Options: SAMEORIGIN
rellsafan.blogspot.com/feeds/posts/summary/-/Trik?alt=json-in-script&callback=bacaJuga&max-results=5
142.250.74.161200 OK 4.1 kB URL HTTP/1.1 rellsafan.blogspot.com/feeds/posts/summary/-/Trik?alt=json-in-script&callback=bacaJuga&max-results=5
IP 142.250.74.161:0
File type ASCII text, with very long lines (15970)
Hash f374426557ca293487a5af9279adfac1
c889f3945476dc342887a1166512d9e6433d6acf
ba71a3e4541dcc0f99f852ea82a80ca2e73bf35ac212152e6076d1513702eaeb
GET /feeds/posts/summary/-/Trik?alt=json-in-script&callback=bacaJuga&max-results=5 HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"7eb7d848ff99789d66970cf558ddb8af1ccbb77d495530df47192e4f349e8f38"
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/javascript; charset=UTF-8
Server: blogger-renderd
Expires: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Tue, 08 Nov 2022 03:19:31 GMT
Content-Encoding: gzip
Content-Length: 4136
X-Frame-Options: SAMEORIGIN
www.blogger.com/dyn-css/authorization.css?targetBlogID=356822766918699990&zx=a1a6868c-f818-4116-9232-3575fd9f7728
216.58.207.233200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=356822766918699990&zx=a1a6868c-f818-4116-9232-3575fd9f7728
IP 216.58.207.233:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=356822766918699990&zx=a1a6868c-f818-4116-9232-3575fd9f7728 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 08 Dec 2022 08:08:07 GMT
last-modified: Thu, 08 Dec 2022 08:08:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rellsafan.blogspot.com/feeds/posts/summary/-/Trik?alt=json-in-script&orderby=updated&max-results=0&callback=msRandomIndex
142.250.74.161200 OK 2.2 kB URL HTTP/1.1 rellsafan.blogspot.com/feeds/posts/summary/-/Trik?alt=json-in-script&orderby=updated&max-results=0&callback=msRandomIndex
IP 142.250.74.161:0
File type ASCII text, with very long lines (6167)
Hash 62cfc91b76f5cbc9e093ba7f1cfc9bc3
3724ab88aff47aa628d1efb854e19046badd33f9
cfc807f5f10f61f7158ff3de645d67de9671cff3701a2e6cbb53bfb387ef1978
GET /feeds/posts/summary/-/Trik?alt=json-in-script&orderby=updated&max-results=0&callback=msRandomIndex HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"73ac6bd1b619d5b37889cce0990cb0cd698a310b07b8b467d7ce7b81d64460ed"
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/javascript; charset=UTF-8
Server: blogger-renderd
Expires: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Tue, 08 Nov 2022 03:19:31 GMT
Content-Encoding: gzip
Content-Length: 2160
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 42bdfac4b74435a3d8add640fc703403
e1a183562d91f7cec147112026b6d9d904533ed1
4366d9c119721babbd7188548e8885917a1c011f1cf828dceef088140e8fe8c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.134200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.134:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 08:06:04 GMT
expires: Thu, 08 Dec 2022 08:21:04 GMT
cache-control: public, max-age=900
age: 123
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/id
142.250.74.66302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Thu, 08 Dec 2022 08:08:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 42bdfac4b74435a3d8add640fc703403
e1a183562d91f7cec147112026b6d9d904533ed1
4366d9c119721babbd7188548e8885917a1c011f1cf828dceef088140e8fe8c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.effectiveperformanceformat.com/f2740f8300aa3091803ddfa6c4ea7c46/invoke.js
192.243.59.12200 OK 9.8 kB URL HTTP/1.1 www.effectiveperformanceformat.com/f2740f8300aa3091803ddfa6c4ea7c46/invoke.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26945), with no line terminators
Hash 962f53ecb2bedd7e7148e44f3d44ceac
af1b7c6509b3d1f8f59aa214497f4ce27d937f7b
d9cc1472bde372a308a4079bf9fb681d9d87ac9aebcc7cc63eefb639ff989ca4
GET /f2740f8300aa3091803ddfa6c4ea7c46/invoke.js HTTP/1.1
Host: www.effectiveperformanceformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 70f7c72d5c13892588782d57c39a7841
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pl16755512.effectivegatetocontent.com/4b/74/f4/4b74f4abd935b8b26c17d1427959bbf2.js
34.160.73.230200 OK 756 B URL HTTP/1.1 pl16755512.effectivegatetocontent.com/4b/74/f4/4b74f4abd935b8b26c17d1427959bbf2.js
IP 34.160.73.230:0
Hash 4b11a43578f5ebdaa8b6022222221ca2
cc6be4ddc11eeff5f8687b4e635ec39cbf3de3f4
4a5e051d609ab96f294e6507a0cc8a2ec83de9e8767de59dc26e7cb8f370fb0b
Analyzer Verdict Alert quad9 Sinkholed
GET /4b/74/f4/4b74f4abd935b8b26c17d1427959bbf2.js HTTP/1.1
Host: pl16755512.effectivegatetocontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 08 Dec 2022 08:08:07 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:36 GMT
ETag: "638fbf08-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_dxi5MWXw+Ehfp9wDk1OdpohyekXaGnAGbHM+g2gKbZOrLgUR4XmvsslY+eRMhEgsoPPvTrGuFnztdD9udBLvng
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.211.10200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.211.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 08 Dec 2022 08:08:08 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.211.10200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.211.10:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash d1e859eb750e62c679b1923a8ba78c13
8c90da8d510bfc157e5ae304b3c5c83535285c07
ce12928a848d6f0af19ea58fb536cf9cc29733ce550d69a84d2c8d7977db222f
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 08 Dec 2022 08:08:08 GMT
server: ESF
cache-control: private
content-length: 30727
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Thu, 08 Dec 2022 08:45:01 GMT
Date: Thu, 08 Dec 2022 08:08:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2213
Expires: Thu, 08 Dec 2022 08:45:01 GMT
Date: Thu, 08 Dec 2022 08:08:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bdf4703f3372054a7aadce1cb0e11bd0
84d060f66accd412503d52c385ee47cb35795c07
c5853b653ee328e567e2456be12450e04c1704ed64fb6234f008532e4b6c8363
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9367069b-64ab-4e4d-b8c9-fa115e0681a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3744
x-amzn-requestid: 73eab74b-e50c-46d1-adde-3ef85fb772f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlj7FDiIAMFmsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb618-70ffb1925e3a9ef6081d1cd1;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: F-LcglSz1NX1Q2t84r1dv0vQzONyYMhlGB6TdS6CeKf9I8Krk1mDUg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:05:24 GMT
age: 36164
etag: "84d060f66accd412503d52c385ee47cb35795c07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:33:19 GMT
age: 30889
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce35df4fe4f77c950e40dc44b311bab4
aadf97d040e3577599581e892ee20f88d191bf91
f9c4cfc384213f77c0bbb252f3d6fbc22be60e1ecc158eece857d5050c8ced3c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d27bcd3-7b4f-4d99-8f0d-b7b98bfaa8d7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5620
x-amzn-requestid: fadda084-c7fc-4ec0-bad0-27e97b8349d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gHGIMIAMFy_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-5dc824963fe82ab927205128;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ITQgs0jVosYx5zvT7j4YLqGZ1HEmsNgartV3g8uaNuJHs4VqVs50OQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:47:24 GMT
age: 37244
etag: "aadf97d040e3577599581e892ee20f88d191bf91"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:24:13 GMT
age: 35035
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d44d17585c9a536c8da0e75ed90d175
9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1
6d14a5b5c43b39244434560a83a2bfea6604a4d072943b6147293b7adfd1b7b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10164
x-amzn-requestid: a0cb7259-0a07-44f5-91cd-e96b8d9c9cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnAPOGSnoAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c472e-799b6ee425e29fb70ff7e4ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Q2LRCrEYVZz_KldQARUQ26O1mv0G7rMAPQXGkBzUnERF-WjtZPMJA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 10:23:11 GMT
age: 78297
etag: "9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fbdf939d23b987fd36a86b7a1258b10d
2cad45ad8e56699db3457501cf1e488fe85d479a
285a8a3d3ec439f493ca5d586477c3e3ed3b9e5d7a0133da73c426b69e112cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10861
