www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
142.250.74.83301 Moved Permanently 211 B URL HTTP/1.1 www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
IP 142.250.74.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash f5c6637b16715f4e11a61e055c650f72
4e8d3679aa7cd4788585481ad05958590f1c92c2
6ddf63fab7cdc98c6a289ed0be30bed8785da0d799bf4fea194c2b641feb8f3f
GET /2022/05/hasta-el-viento-tiene-miedo-pelicula.html HTTP/1.1
Host: www.nodormirasmas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Thu, 10 Nov 2022 11:27:53 GMT
Expires: Thu, 10 Nov 2022 11:27:53 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 211
Server: GSE
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8898
Expires: Thu, 10 Nov 2022 13:56:11 GMT
Date: Thu, 10 Nov 2022 11:27:53 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a19a5555cc9ea92581b0cc504cb64345
01a86ce33d5eb33420ed76266360f32c62a96f31
9ebd48b4053bb4a7a27718670c44075b1f35d037be7fd16750fcbc3ffd68b18c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 316
Cache-Control: max-age=169710
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:53 GMT
Etag: "636cd2eb-1d7"
Expires: Sat, 12 Nov 2022 10:36:23 GMT
Last-Modified: Thu, 10 Nov 2022 10:31:07 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a19a5555cc9ea92581b0cc504cb64345
01a86ce33d5eb33420ed76266360f32c62a96f31
9ebd48b4053bb4a7a27718670c44075b1f35d037be7fd16750fcbc3ffd68b18c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1609
Cache-Control: max-age=171003
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:53 GMT
Etag: "636cd2eb-1d7"
Expires: Sat, 12 Nov 2022 10:57:56 GMT
Last-Modified: Thu, 10 Nov 2022 10:31:07 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dc90abd8b3ea8e75a68c144d74d75788
1ce29dca1ee9ca8931397de31ffb6cf7833baaf8
807000997bcf1b7a1fa35e43908cbfa54cd1704a5a0f53c09e1ae154638f10e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "807000997BCF1B7A1FA35E43908CBFA54CD1704A5A0F53C09E1AE154638F10E0"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6194
Expires: Thu, 10 Nov 2022 13:11:08 GMT
Date: Thu, 10 Nov 2022 11:27:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 48FX+iUh1wVxqVo3nNNGHXXl/r8QbZj++X2VxQLHKhYWb+4OAbjRlFkGaMNF8EM12gpkLkevcQM=
x-amz-request-id: 644V7T28QWP89DMA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 10 Nov 2022 10:49:22 GMT
age: 2312
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/Dx1C0sH03iw
142.250.74.35200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Dx1C0sH03iw
IP 142.250.74.35:0
Hash cbe9a98c834a3cb99b7d52a37c831dcd
9e5fc8f9d17a3e3a71ab895aae6783c9b0230928
1f865e6bbf9d1ffbb0057d5d01ca76ed1d450d83422bcdafa43841143e063f24
POST /s/gts1d4/Dx1C0sH03iw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 081ea13ba4390a4baab25cf57c2672f3
30cc9c329228e3d7bc6041f1aa553f06f8136eed
5a48c189581edd8ae4a4e58e2d54359bb75ba769828436394e4c256fe861814e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2794
Cache-Control: max-age=167133
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Etag: "636cbf2d-1d7"
Expires: Sat, 12 Nov 2022 09:53:27 GMT
Last-Modified: Thu, 10 Nov 2022 09:06:53 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d077cd24b15efb2762287fc616bb7cd2
c4ecf2280d03b50dfc1527377136607ccb543fd8
2520aac9a4b84d84b652ad52801ed88a509dd5ec2bf049d86a6a5ad652b06424
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6084
Cache-Control: max-age=162894
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Etag: "636ca1c4-117"
Expires: Sat, 12 Nov 2022 08:42:48 GMT
Last-Modified: Thu, 10 Nov 2022 07:01:24 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2b6e814cf24d6076a53097eacb138a7f
7e3b9b5d44699f81209a7ea0182640f5596804a5
218be263224d3d1a01ba126d0a7311b972bd88744ec0919b5e471077abe68e03
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
142.250.74.83200 OK 83 kB URL HTTP/2 www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
IP 142.250.74.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2940)
Hash 7d3e7fa2f41226549cd2b09075dc1f77
65fadeeac3b51e2c3dfb0167c995dfb82ddea4ef
cff2d2a8eec985fe589adcd8fc210fc5b482ec16f8d0c87ec289930128eeb8d1
GET /2022/05/hasta-el-viento-tiene-miedo-pelicula.html HTTP/1.1
Host: www.nodormirasmas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Thu, 10 Nov 2022 11:27:54 GMT