x-amzn-requestid: ad568a35-9eba-4c6d-a09d-97e518fbf503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gIFN4oAMFqrw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-434ca8281e48538e69e72e05;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4MrxT27cyrFqR70ofprhh4FbJAfVpKb787jT3TsH0l7BxQOf2tWh6g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:51:32 GMT
age: 36996
etag: "2cad45ad8e56699db3457501cf1e488fe85d479a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rellsafan.blogspot.com/feeds/posts/default/-/Trik?alt=json-in-script&orderby=updated&start-index=745&max-results=5&callback=msRelatedPosts
142.250.74.161200 OK 3.5 kB URL HTTP/1.1 rellsafan.blogspot.com/feeds/posts/default/-/Trik?alt=json-in-script&orderby=updated&start-index=745&max-results=5&callback=msRelatedPosts
IP 142.250.74.161:0
File type Unicode text, UTF-8 text, with very long lines (13714)
Hash e49af90a4f9a1a6c3fa32b023dd72a34
b4a3fe542ecdf71dcf022ff51ffb606ba22249a1
44a5d4599c3c12dbcab45b5454e4f500adc5668ae2998914fee6cd40eff51ef2
GET /feeds/posts/default/-/Trik?alt=json-in-script&orderby=updated&start-index=745&max-results=5&callback=msRelatedPosts HTTP/1.1
Host: rellsafan.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"52e4b022b662851f6b74eb560bcf8cf3bc5364a8b54ab88339c863fb3c6ab678"
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: text/javascript; charset=UTF-8
Server: blogger-renderd
Expires: Thu, 08 Dec 2022 08:08:09 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Tue, 08 Nov 2022 03:19:31 GMT
Content-Encoding: gzip
Content-Length: 3500
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 2b30426b2ebadaeefe42e0df47296748
921c1e9f523c4ce527d56b6115c9ed68d5916757
abce6391e73f193d1338618d44d1e83403aeca6b58a280f08a6a6fa5baf6223a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=109705
Date: Thu, 08 Dec 2022 08:08:08 GMT
Etag: "63909596-1d7"
Expires: Fri, 09 Dec 2022 14:36:33 GMT
Last-Modified: Wed, 07 Dec 2022 13:31:02 GMT
Server: ECS (bsa/EB1D)
X-Cache: Miss from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: L1rJE8BRZsQSi2TPeoY8d--qKiSJtngihiO1I7erFht70iAB-kBQSg==
Age: 3931
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 4e5a36e4312f3647453139101b819e7a
3b8a3f0494aeaff57e5219b9e827857d6a67829c
07739aec2dfe5c048bf945226cb092a327dd23779b79e441e3962149ec00c68a
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://rellsafan.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1; expires=Sun, 05 Dec 2032 08:08:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.211.10200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.211.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 08 Dec 2022 08:08:08 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.variousformatscontent.com/51b37f55ad7e632be703a139a01fe9b5/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 www.variousformatscontent.com/51b37f55ad7e632be703a139a01fe9b5/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26945), with no line terminators
Hash 962f53ecb2bedd7e7148e44f3d44ceac
af1b7c6509b3d1f8f59aa214497f4ce27d937f7b
d9cc1472bde372a308a4079bf9fb681d9d87ac9aebcc7cc63eefb639ff989ca4
Analyzer Verdict Alert quad9 Sinkholed
GET /51b37f55ad7e632be703a139a01fe9b5/invoke.js HTTP/1.1
Host: www.variousformatscontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 03b347b36ead59f958c893a5f876430b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.211.10200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.211.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7e65bf50bbe4dc49dfd785ad48d3addc
1c9ae540c8395b58e668c7109c6a9656215b121d
7eaf76a4b1a8b7987a4b6fd96b3cb4901fa68dd7fc1578e107dcb3d8790d672a
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1096
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 08 Dec 2022 08:08:08 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 4e5a36e4312f3647453139101b819e7a
3b8a3f0494aeaff57e5219b9e827857d6a67829c
07739aec2dfe5c048bf945226cb092a327dd23779b79e441e3962149ec00c68a
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Cookie: uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://rellsafan.blogspot.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
www.variousformatscontent.com/51b37f55ad7e632be703a139a01fe9b5/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 www.variousformatscontent.com/51b37f55ad7e632be703a139a01fe9b5/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26953), with no line terminators
Hash 8506572ea98b7deed775fd14c13efeb5
acd8fbdf314ae088b2ee2d3c3df17cd4cbf030b8
d9f01a13a0b973503780de63b0d0600f9e9b687303b401d9ad0380e015894a29
Analyzer Verdict Alert quad9 Sinkholed
GET /51b37f55ad7e632be703a139a01fe9b5/invoke.js HTTP/1.1
Host: www.variousformatscontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d07f76b21a7eec8e45ea273e5dba778d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.variousformatscontent.com/43cbf010638e77d3b031a0285ad431d5/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 www.variousformatscontent.com/43cbf010638e77d3b031a0285ad431d5/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26945), with no line terminators
Hash 607306a13081f65da9f1c6a44578a9d5
87e38ab9978eb0e67a7b1e419f3c1233ccfd4efb
28a2e5b37362e78937ec99e306a10a46f7c4de31980354544fd20c308bf6eab7
Analyzer Verdict Alert quad9 Sinkholed
GET /43cbf010638e77d3b031a0285ad431d5/invoke.js HTTP/1.1
Host: www.variousformatscontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9e0cef371f5eb3a006d501f37dd77c7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d5e216f9fd911f546d09cf76fe247fbf
fce7dfa3b1b8ec9824dec01e54fb3afe579672f7
51272465eb7e3e9847c922389183ca0b25115df9473585c9386f8dab34181903
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51272465EB7E3E9847C922389183CA0B25115DF9473585C9386F8DAB34181903"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10764
Expires: Thu, 08 Dec 2022 11:07:32 GMT
Date: Thu, 08 Dec 2022 08:08:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9570729113e8d124f5be35fe2625c014
e85a6e4e6ae169975653d767be5423353fb1edf5
1ad4af0a15673fd0acd02535f25dc9e91012db08ef518adcc38f1a8a2ba7a352
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1AD4AF0A15673FD0ACD02535F25DC9E91012DB08EF518ADCC38F1A8A2BA7A352"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10713
Expires: Thu, 08 Dec 2022 11:06:41 GMT
Date: Thu, 08 Dec 2022 08:08:08 GMT
Connection: keep-alive
pl16755600.effectivegatetocontent.com/0e247b08df0ac66b734889c8d0551184/invoke.js
34.160.73.230200 OK 2.6 kB URL HTTP/1.1 pl16755600.effectivegatetocontent.com/0e247b08df0ac66b734889c8d0551184/invoke.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
Analyzer Verdict Alert quad9 Sinkholed
GET /0e247b08df0ac66b734889c8d0551184/invoke.js HTTP/1.1
Host: pl16755600.effectivegatetocontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:21 GMT
ETag: "638fbef9-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_KnuZheANV2fnThBwUsZae+XBP5bGgtgHnH8yBIRUVkeAWI5IzmgsOAvlcq6LJyzqOKrN70DcbnBlQRPndQ0peQ
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
www.variousformatscontent.com/51b37f55ad7e632be703a139a01fe9b5/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 www.variousformatscontent.com/51b37f55ad7e632be703a139a01fe9b5/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26965), with no line terminators
Hash 05adb2d263af45d6a3e275c682d769dc
0a361be38b75f094737074e32ac9c55ce63ace6d
367856f6fa69b2b4fffe3be1338b14f253808ad65cbf9f1ae5ecae4359867692
Analyzer Verdict Alert quad9 Sinkholed
GET /51b37f55ad7e632be703a139a01fe9b5/invoke.js HTTP/1.1
Host: www.variousformatscontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 54ca70c518a4429e634f26fcdb659712
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
142.250.74.162200 OK 67 B URL HTTP/1.1 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 142.250.74.162:0
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Thu, 08 Dec 2022 06:56:43 GMT
Expires: Thu, 22 Dec 2022 06:56:43 GMT
Cache-Control: public, max-age=1209600
ETag: 13036835877489095579
Content-Type: text/javascript; charset=UTF-8
Age: 4285
stealcalmgenus.com/watch.1138031143960.js?key=f2740f8300aa3091803ddfa6c4ea7c46&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 stealcalmgenus.com/watch.1138031143960.js?key=f2740f8300aa3091803ddfa6c4ea7c46&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1138031143960.js?key=f2740f8300aa3091803ddfa6c4ea7c46&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1 HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com