date: Thu, 10 Nov 2022 11:27:54 GMT
cache-control: private, max-age=0
last-modified: Thu, 10 Nov 2022 00:10:42 GMT
etag: W/"47ca9778dbf2fb60a84157fba9cc1d6487aa49ae458f25c003ca28f058390e3d"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 82800
server: GSE
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
151.101.85.229200 OK 1.3 kB URL HTTP/2 cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (1460)
Hash 8786cd8041431d860694eed4e4df5493
ad176b25138137c05527a1a93f9b1d2bd9819bb6
2f1ab64452cbd8b4a75b5f778aaadd7f8a9c194ef48c5e2e9132393b68d21a85
GET /npm/cookieconsent@3/build/cookieconsent.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.1.1
x-jsd-version-type: version
etag: W/"135e-3nthfC1sCV/yhiNebPZMMo2hpL8"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 11:27:54 GMT
age: 18196
x-served-by: cache-fra-eddf8230021-FRA, cache-bma1663-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1299
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
151.101.85.229200 OK 6.8 kB URL HTTP/2 cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (20693), with no line terminators
Hash 58a872ad8da4bad737e618cf78b55feb
1917e7662a1c0d1034c3056c6ebd0e9ae2d542f1
5ddc446ff4623ed98a827c66171c9d5d2809d7f679b0681eb088765e272849bb
GET /npm/cookieconsent@3/build/cookieconsent.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.1.1
x-jsd-version-type: version
etag: W/"50d5-nLraS9YXyGxjjPLr3exyStWWkHs"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 11:27:54 GMT
age: 18165
x-served-by: cache-fra-eddf8230087-FRA, cache-bma1663-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6756
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash c50cb35d61edbaa6b234e31e1d5141b7
2a8cffa3883346d34624e2060a519811f3d66041
34cacf7098414c3d01097bc997f4a7b2161bee3cced68c51966fe6b7e190cc7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.nodormirasmas.com/js/cookienotice.js
142.250.74.83200 OK 2.0 kB URL HTTP/2 www.nodormirasmas.com/js/cookienotice.js
IP 142.250.74.83:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: www.nodormirasmas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Thu, 10 Nov 2022 11:27:54 GMT
expires: Thu, 17 Nov 2022 11:27:54 GMT
cache-control: public, max-age=604800
last-modified: Tue, 08 Nov 2022 17:54:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 83b99092f19a38763c0b6ffc5e05e5aa
4cacf0a4adc46e28bc867d666a3fb45738dd1501
168478f1e03d83548fbfeed6dfad20ef23cb5a1dbf18f7312e5cf6dd290e9339
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
142.250.74.105200 OK 17 kB URL HTTP/2 www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
IP 142.250.74.105:0
File type ASCII text, with very long lines (1441)
Hash f18def4ccec463cf908f91e7cba7f2c1
02d95f67edd84a44c82255ca7abcdbf7f4d0cee5
12b91cbf31131a10b1fc2aa05047c027caeac0d6e0ca5deadf418fff63d68082
GET /static/v1/jsbin/3469866930-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 17447
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 08:05:29 GMT
expires: Thu, 09 Nov 2023 08:05:29 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 08 Nov 2022 09:52:17 GMT
content-type: text/javascript
age: 98545
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3cb6cc7c48915c7db45f5498b1e62539
ddccb7458bd30bcd2f8e7b35f0ecac03e919c875
03386554e16b21df5b398215637f9260a15e70b2c71770504d2544d3154e6eb0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/1456298461-widgets.js
142.250.74.105200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/1456298461-widgets.js
IP 142.250.74.105:0
File type ASCII text, with very long lines (2221)
Hash 88748618db43e969518c3eb33210c960
0f41c4f3ee1c9cf7872497ae5a090e9a40acc0aa
ffa7705795c1add317fbe3967deb0738b6af86eac5aeda67fabc64eb82837cc7
GET /static/v1/widgets/1456298461-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56694
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 18:58:17 GMT
expires: Thu, 09 Nov 2023 18:58:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 08 Nov 2022 03:55:44 GMT
content-type: text/javascript
age: 59377
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-2J8KM34V2J
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-2J8KM34V2J
IP 142.250.74.168:0
File type ASCII text, with very long lines (21484)
Hash c7251ec839597cbbefcf04bd506c2e8a
06d331f6fe18016b876e42a7c1764c22379232ef