Access-Control-Allow-Origin: http://rellsafan.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://stealcalmgenus.com/watch.1138031143960.js?key=f2740f8300aa3091803ddfa6c4ea7c46&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=9362fd99ec78be70a9f4a7cc4218579353d5859606aff07c9c5b39d153a285afe7a1ab42bb7d854caf2e976b2c4b0ae038102c38b50525f50237a02c2e97e13d8db30370e9c5b5460196190061419ca99bab26d31533d2a6f6d8db0ff7f919&pst=1670486948&rmtc=t
Set-Cookie: u_pl=15771582; expires=Fri, 09 Dec 2022 08:08:08 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTc3MTU4MiwiayI6ImYyNzQwZjgzMDBhYTMwOTE4MDNkZGZhNmM0ZWE3YzQ2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzk5MDcxLCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjI4LCJhaWQiOjUsInB0Ijo0LCJwayI6Im1rdzFkMGQwZSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vcmVsbHNhZmFuLmJsb2dzcG90LmNvbS8yMDEzLzA1L3Nwb25nZWJvYi1yZWQtbWlzdC1jb21wbGVhdGUuaHRtbCJ9fQ.CJl9JsAxYNreTVvTkwKi3YyJ1k49g2KYqEmmYwUucHo; expires=Thu, 08 Dec 2022 08:09:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1f985585887b21be30afacb8a9711dab
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1496738e9976f6e1aa6331259a76ce2f
cad7443b0add1bd585c549f19174d95d07f2ce7a
265cc30ef60f28d1b4aa8150db1bb84258e784f3573ad0d3f2af2108e10a1979
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "265CC30EF60F28D1B4AA8150DB1BB84258E784F3573AD0D3F2AF2108E10A1979"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17833
Expires: Thu, 08 Dec 2022 13:05:21 GMT
Date: Thu, 08 Dec 2022 08:08:08 GMT
Connection: keep-alive
stealcalmgenus.com/watch.1217192516451.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 stealcalmgenus.com/watch.1217192516451.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1217192516451.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1 HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com
Access-Control-Allow-Origin: http://rellsafan.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://stealcalmgenus.com/watch.1217192516451.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=ab4054e6b3fb9c55033132edbd6c4ce3680bd5f7e11863ee43ce806ff9e7a16122ddb6119ae55875ed32ab7b1ca37b76a9e63475fefe840f364e71a32464903e4265525f4fbeb76960d75a7d870a0dd684d0011076f822bbd2599bd8cb4566&pst=1670486948&rmtc=t
Set-Cookie: u_pl=16655075; expires=Fri, 09 Dec 2022 08:08:08 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLzIwMTMvMDUvc3BvbmdlYm9iLXJlZC1taXN0LWNvbXBsZWF0ZS5odG1sIn19.QcAAy5LMVijx8SUnpzmrIo_TuZcTWXACGDDbm5nZsoc; expires=Thu, 08 Dec 2022 08:09:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bfd3a4ceb68410a23f90341268fe122c
Strict-Transport-Security: max-age=0; includeSubdomains
swelltomatoesguess.com/watch.577929197371.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
173.233.137.52307 Temporary Redirect 0 B URL HTTP/1.1 swelltomatoesguess.com/watch.577929197371.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.577929197371.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1 HTTP/1.1
Host: swelltomatoesguess.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com
Access-Control-Allow-Origin: http://rellsafan.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://swelltomatoesguess.com/watch.577929197371.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=f174b0f96d57d478cdad38c904cf89f27bbfdaa9a3cc10b9847eef18767eb2a67e98a446b3bb4801b548adbbe05c52cae1a97ded6e62251cec0721d10b06aae14439e266e2151270c22469944b6cf9cd2bf5a8bfc99e62155f471d7524ca&pst=1670486948&rmtc=t
Set-Cookie: u_pl=16655075; expires=Fri, 09 Dec 2022 08:08:08 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLzIwMTMvMDUvc3BvbmdlYm9iLXJlZC1taXN0LWNvbXBsZWF0ZS5odG1sIn19.QcAAy5LMVijx8SUnpzmrIo_TuZcTWXACGDDbm5nZsoc; expires=Thu, 08 Dec 2022 08:09:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f45296bb62799a83b8e8da4d2fd36c04
Strict-Transport-Security: max-age=0; includeSubdomains
pl16755512.effectivegatetocontent.com/4b/74/f4/4b74f4abd935b8b26c17d1427959bbf2.js
34.160.73.230200 OK 2.6 kB URL HTTP/1.1 pl16755512.effectivegatetocontent.com/4b/74/f4/4b74f4abd935b8b26c17d1427959bbf2.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
Analyzer Verdict Alert quad9 Sinkholed
GET /4b/74/f4/4b74f4abd935b8b26c17d1427959bbf2.js HTTP/1.1
Host: pl16755512.effectivegatetocontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 08 Dec 2022 08:08:08 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:21 GMT
ETag: "638fbef9-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_dxi5MWXw+Ehfp9wDk1OdpohyekXaGnAGbHM+g2gKbZOrLgUR4XmvsslY+eRMhEgsoPPvTrGuFnztdD9udBLvng
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8cd3be089cb19b3f640ea8cda3cc2af2
48f4c70d9a6f49b9f3671b811dd2fe37d8576c38
d95f3b2bf54014fbd6e4d5dc0df799c8ca655f63dd44a2b8f40e2205152b541b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D95F3B2BF54014FBD6E4D5DC0DF799C8CA655F63DD44A2B8F40E2205152B541B"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10553
Expires: Thu, 08 Dec 2022 11:04:02 GMT
Date: Thu, 08 Dec 2022 08:08:09 GMT
Connection: keep-alive
stealcalmgenus.com/watch.1138031143960.js?key=f2740f8300aa3091803ddfa6c4ea7c46&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=9362fd99ec78be70a9f4a7cc4218579353d5859606aff07c9c5b39d153a285afe7a1ab42bb7d854caf2e976b2c4b0ae038102c38b50525f50237a02c2e97e13d8db30370e9c5b5460196190061419ca99bab26d31533d2a6f6d8db0ff7f919&pst=1670486948&rmtc=t
173.233.137.44200 OK 2.1 kB URL HTTP/1.1 stealcalmgenus.com/watch.1138031143960.js?key=f2740f8300aa3091803ddfa6c4ea7c46&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=9362fd99ec78be70a9f4a7cc4218579353d5859606aff07c9c5b39d153a285afe7a1ab42bb7d854caf2e976b2c4b0ae038102c38b50525f50237a02c2e97e13d8db30370e9c5b5460196190061419ca99bab26d31533d2a6f6d8db0ff7f919&pst=1670486948&rmtc=t
IP 173.233.137.44:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2670)
Hash 6844df1b7d12bf90fc6144136e836a60
60eb59d74dfaf2702af2b4fbb0bb5094171750f4
b0dbd3de86fad40327632a7d072023bdc38b253efd251edb3e7a0d7ec2c5a93c
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1138031143960.js?key=f2740f8300aa3091803ddfa6c4ea7c46&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=9362fd99ec78be70a9f4a7cc4218579353d5859606aff07c9c5b39d153a285afe7a1ab42bb7d854caf2e976b2c4b0ae038102c38b50525f50237a02c2e97e13d8db30370e9c5b5460196190061419ca99bab26d31533d2a6f6d8db0ff7f919&pst=1670486948&rmtc=t HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Referer: http://rellsafan.blogspot.com/
Connection: keep-alive
Cookie: u_pl=15771582; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNTc3MTU4MiwiayI6ImYyNzQwZjgzMDBhYTMwOTE4MDNkZGZhNmM0ZWE3YzQ2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxMzk5MDcxLCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjI4LCJhaWQiOjUsInB0Ijo0LCJwayI6Im1rdzFkMGQwZSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vcmVsbHNhZmFuLmJsb2dzcG90LmNvbS8yMDEzLzA1L3Nwb25nZWJvYi1yZWQtbWlzdC1jb21wbGVhdGUuaHRtbCJ9fQ.CJl9JsAxYNreTVvTkwKi3YyJ1k49g2KYqEmmYwUucHo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com
Access-Control-Allow-Origin: http://rellsafan.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1; expires=Thu, 15 Dec 2022 08:08:08 GMT; secure; SameSite=None
iprcd6920e07c211d2c283f70836946cd8dc=3569806; expires=Thu, 08 Dec 2022 12:08:08 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 09 Dec 2022 08:08:08 GMT; secure; SameSite=None
uncs=1; expires=Fri, 09 Dec 2022 08:08:08 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 09 Dec 2022 08:08:08 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 09 Dec 2022 08:08:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b5378185734c6e604a9becea6d2cdabb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
stealcalmgenus.com/watch.1217192516451.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=ab4054e6b3fb9c55033132edbd6c4ce3680bd5f7e11863ee43ce806ff9e7a16122ddb6119ae55875ed32ab7b1ca37b76a9e63475fefe840f364e71a32464903e4265525f4fbeb76960d75a7d870a0dd684d0011076f822bbd2599bd8cb4566&pst=1670486948&rmtc=t