4f4de74fee673b52d2363c3b99be10f00b3420c0335037c6cc3347d0a83406f2
GET /gtag/js?id=G-2J8KM34V2J HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 10 Nov 2022 11:27:54 GMT
expires: Thu, 10 Nov 2022 11:27:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76532
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
4.bp.blogspot.com/-uCjYgVFIh70/VuOLn-mL7PI/AAAAAAAADUs/Kcu9wJbv790hIo83rI_s7lLW3zkLY01EA/s100/avatar.png
142.250.74.161200 OK 4.4 kB URL HTTP/2 4.bp.blogspot.com/-uCjYgVFIh70/VuOLn-mL7PI/AAAAAAAADUs/Kcu9wJbv790hIo83rI_s7lLW3zkLY01EA/s100/avatar.png
IP 142.250.74.161:0
File type PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced\012- data
Hash 1d25bf411cadfc596df17bf5a230099b
17941bd36c2281c967dc76abbe0125e3d619cb0a
4a68cace09422fdece37206780f5d02f7af5d262f3d882504aea3a6b16b66ff6
GET /-uCjYgVFIh70/VuOLn-mL7PI/AAAAAAAADUs/Kcu9wJbv790hIo83rI_s7lLW3zkLY01EA/s100/avatar.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="avatar.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 4411
x-xss-protection: 0
date: Thu, 10 Nov 2022 10:01:34 GMT
expires: Wed, 02 Nov 2022 01:08:34 GMT
cache-control: public, max-age=86400, no-transform
age: 5180
etag: "vd4c"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.10200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 15:01:07 GMT
expires: Thu, 09 Nov 2023 15:01:07 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 73607
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 3d73132f98b3ca81710d1b41e0a18026
d34fee31a8aa0d6b44e70d13b578b3a2c056d5e4
9b0a3191cb38eb9ed0614abf18bbb5dfcfb5bf752c53e95d251792041e790b20
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:54 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "A6C15589290EB4D74B7B5E376A222857B6F88FF0"
Expires: Thu, 10 Nov 2022 22:00:00 GMT
Last-Modified: Thu, 10 Nov 2022 10:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 648
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 767e71100dd8b4f7-OSL
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash c50cb35d61edbaa6b234e31e1d5141b7
2a8cffa3883346d34624e2060a519811f3d66041
34cacf7098414c3d01097bc997f4a7b2161bee3cced68c51966fe6b7e190cc7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2b6e814cf24d6076a53097eacb138a7f
7e3b9b5d44699f81209a7ea0182640f5596804a5
218be263224d3d1a01ba126d0a7311b972bd88744ec0919b5e471077abe68e03
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 83b99092f19a38763c0b6ffc5e05e5aa
4cacf0a4adc46e28bc867d666a3fb45738dd1501
168478f1e03d83548fbfeed6dfad20ef23cb5a1dbf18f7312e5cf6dd290e9339
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3cb6cc7c48915c7db45f5498b1e62539
ddccb7458bd30bcd2f8e7b35f0ecac03e919c875
03386554e16b21df5b398215637f9260a15e70b2c71770504d2544d3154e6eb0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 83b99092f19a38763c0b6ffc5e05e5aa
4cacf0a4adc46e28bc867d666a3fb45738dd1501
168478f1e03d83548fbfeed6dfad20ef23cb5a1dbf18f7312e5cf6dd290e9339
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.89.217.163101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.217.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xqBnse4Vq6uL8B3d74cjdg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cgc6rgDdAZjBB3pwTPV6PU6YNAM=
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 9cec7fd19118aaeb5702dd97a8dd2b0e
40769764dfe2e1d216aeb0f18b935ad9e2fd9b11
0d10421ffd21c60df554fc54330fb769ea6cf59b8a795c14500defff88f8b366
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6bbfc6315b9228fd41cc16d1b2f54feb
2f2ca82eb3ca303268b03f7aa80af90f9380e8e2
9a593b197ba164b8fc74cfe6feccd57e05233a642d1dd8065c6723cee2c15701
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Hash e43b535855a4ae53bd5b07a6eeb3bf67
6507312d9491156036316484bf8dc41e8b52ddd9
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 18:53:39 GMT
expires: Tue, 07 Nov 2023 18:53:39 GMT
cache-control: public, max-age=31536000
age: 232456
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
104.18.11.207200 OK 77 kB URL HTTP/2 stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 104.18.11.207:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://stackpath.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 11:27:55 GMT
content-type: font/woff2
content-length: 77160
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 08/17/2022 18:20:14