173.233.137.44200 OK 2.1 kB URL HTTP/1.1 stealcalmgenus.com/watch.1217192516451.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=ab4054e6b3fb9c55033132edbd6c4ce3680bd5f7e11863ee43ce806ff9e7a16122ddb6119ae55875ed32ab7b1ca37b76a9e63475fefe840f364e71a32464903e4265525f4fbeb76960d75a7d870a0dd684d0011076f822bbd2599bd8cb4566&pst=1670486948&rmtc=t
IP 173.233.137.44:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2648)
Hash 1d603007753893f706561d6f39e1a852
523e256eaa81894c1da41abc0fdc96c66764c60e
23bfb020bf3d6c2e9fb2ce53b473b6dfcc236028681e9f111899634a4a62688a
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1217192516451.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=ab4054e6b3fb9c55033132edbd6c4ce3680bd5f7e11863ee43ce806ff9e7a16122ddb6119ae55875ed32ab7b1ca37b76a9e63475fefe840f364e71a32464903e4265525f4fbeb76960d75a7d870a0dd684d0011076f822bbd2599bd8cb4566&pst=1670486948&rmtc=t HTTP/1.1
Host: stealcalmgenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Referer: http://rellsafan.blogspot.com/
Connection: keep-alive
Cookie: u_pl=16655075; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLzIwMTMvMDUvc3BvbmdlYm9iLXJlZC1taXN0LWNvbXBsZWF0ZS5odG1sIn19.QcAAy5LMVijx8SUnpzmrIo_TuZcTWXACGDDbm5nZsoc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com
Access-Control-Allow-Origin: http://rellsafan.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1; expires=Thu, 15 Dec 2022 08:08:08 GMT; secure; SameSite=None
iprc7d2713465ed463b8ee57f0caaa2a3b71=3569806; expires=Thu, 08 Dec 2022 12:08:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
uncs=1; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a7026b19eb9296709caf5dfa9c406ec7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
populationrind.com/watch.582972450529.js?key=43cbf010638e77d3b031a0285ad431d5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
173.233.139.164307 Temporary Redirect 0 B URL HTTP/1.1 populationrind.com/watch.582972450529.js?key=43cbf010638e77d3b031a0285ad431d5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.582972450529.js?key=43cbf010638e77d3b031a0285ad431d5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1 HTTP/1.1
Host: populationrind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com
Access-Control-Allow-Origin: http://rellsafan.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://populationrind.com/watch.582972450529.js?key=43cbf010638e77d3b031a0285ad431d5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=808fda53f8cdd81eb67a7f0b1bccc1cfc4b7fb6eb0698e4b3570355aa5e8b79c814c5fe1a43ae78463e6f0cff6c359fea5b850043510df0c6f19fe2bc29866aaa89d37ca43469d123fa24a5cb6f0eff7c6f7063557395b637a128e23940a4135&pst=1670486949&rmtc=t
Set-Cookie: u_pl=16655086; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA4NiwiayI6IjQzY2JmMDEwNjM4ZTc3ZDNiMDMxYTAyODVhZDQzMWQ1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJzNmNjeTdjdHhzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLzIwMTMvMDUvc3BvbmdlYm9iLXJlZC1taXN0LWNvbXBsZWF0ZS5odG1sIn19.j-TfaXUuDmyl-5wf-s_yxFuXi5dQ8lQmwIytwemAtbc; expires=Thu, 08 Dec 2022 08:09:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bc30d339650535c8a8e5e5c280d79360
Strict-Transport-Security: max-age=0; includeSubdomains
populationrind.com/watch.582972450529.js?key=43cbf010638e77d3b031a0285ad431d5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=808fda53f8cdd81eb67a7f0b1bccc1cfc4b7fb6eb0698e4b3570355aa5e8b79c814c5fe1a43ae78463e6f0cff6c359fea5b850043510df0c6f19fe2bc29866aaa89d37ca43469d123fa24a5cb6f0eff7c6f7063557395b637a128e23940a4135&pst=1670486949&rmtc=t
173.233.139.164200 OK 641 B URL HTTP/1.1 populationrind.com/watch.582972450529.js?key=43cbf010638e77d3b031a0285ad431d5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=808fda53f8cdd81eb67a7f0b1bccc1cfc4b7fb6eb0698e4b3570355aa5e8b79c814c5fe1a43ae78463e6f0cff6c359fea5b850043510df0c6f19fe2bc29866aaa89d37ca43469d123fa24a5cb6f0eff7c6f7063557395b637a128e23940a4135&pst=1670486949&rmtc=t
IP 173.233.139.164:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (601)
Hash 66cba89908f32fc478032b2c041ac785
69619b4dad688c06c4ae7d669d0f8e94426b2931
e475cc6626f3d18135a55fcf1283242941da9d153b2aa8b806c06cd9819ee1b3
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.582972450529.js?key=43cbf010638e77d3b031a0285ad431d5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=808fda53f8cdd81eb67a7f0b1bccc1cfc4b7fb6eb0698e4b3570355aa5e8b79c814c5fe1a43ae78463e6f0cff6c359fea5b850043510df0c6f19fe2bc29866aaa89d37ca43469d123fa24a5cb6f0eff7c6f7063557395b637a128e23940a4135&pst=1670486949&rmtc=t HTTP/1.1
Host: populationrind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Referer: http://rellsafan.blogspot.com/
Connection: keep-alive
Cookie: u_pl=16655086; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA4NiwiayI6IjQzY2JmMDEwNjM4ZTc3ZDNiMDMxYTAyODVhZDQzMWQ1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJzNmNjeTdjdHhzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLzIwMTMvMDUvc3BvbmdlYm9iLXJlZC1taXN0LWNvbXBsZWF0ZS5odG1sIn19.j-TfaXUuDmyl-5wf-s_yxFuXi5dQ8lQmwIytwemAtbc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com
Access-Control-Allow-Origin: http://rellsafan.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1; expires=Thu, 15 Dec 2022 08:08:09 GMT; secure; SameSite=None
iprc58ec1b9fea3547d7852bbabb9ca035fa=2717343; expires=Fri, 09 Dec 2022 10:08:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
uncs=1; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
pdhtkv23=true; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
uncs23=1; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a30b0bc0c087579baef7c799472954c5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fairfaxgeorgianayourself.com/watch.442688589344.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 fairfaxgeorgianayourself.com/watch.442688589344.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.442688589344.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rellsafan.blogspot.com
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com
Access-Control-Allow-Origin: http://rellsafan.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://fairfaxgeorgianayourself.com/watch.442688589344.js?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&shu=1997c88f86d93603da61da928bac3516e5400edb4a769cf27556028addf10954ffc5c934ff0dadc6d668e66d8ee4f9e64cc977e195552a2dc8fa73f50243e67be2e033c8369cef16c1f80d0f0b5d11bf46050dcfc53f638f7fa68d0e7ae4f53133&pst=1670486949&rmtc=t
Set-Cookie: u_pl=16655075; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLzIwMTMvMDUvc3BvbmdlYm9iLXJlZC1taXN0LWNvbXBsZWF0ZS5odG1sIn19.QcAAy5LMVijx8SUnpzmrIo_TuZcTWXACGDDbm5nZsoc; expires=Thu, 08 Dec 2022 08:09:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4c63a8a6cf6b0ad518f94ef82774d4f5
Strict-Transport-Security: max-age=0; includeSubdomains
fairfaxgeorgianayourself.com/watch.442688589344?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
173.233.137.36200 OK 1.2 kB URL HTTP/1.1 fairfaxgeorgianayourself.com/watch.442688589344?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (538)
Hash f67271153b18bd0ed50cc4c5ecf18388
624376cd503cbf80c68b6d81f91da73ce67b4b17
915d610db94118ed0ffb3ea42eaaae6ec608af1409825f5f2e3790b800057e5b
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.442688589344?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Cookie: u_pl=16655075; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLzIwMTMvMDUvc3BvbmdlYm9iLXJlZC1taXN0LWNvbXBsZWF0ZS5odG1sIn19.QcAAy5LMVijx8SUnpzmrIo_TuZcTWXACGDDbm5nZsoc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmVsbHNhZmFuLmJsb2dzcG90LmNvbS8yMDEzLzA1L3Nwb25nZWJvYi1yZWQtbWlzdC1jb21wbGVhdGUuaHRtbCJ9fQ.Pb0OjuJSUi0HYNXr7ZANwNFWxifxXSzeVFiTkQByokI; expires=Thu, 08 Dec 2022 08:09:09 GMT; secure; SameSite=None
uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1; expires=Thu, 15 Dec 2022 08:08:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a6e28826fe25f30039f4df1998418a63
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fairfaxgeorgianayourself.com/watch.442688589344?shu=5357df69489d80de3f87efeb35cc18f993e728b36ff56a81121f8b326f62702eb228e718df91f5037f34cffb87157e97c0092d821e21c0b93fbda3659438e38015fbb9bec1f6f0d076bbb5f345cff3c96c403fddd62c5ba1e52e70df96fcb84d51&pst=1670486949&rmtc=t&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&pii=&in=false&key=51b37f55ad7e632be703a139a01fe9b5&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&tz=0&dev=e&res=12.1053
173.233.137.36200 OK 1.9 kB URL HTTP/1.1 fairfaxgeorgianayourself.com/watch.442688589344?shu=5357df69489d80de3f87efeb35cc18f993e728b36ff56a81121f8b326f62702eb228e718df91f5037f34cffb87157e97c0092d821e21c0b93fbda3659438e38015fbb9bec1f6f0d076bbb5f345cff3c96c403fddd62c5ba1e52e70df96fcb84d51&pst=1670486949&rmtc=t&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&pii=&in=false&key=51b37f55ad7e632be703a139a01fe9b5&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&tz=0&dev=e&res=12.1053
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2572)
Hash 3b3f706e7ffbd55668da95e63cbaf232
02a28fce90fc4cac96f50f4d7457901a047a458b
85a3939806f36e6746d8c6b62a2cea06b9131a555e912c1c56ca0e075d54d559
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.442688589344?shu=5357df69489d80de3f87efeb35cc18f993e728b36ff56a81121f8b326f62702eb228e718df91f5037f34cffb87157e97c0092d821e21c0b93fbda3659438e38015fbb9bec1f6f0d076bbb5f345cff3c96c403fddd62c5ba1e52e70df96fcb84d51&pst=1670486949&rmtc=t&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&pii=&in=false&key=51b37f55ad7e632be703a139a01fe9b5&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&tz=0&dev=e&res=12.1053 HTTP/1.1
Host: fairfaxgeorgianayourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fairfaxgeorgianayourself.com/watch.442688589344?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
Cookie: u_pl=16655075; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmVsbHNhZmFuLmJsb2dzcG90LmNvbS8yMDEzLzA1L3Nwb25nZWJvYi1yZWQtbWlzdC1jb21wbGVhdGUuaHRtbCJ9fQ.Pb0OjuJSUi0HYNXr7ZANwNFWxifxXSzeVFiTkQByokI; uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
Access-Control-Allow-Origin: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1; expires=Thu, 15 Dec 2022 08:08:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
uncs=1; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ca77bd2fb86348246d652acbe45779b2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
swelltomatoesguess.com/watch.577929197371?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
173.233.137.52200 OK 1.2 kB URL HTTP/1.1 swelltomatoesguess.com/watch.577929197371?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (538)
Hash 3694fb245892c8a7ebe6519bbbfefb06
906d7e3f04e133512381ffb009e3da19767fae11
a5f12cf1ce7bcc8febb50f518aeaba0cde16391e4a12b37bc21304661d970eea
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.577929197371?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1 HTTP/1.1
Host: swelltomatoesguess.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Cookie: u_pl=16655075; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLzIwMTMvMDUvc3BvbmdlYm9iLXJlZC1taXN0LWNvbXBsZWF0ZS5odG1sIn19.QcAAy5LMVijx8SUnpzmrIo_TuZcTWXACGDDbm5nZsoc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmVsbHNhZmFuLmJsb2dzcG90LmNvbS8yMDEzLzA1L3Nwb25nZWJvYi1yZWQtbWlzdC1jb21wbGVhdGUuaHRtbCJ9fQ.Pb0OjuJSUi0HYNXr7ZANwNFWxifxXSzeVFiTkQByokI; expires=Thu, 08 Dec 2022 08:09:09 GMT; secure; SameSite=None
uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1; expires=Thu, 15 Dec 2022 08:08:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0ed1ce9ac598d050fb59b3e151bc5d07
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0c8f51dc9f0403e9a4e798b49f977948
34ce92d502b92fd964f80d4c331cca9e42546954
ec4b08d6a0c6fd5733c3ceaf542b37eba10869511c0a782ece7c75bd74ee1084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC4B08D6A0C6FD5733C3CEAF542B37EBA10869511C0A782ECE7C75BD74EE1084"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7951
Expires: Thu, 08 Dec 2022 10:20:40 GMT
Date: Thu, 08 Dec 2022 08:08:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2a8d3d852f27d7635283bf0df750f2fe
b7aa203f82272b83809a4789bcbda0c16566ef97
fcf240a4ca086341ab65066afc0674c72d8f1467f3798da9e214d6b730077301
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCF240A4CA086341AB65066AFC0674C72D8F1467F3798DA9E214D6B730077301"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8037
Expires: Thu, 08 Dec 2022 10:22:06 GMT
Date: Thu, 08 Dec 2022 08:08:09 GMT
Connection: keep-alive
cdn.cloudimagesb.com/bi/7c/77/4e/7c774e3fca97e81dcd4cb6bd9b31e3fa/1646312782.jpg
45.133.44.9200 OK 21 kB URL HTTP/2 cdn.cloudimagesb.com/bi/7c/77/4e/7c774e3fca97e81dcd4cb6bd9b31e3fa/1646312782.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Hash f5360eaa5d82fa287f1a4a44eba8af9f
66ddd674a43047f45dcd8b6a0cd44f52b153293b
e8695b3ec0fedbae3a90bb29587bdf0690becb7fda2b754ff946991ecb0df6ea
GET /bi/7c/77/4e/7c774e3fca97e81dcd4cb6bd9b31e3fa/1646312782.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fairfaxgeorgianayourself.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:09 GMT
content-type: image/jpeg
content-length: 21445
server: nginx/1.17.6
last-modified: Thu, 03 Mar 2022 13:06:28 GMT
etag: "6220bd54-53c5"
expires: Sat, 10 Dec 2022 08:08:09 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
swelltomatoesguess.com/watch.577929197371?shu=2de14807d0507b7c4483fee4100bc8fd10e1ffb1fa007c50a0c68485527928cfe90f2d4135e456b98e686889af72791dd0c0121676b7b7a720fa035fcac0b28edea1f02d054cbacca9a10c36745a7563e7da21a928fd11412da96975ed7de7aee470&pst=1670486949&rmtc=t&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&pii=&in=false&key=51b37f55ad7e632be703a139a01fe9b5&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&dev=e&res=12.1053&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&tz=0
173.233.137.52200 OK 1.8 kB URL HTTP/1.1 swelltomatoesguess.com/watch.577929197371?shu=2de14807d0507b7c4483fee4100bc8fd10e1ffb1fa007c50a0c68485527928cfe90f2d4135e456b98e686889af72791dd0c0121676b7b7a720fa035fcac0b28edea1f02d054cbacca9a10c36745a7563e7da21a928fd11412da96975ed7de7aee470&pst=1670486949&rmtc=t&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&pii=&in=false&key=51b37f55ad7e632be703a139a01fe9b5&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&dev=e&res=12.1053&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&tz=0
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2522)
Hash 10787b9da13b0e4a6a9af76b498d92ce
78cafa902024002785d745d9c0fe498dc3f72283
5a14606399457a85a444e9583396c67fca39fcf46380941e95a37fc417fd24da
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.577929197371?shu=2de14807d0507b7c4483fee4100bc8fd10e1ffb1fa007c50a0c68485527928cfe90f2d4135e456b98e686889af72791dd0c0121676b7b7a720fa035fcac0b28edea1f02d054cbacca9a10c36745a7563e7da21a928fd11412da96975ed7de7aee470&pst=1670486949&rmtc=t&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1&pii=&in=false&key=51b37f55ad7e632be703a139a01fe9b5&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&dev=e&res=12.1053&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&tz=0 HTTP/1.1
Host: swelltomatoesguess.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://swelltomatoesguess.com/watch.577929197371?key=51b37f55ad7e632be703a139a01fe9b5&kw=%5B%22spongebob%22%2C%22red%22%2C%22mist%22%2C%22compleate%22%2C%22-%22%2C%22rellsafan%22%5D&refer=http%3A%2F%2Frellsafan.blogspot.com%2F2013%2F05%2Fspongebob-red-mist-compleate.html&tz=0&dev=e&res=12.1053&uuid=81e9ffbc-d502-4584-8b34-9bb530ea0cd8%3A3%3A1
Cookie: u_pl=16655075; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjY1NTA3NSwiayI6IjUxYjM3ZjU1YWQ3ZTYzMmJlNzAzYTEzOWEwMWZlOWI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjc4ODg1LCJwaWQiOjg4MTU4LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjUsInB0Ijo0LCJwayI6InI0N2F6NGlzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwOi8vcmVsbHNhZmFuLmJsb2dzcG90LmNvbS8yMDEzLzA1L3Nwb25nZWJvYi1yZWQtbWlzdC1jb21wbGVhdGUuaHRtbCJ9fQ.Pb0OjuJSUi0HYNXr7ZANwNFWxifxXSzeVFiTkQByokI; uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
Access-Control-Allow-Origin: http://rellsafan.blogspot.com/2013/05/spongebob-red-mist-compleate.html
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=81e9ffbc-d502-4584-8b34-9bb530ea0cd8:3:1; expires=Thu, 15 Dec 2022 08:08:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
uncs=1; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
pdhtkv5=true; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
uncs5=1; expires=Fri, 09 Dec 2022 08:08:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6e46d28ba5744c36082c8cb5aa03cdec
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/bi/48/43/22/4843221d148bbf0ebcf3a4c1a1232788/1659623341.jpg