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 3f769476b59786870fb9452c5921b812
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 767e7110daf9b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
216.58.207.195200 OK 48 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 47952, version 1.0\012- data
Hash 17b406b7b8caa297435fa358e194f5a1
e2132f0e97781af56fa966c0fabb49132f2af203
84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd
GET /s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 18:59:14 GMT
expires: Tue, 07 Nov 2023 18:59:14 GMT
cache-control: public, max-age=31536000
age: 232121
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 05:42:51 GMT
expires: Fri, 10 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 20704
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9e33abe3fad0526790c4a7e880bb9b3a
07c4d98c20e96c8c250dbf50abc5f49a5cff8794
7fc520466d4a06b83ac7eb0455cdb757b4ca5ae4900b590b3dcb8b2666690005
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6538
Cache-Control: max-age=116513
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Etag: "636bead2-116"
Expires: Fri, 11 Nov 2022 19:49:48 GMT
Last-Modified: Wed, 09 Nov 2022 18:00:50 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6bbfc6315b9228fd41cc16d1b2f54feb
2f2ca82eb3ca303268b03f7aa80af90f9380e8e2
9a593b197ba164b8fc74cfe6feccd57e05233a642d1dd8065c6723cee2c15701
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1c215a955fdbb14db3d2290ef83c9d8e
13a3c232c68cfa716e8d1eef7f9cce1a525afa98
cbb178ef341e46cb5c30229c8fcf947fd95c9f652870d9449d3f864e5d055950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CBB178EF341E46CB5C30229C8FCF947FD95C9F652870D9449D3F864E5D055950"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7937
Expires: Thu, 10 Nov 2022 13:40:12 GMT
Date: Thu, 10 Nov 2022 11:27:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1c215a955fdbb14db3d2290ef83c9d8e
13a3c232c68cfa716e8d1eef7f9cce1a525afa98
cbb178ef341e46cb5c30229c8fcf947fd95c9f652870d9449d3f864e5d055950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CBB178EF341E46CB5C30229C8FCF947FD95C9F652870D9449D3F864E5D055950"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9075
Expires: Thu, 10 Nov 2022 13:59:10 GMT
Date: Thu, 10 Nov 2022 11:27:55 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 9cec7fd19118aaeb5702dd97a8dd2b0e
40769764dfe2e1d216aeb0f18b935ad9e2fd9b11
0d10421ffd21c60df554fc54330fb769ea6cf59b8a795c14500defff88f8b366
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9e33abe3fad0526790c4a7e880bb9b3a
07c4d98c20e96c8c250dbf50abc5f49a5cff8794
7fc520466d4a06b83ac7eb0455cdb757b4ca5ae4900b590b3dcb8b2666690005
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6538
Cache-Control: max-age=116513
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Etag: "636bead2-116"
Expires: Fri, 11 Nov 2022 19:49:48 GMT
Last-Modified: Wed, 09 Nov 2022 18:00:50 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
142.250.74.83200 OK 0 B URL HTTP/2 www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
IP 142.250.74.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /2022/05/hasta-el-viento-tiene-miedo-pelicula.html HTTP/1.1
Host: www.nodormirasmas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Thu, 10 Nov 2022 11:27:55 GMT
date: Thu, 10 Nov 2022 11:27:55 GMT
cache-control: private, max-age=0
last-modified: Thu, 10 Nov 2022 00:10:42 GMT
etag: W/"47ca9778dbf2fb60a84157fba9cc1d6487aa49ae458f25c003ca28f058390e3d"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 0
server: GSE
X-Firefox-Spdy: h2
ashoupsu.com/tag.min.js
139.45.197.238200 OK 23 kB IP 139.45.197.238:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 10129002a07b9bb619b1bed78b00c390
f95b470536394f9769e8dfea9eb01738bbe55ade
aad92dc115b1b293f26883c19c512496b8db3cbda2d03933e6875c97565ca208
Analyzer Verdict Alert quad9 Sinkholed
GET /tag.min.js HTTP/1.1
Host: ashoupsu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:55 GMT
content-type: text/javascript; charset=utf-8
content-length: 23235
content-encoding: br
x-trace-id: bb215fba9f73005bd94358b6102b4a50
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Mon, 07 Nov 2022 13:56:58 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Nov 2022 12:31:58 GMT
expires: Sun, 05 Nov 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 428157