45.133.44.9200 OK 15 kB URL HTTP/2 cdn.cloudimagesb.com/bi/48/43/22/4843221d148bbf0ebcf3a4c1a1232788/1659623341.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 300x250, components 3\012- data
Hash d6f6da293a6a1cd439cb45efb4172f5e
1efd4456a44a4093bb992e4f963270b664816fc0
6b31ffe3f51995cc3155cfa6a3d6601465ea611107064babc1cc4589f0572f74
GET /bi/48/43/22/4843221d148bbf0ebcf3a4c1a1232788/1659623341.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://swelltomatoesguess.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:09 GMT
content-type: image/jpeg
content-length: 15165
server: nginx/1.17.6
last-modified: Thu, 04 Aug 2022 14:29:09 GMT
etag: "62ebd7b5-3b3d"
expires: Sat, 10 Dec 2022 08:08:09 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16655086
173.233.139.164200 OK 1.3 kB URL HTTP/1.1 www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16655086
IP 173.233.139.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb9215a5191400a5a5de35c894384462
422c33e76b99b19e5b4e7b2a9ab96bd9851e39b2
37f191359b2c96f77ee3ab78f96435b57974f547f0e53255f61a3e74fcec54af
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16655086 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://rellsafan.blogspot.com/
Cookie: u_pl=16122660; pdhtkv=true; uncs=1; pdhtkv28=true; uncs28=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTY2NTUwODYiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoyLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLyJ9fQ.w6s5iT9dOp9CL_xLs6h9UKsOm1Art2-Ufv6_M8oHFAI; expires=Thu, 08 Dec 2022 08:09:09 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0193ab1b32fdd26f3dd61f6f454e6034
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.spikereekvelocity.com/dyfc1k09?shu=829950721a8963505baa85a16be96973402fa6b76c0e62cd0621c91f2558e75e8653aae3d9db6bd77dec318695472fa1f1bf186855310f796af83bae0d298cd2c4a30b118c4f5f44f9b57aa3734bf87e52f8c6c2ca9b1cbb7a5e924992174db4cdaf7716&pst=1670486949&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Frellsafan.blogspot.com%2F&psid=16655086
173.233.139.164302 Found 0 B URL HTTP/1.1 www.spikereekvelocity.com/dyfc1k09?shu=829950721a8963505baa85a16be96973402fa6b76c0e62cd0621c91f2558e75e8653aae3d9db6bd77dec318695472fa1f1bf186855310f796af83bae0d298cd2c4a30b118c4f5f44f9b57aa3734bf87e52f8c6c2ca9b1cbb7a5e924992174db4cdaf7716&pst=1670486949&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Frellsafan.blogspot.com%2F&psid=16655086
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?shu=829950721a8963505baa85a16be96973402fa6b76c0e62cd0621c91f2558e75e8653aae3d9db6bd77dec318695472fa1f1bf186855310f796af83bae0d298cd2c4a30b118c4f5f44f9b57aa3734bf87e52f8c6c2ca9b1cbb7a5e924992174db4cdaf7716&pst=1670486949&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Frellsafan.blogspot.com%2F&psid=16655086 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.spikereekvelocity.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; pdhtkv=true; uncs=1; pdhtkv28=true; uncs28=1; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTY2NTUwODYiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjIsImF1IjoyLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHA6Ly9yZWxsc2FmYW4uYmxvZ3Nwb3QuY29tLyJ9fQ.w6s5iT9dOp9CL_xLs6h9UKsOm1Art2-Ufv6_M8oHFAI; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Thu, 08 Dec 2022 08:08:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
Set-Cookie: uncs=2; expires=Fri, 09 Dec 2022 08:08:10 GMT
uncs28=2; expires=Fri, 09 Dec 2022 08:08:10 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5524093bceb33a361c36835c4fc940d
Strict-Transport-Security: max-age=0; includeSubdomains
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
23.36.79.43307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.spikereekvelocity.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Thu, 08 Dec 2022 08:08:10 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 08 Dec 2022 08:08:10 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d; domain=.unibet.com; expires=Sat, 08-Dec-3021 08:08:10 GMT; path=/; secure; SameSite=Strict
server-timing: edge; dur=1, origin; dur=68, cdn-cache; desc=MISS
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.spikereekvelocity.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Thu, 08 Dec 2022 08:08:10 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
set-cookie: JSESSIONID=node013sa4f1xsn4zj63x9fqd48kcs4373353.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node013sa4f1xsn4zj63x9fqd48kcs; Path=/; Domain=.unibet.nu; Expires=Sat, 07-Dec-2024 08:08:10 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Sat, 07-Dec-2024 08:08:10 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://www.spikereekvelocity.com/"; Path=/; Domain=.unibet.nu; Expires=Sat, 07-Dec-2024 08:08:10 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=127656177_6D696FE9849A48C099BFD2D47E1510E6; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=68246908; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fwww.spikereekvelocity.com%2F; Path=/; Domain=.unibet.nu; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_6D696FE9849A48C099BFD2D47E1510E6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
referer: https://www.spikereekvelocity.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 08 Dec 2022 08:08:10 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.spikereekvelocity.com/
Connection: keep-alive
Cookie: __ucbt=node013sa4f1xsn4zj63x9fqd48kcs; uniattr=ST.0.T; uniattr_ref="https://www.spikereekvelocity.com/"; affiliateId=1; B-TAG=127656177_6D696FE9849A48C099BFD2D47E1510E6; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fwww.spikereekvelocity.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_6D696FE9849A48C099BFD2D47E1510E6%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Thu, 08 Dec 2022 08:08:10 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 08 Dec 2022 08:08:10 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 42f0fe9fa5f3773b024d4c1d1b9dec70
599067baab00ab89a7e31c5b5bb06a77641c524e
68dbf4281845e78b9334a2dffc5786b1b5decc766cb4131c18d480502b96e6e6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68DBF4281845E78B9334A2DFFC5786B1B5DECC766CB4131C18D480502B96E6E6"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4804
Expires: Thu, 08 Dec 2022 09:28:14 GMT
Date: Thu, 08 Dec 2022 08:08:10 GMT
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
104.18.25.188200 OK 5.2 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
IP 104.18.25.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2468)
Hash cf126f812324074c18d5f47c95dab52b
bc04bc2cc2c9238cd7a17695246d9c4de1e0d41e
85431c3b7ba2589a4bb3cc2794607c5800c6125a3097d696dbf4f285c280473a
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.spikereekvelocity.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
x-ms-request-id: 3d9e2116-e01e-0036-0fdc-0a9f72000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fb8fb6b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.25.188200 OK 10 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Hash 108c98f8222c0e774f862849c53d1d52
21f9cfdc0285e27a6b157c8261d0a33d432d4515
345471fa5c9416c56f53355047855392511da54b702233d5ed550d8fb07ea728
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: 88d0ed69-201e-0074-2803-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79adb515-OSL
content-encoding: br
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.106200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.106:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 12:45:16 GMT
expires: Wed, 06 Dec 2023 12:45:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 156175
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61e3d9d6a1d8215a72262cabeeba48a7
9bae804c95bc7930bfd4223c01eaecd249f56f59
194e20346762205c87deb74d2f1b2ff6143fbdf3ce3542dc4049f7071a03ac89
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4439
Cache-Control: max-age=105159
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:11 GMT
Etag: "639081db-117"
Expires: Fri, 09 Dec 2022 13:20:50 GMT
Last-Modified: Wed, 07 Dec 2022 12:06:51 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.25.188200 OK 2.4 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5740), with no line terminators
Hash 37b0041d1fd7795201308dd9d34b2f79
baae128aee109c7da632b950147490bbe6589757
40562723b2d42179a86709dea720953db348604501f92cc4c9641e4cb78fedc0
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: 4fc06b4d-901e-004e-1803-033c8a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79b0b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
104.18.25.188200 OK 100 kB URL HTTP/2 welcome.unibet.com/custom.js
IP 104.18.25.188:0
Size 100 kB (100508 bytes)
Hash 1d3f254e79d43f3d2b0b71919ab70f98
48203453125e86075f6f76bcd6502a7961e13bd3
dcc1a6ba3fdbb42740209fac79e93cd9b06c254a4db9e7e1a7bf7af32c4be2b1
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258008
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79a6b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 11 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash 14a0f457615c182c1880fe8b1337581e
67a37d2a8cf6a2801bfbfc565f7a88819dc47a9a
4432d4366fe7cb281768a0934d87432506f250afaf7354f355e9cd6ff5015fd2
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: application/xml
x-ms-request-id: 1031becb-a01e-0008-33db-0a080d000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 115
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fe9b24b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 4.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash 346ad06a1bcfc221029ec4a890944817
ce3b423ddfeb7f81270f59a777fd6bd73b2b47ea
37d4d6be4588d1c8f9eb437b8ed0355c1a3209412904cf2cc06a487af1716cd3
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: application/xml
x-ms-request-id: 1031becb-a01e-0008-33db-0a080d000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 115
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79bdb515-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.25.188200 OK 75 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1481), with no line terminators
Hash edc30eef88ec601a188b1fe7b25a9564
16b5d4fa678498696bba868d95a79ce93f4ac4c2
f12e5526d0c45706801de34e3c1af9ce144b3076981bff09fb667c0bfbd39f46
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: 16b99321-701e-000b-6a03-03e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79b5b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.25.188200 OK 16 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Hash 03aa14cacc7d00d61ecaae93bb3bec72
0db89c68b0d1bee6663ca7a1dcc4b9b6ff6d575d
713bdcfeab2a2bf40662ff51080964b93ea20a2295421b2f1cd00c5c36dcfce9
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: cd88faad-301e-0047-5503-037959000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79b3b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.132.15200 OK 93 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.132.15:0
File type ASCII text, with very long lines (54456), with no line terminators
Hash 5ad228aed5f58936611a0b46829f7a78
56a6763e99006e4125bbdf54c5df277ed3168005
951e78bfe3540db28c5505921396f4e4919a724bc3688cc50733ca00e52387ea
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: text/css
x-amz-id-2: Naym7hPmP6C6hux6VLJAAre0tbecqXaiQpMJaYu3vDn0x1vPpC32gtoDJkl7kXKmPPFbhKi1q5U=
x-amz-request-id: MZGFJRB14SZWS1MV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1018548
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B31b3%2BItoftNUBLCffoWxAOZGJcYoDaeeC%2F%2BPmzK3rjpYqvZ%2BTb3x8cI8QXAs5%2BpgDGpkBH2dV0g6%2FXm6SjPctn6NqrxfLsmVhWZeg6%2FdWt37urzoz73pG73pgWDkaNGhqkNhxcV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776402fe1d330085-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 17 kB URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash eec4f89a7e8f59d9f82a053ceb92e571
4c68233736165e4bb7b261b5f263b736a4d29b76
1c39eed36bff4debd2edd699dd535fb49c625b1f077ed81c7847e90bfb714ac7
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.106200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.106:0
Hash 257b3c8f18ec8af5f75ad42bdee55c72
0da951b0813b4e93119a2d9a350f93e435af14c2
a92480e424fcb93839091f26c86287818b9e580990b7f68848f6ad89c7734563
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Dec 2022 08:08:11 GMT
date: Thu, 08 Dec 2022 08:08:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.25.188200 OK 2.2 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.25.188:0
File type HTML document, Unicode text, UTF-8 text
Hash 48fd6da45522dee3c4e5326bd76f3795
738e613d49650ca4e6b6d28d0e818f3c4a598f94
23aa77d82b2b07ebe2e439b2abe3a06de4a1fd37e8df4512c0b15d136088a3c3
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: 10dfb792-f01e-0077-0703-03c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd69a0b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
37.252.171.52307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 37.252.171.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 08:08:11 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: cc462fc4-2fc3-4eb8-afb5-91516efa6466
Set-Cookie: uuid2=3938139367630190014; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Mar-2023 08:08:11 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f0bc063ee14a287a2f76000075b166ae
01c46ed1f7e7d7bc8b54c9a886d167cd5ceb4033
e3681ed6e457e6ee825bfb0e1fe2b9982e07ed9461abfd78fcb9a1e58f889876
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4439
Cache-Control: max-age=169963
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:11 GMT
Etag: "63917eff-1d7"
Expires: Sat, 10 Dec 2022 07:20:54 GMT
Last-Modified: Thu, 08 Dec 2022 06:06:55 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
104.19.148.8200 OK 1.8 kB URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP 104.19.148.8:0
File type JSON data\012- , ASCII text, with very long lines (5061), with no line terminators
Hash 75a608ac7abdcf698fbec9b12da57e2e
665588a87deb2f41441189fcbb7adc68362c0636
e16409bb5ef5fa394df00ae7e6ed8e415d2b032fa1b503870f3eeb51d9f0f3b2
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: application/json
content-length: 1770
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Thu, 08 Dec 2022 05:15:24 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 10367
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77640300dc4d0b69-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
37.252.171.52200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 37.252.171.52:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 08:08:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: a093695a-65b0-4b0d-884f-e57518f06055
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2E?jH=pwz!@wnf-Te9(>wL5L!!'[a$mX.[; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Mar-2023 08:08:11 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
script.crazyegg.com/pages/scripts/0012/9242.js?464024
104.19.148.8200 OK 2.7 kB URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?464024
IP 104.19.148.8:0
File type ASCII text, with very long lines (6878), with no line terminators
Hash 486f94b4b4115e918d4bd4b07591cf35
ecf979060eeb23d945c243e57bf5b57f577ec1bf
a462475235ad4df854b4eab2aa37163ad614a07469f00b93f752504db5078ce8
GET /pages/scripts/0012/9242.js?464024 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Thu, 08 Dec 2022 05:15:24 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 10367
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402ffdb6c0b69-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
104.19.148.8200 OK 27 kB URL HTTP/2 script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
IP 104.19.148.8:0
File type ASCII text, with very long lines (63889)
Hash 40a61971f3342753b240df82579098d2
75a44689092cd59612c3c77f4c3f353f5898c4b9
c53652de8d763aa53a2226f899e6c57434675b324a4e22b91bea1f217e99504a
GET /pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: text/javascript
content-length: 26836
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Fri, 18 Nov 2022 16:53:01 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 1089796
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776403011c890b69-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2dbea6c65113e6ea6b99b9a8349f5120
e13d9da31e24285d388d7c1bffd6b66611d52aab
5a352cb547372c96067849d1b4f6da15b56455397370171841a737308c81b05e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5850
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 08:08:11 GMT
Etag: "6390429f-1d7"
Last-Modified: Thu, 08 Dec 2022 06:30:41 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=12072993121659275014403726569553165246&ts=1670486891114
13.36.218.177200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=12072993121659275014403726569553165246&ts=1670486891114
IP 13.36.218.177:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=12072993121659275014403726569553165246&ts=1670486891114 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Thu, 08 Dec 2022 08:08:11 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 3.6 kB URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash c3efc102727dc773d0dffbd89175a266
c226fbfe66847993eaf651b283e50ee290a5a364
8ac8c811fb3a3ba608ffbd01d315367deb20e85a2096d39c4eb20270c88886d6
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Thu, 08 Dec 2022 08:08:11 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=15ba40cd1caa1bec2184ac4d6bc54f4c82e5289caaa419bdac02883b5bb07792;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=15ba40cd1caa1bec2184ac4d6bc54f4c82e5289caaa419bdac02883b5bb07792;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
unibet.demdex.net/dest5.html?d_nsid=0
34.249.28.111200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 34.249.28.111:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Thu, 8 Dec 2022 08:08:11 GMT
DCS: dcs-prod-irl1-1-v045-06cd512cb.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 7grV2a2kQiE=
Content-Length: 2791
Connection: keep-alive
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.16.173.188200 OK 8.1 kB URL HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.16.173.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f8bc141944d4479f3f23f123429177f3
1a04e94779d82cd1dbc1994704a6f4a4bb66648f
70571abf08d1f6eaedbf8fc5695ecd5a21e152b5e48d5ea95455a80a742ebbf3
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 343
vary: Accept-Encoding
server: cloudflare
cf-ray: 776403021eacb51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 02e278057630aee0bd15f1c6bd14c571
bd6436929acb1187cb6ebd2205daebe7f48aa7b4
0a2e5fd760ba3403fa9e569d8e918f114c5287f8c9a8404637bcfa8a154accd1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=111963
Date: Thu, 08 Dec 2022 08:08:11 GMT
Etag: "63909c9e-1d7"
Expires: Fri, 09 Dec 2022 15:14:14 GMT
Last-Modified: Wed, 07 Dec 2022 14:01:02 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3YOF_W1--fmhsmlHZsrdR2hl9h2fJ3j5pJBBahyukrENitm0wyzKrQ==
Age: 4392
cm.everesttech.net/cm/dd?d_uuid=12114657120539299424401107610625443365
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=12114657120539299424401107610625443365
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=12114657120539299424401107610625443365 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Thu, 08 Dec 2022 08:08:11 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y5GbawAAANiTuwOY; Domain=.everesttech.net; Expires=Fri, 08-Dec-2023 08:08:11 GMT; Path=/
everest_session_v2=Y5GbawAAANiTvAOY; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5GbawAAANiTuwOY
Server: AMO-cookiemap/1.1
pagestates-tracking.crazyegg.com/healthcheck
54.230.111.22200 OK 19 B URL HTTP/2 pagestates-tracking.crazyegg.com/healthcheck
IP 54.230.111.22:0
File type JSON data\012- , ASCII text
Hash d06f04fccf68d0b228a5923187ce1afd
5de9df9fdd66a91eed06e31981553d4ab9ccf490
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
GET /healthcheck HTTP/1.1
Host: pagestates-tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 19
date: Fri, 30 Sep 2022 16:18:54 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: K0wjRv0uK9QdlX1Eo165x3g9JjuSRG4m9F8kJjMVAyEbCAFzEyqe9g==
age: 5932158
X-Firefox-Spdy: h2
assets-tracking.crazyegg.com/healthcheck
54.230.111.11200 OK 19 B URL HTTP/2 assets-tracking.crazyegg.com/healthcheck
IP 54.230.111.11:0
File type JSON data\012- , ASCII text
Hash d06f04fccf68d0b228a5923187ce1afd
5de9df9fdd66a91eed06e31981553d4ab9ccf490
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
GET /healthcheck HTTP/1.1
Host: assets-tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 19
date: Tue, 06 Dec 2022 01:51:14 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gIXD6csXNgunj5qxGEThsGuWSdhp9XVZAAfnfnGAUtr-VxerAY5voQ==
age: 195417
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=411&dpuuid=Y5GbawAAANiTuwOY
54.72.53.159302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y5GbawAAANiTuwOY
IP 54.72.53.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y5GbawAAANiTuwOY HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcscanary-prod-irl1-1-v052-0f73f706c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5GbawAAANiTuwOY
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=47605416711348097793230050632873182797; Max-Age=15552000; Expires=Tue, 06 Jun 2023 08:08:12 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: HPXmqhkFSJc=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5GbawAAANiTuwOY
54.72.53.159200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5GbawAAANiTuwOY
IP 54.72.53.159:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y5GbawAAANiTuwOY HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-0f2a7c28b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: EzvR5vpySxw=
Content-Length: 59
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 6a3e88f36051f883d0a10439f61ab702
eca74cedfb3ee927b7658e4ee075b205ef07fb01
d1d121c39e634d7457f44151dd67b5ffd64982d0abd770fc000b090d075027c6
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=113444
Date: Thu, 08 Dec 2022 08:08:12 GMT
Etag: "6390ac0e-1d7"
Expires: Fri, 09 Dec 2022 15:38:56 GMT
Last-Modified: Wed, 07 Dec 2022 15:06:54 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CVYNc2ZOWTd5I7fE5dio7S1rJHjumTo9EA8ixYpqVja4az9VR0Si-g==
Age: 1923
tracking.crazyegg.com/clock?t=1670486891391&tk=49f5480a39da8ce7e59e73633af4ed5a
185.48.121.228200 OK 26 B URL HTTP/2 tracking.crazyegg.com/clock?t=1670486891391&tk=49f5480a39da8ce7e59e73633af4ed5a
IP 185.48.121.228:0
File type ASCII text, with no line terminators
Hash eb06704173f8a2b7f89ba97f289e5c52
eee8c5a4895cabb9ddaba8dbd6c0811e904aa831
5965f6294ea8ace4caecd73bd851f424281b7fae05af30b3b0d3b58b5819d84b
GET /clock?t=1670486891391&tk=49f5480a39da8ce7e59e73633af4ed5a HTTP/1.1
Host: tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Thu, 08 Dec 2022 08:08:12 GMT
content-type: text/plain
content-length: 26
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: 0b580569-d01e-0060-1f03-036e9d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79aeb515-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB39EA46F"
x-ms-request-id: a11628c9-801e-0042-7503-03ab82000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79b2b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: 24a2aae3-d01e-004f-0203-036356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258054
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79a8b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: dbafa778-701e-0034-4703-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd699fb515-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.16.173.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.16.173.188:0
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 345
vary: Accept-Encoding
server: cloudflare
cf-ray: 776403021eb0b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 88d0ed66-201e-0074-2503-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd69a2b515-OSL
content-encoding: br
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.148.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.148.8:0
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Thu, 08 Dec 2022 05:15:24 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 10367
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402ffdb6a0b69-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_6D696FE9849A48C099BFD2D47E1510E6&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670486890459)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C202212888%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228534609204%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 08:08:11 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: bf5a1d34-901e-003c-5a03-033bc5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 258055
vary: Accept-Encoding
server: cloudflare
cf-ray: 776402fd79beb515-OSL
content-encoding: br
X-Firefox-Spdy: h2