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 21:46:16 GMT
expires: Fri, 03 Nov 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 567699
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d9ed1e536d31e1c2dad0f461782aa72f
e217690dafb74c7609daaa55ae1ecb9518be318d
6f20bdd488c3710142427d77667b15e2ae306457ecb402f2b7153535aa3ced82
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F20BDD488C3710142427D77667B15E2AE306457ECB402F2B7153535AA3CED82"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17004
Expires: Thu, 10 Nov 2022 16:11:19 GMT
Date: Thu, 10 Nov 2022 11:27:55 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f9746abd865e363c8ec59d1ce415d671
269ab2a272319239e3140c87b015d3fe553285ca
c28c2ea2fd722c4f05b13b83e74b578be4b0aeed251a37dd7553d8d2927da31e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 28 kB IP 142.250.74.35:0
Hash 5c68d911641503e4e959a232e3c24214
2a59b0fc2801ce059fdd11304e3f97b55d306b79
220c391b77f4f48b2fdba48f6c39d6003056642094b9d2127350b0605deefc91
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c282fb89bdded9707f257751f23fc185
bfe872622a162e0afa35c9cd45742fba2fb15b13
3e66dbf4d736534ca78c1e386311a188e985a015e284a5659213b3b528e7cbc5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 514
Cache-Control: max-age=100035
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Etag: "636bc1fc-1d7"
Expires: Fri, 11 Nov 2022 15:15:10 GMT
Last-Modified: Wed, 09 Nov 2022 15:06:36 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f9746abd865e363c8ec59d1ce415d671
269ab2a272319239e3140c87b015d3fe553285ca
c28c2ea2fd722c4f05b13b83e74b578be4b0aeed251a37dd7553d8d2927da31e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f9746abd865e363c8ec59d1ce415d671
269ab2a272319239e3140c87b015d3fe553285ca
c28c2ea2fd722c4f05b13b83e74b578be4b0aeed251a37dd7553d8d2927da31e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/dyn-css/authorization.css?targetBlogID=812672324124708636&zx=ed31e21e-f28c-49dd-a43c-af3a347b6c89
142.250.74.105200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=812672324124708636&zx=ed31e21e-f28c-49dd-a43c-af3a347b6c89
IP 142.250.74.105:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=812672324124708636&zx=ed31e21e-f28c-49dd-a43c-af3a347b6c89 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 10 Nov 2022 11:27:55 GMT
last-modified: Thu, 10 Nov 2022 11:27:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bedrapiona.com/5/5077935/?oo=1&js_build=iclick-v1.448.1
139.45.197.234200 OK 3.1 kB URL HTTP/2 bedrapiona.com/5/5077935/?oo=1&js_build=iclick-v1.448.1
IP 139.45.197.234:0
File type JSON data\012- , ASCII text, with very long lines (3003)
Hash d3d997bc6721fda4eb9b27145a110f9f
de65ef7428affc1d9ba6262899e8b5ae04bcfc3a
1fa6a80f20098a5e162283ff3c3b5c25ce3026d61982c2326ce1c2ba96c43a7e
GET /5/5077935/?oo=1&js_build=iclick-v1.448.1 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:55 GMT
content-type: application/json
x-trace-id: f51bb5f6506f16afd18e490b2322355e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=a9d0c93a7f1c4f44bb3cd3d4859ef8f1; expires=Fri, 10 Nov 2023 11:27:55 GMT; path=/; secure; SameSite=None
oaidts=1668079675; expires=Fri, 10 Nov 2023 11:27:55 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5102432077805239&host=ca-host-pub-1556223355139109
142.250.74.98200 OK 55 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5102432077805239&host=ca-host-pub-1556223355139109
IP 142.250.74.98:0
File type ASCII text, with very long lines (2776)
Hash e91e27a4ca3ee29c0d4838e049d132a9
64092b5bad0a27462f7b4b8d2f483490c8c7b0b5
d559ccf13469ecf97e4e64a43a90fc29147f017eeda458505f7166f39867b237
GET /pagead/js/adsbygoogle.js?client=ca-pub-5102432077805239&host=ca-host-pub-1556223355139109 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 10 Nov 2022 11:27:55 GMT
expires: Thu, 10 Nov 2022 11:27:55 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 1004407207168365195
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 55193
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha09qWuB81gJsaooIq5N7-72ROerG9Ts1pCug8O5WVAQBKubCcmGj2DfMxW40jVbtXTzkKVraIgJdQ_WS6Yqcc8eDVUohr-iVC3pNZZpHRQJHZub5YRD5A=w72-h72-p-k-no-nu
142.250.74.33200 OK 4.0 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha09qWuB81gJsaooIq5N7-72ROerG9Ts1pCug8O5WVAQBKubCcmGj2DfMxW40jVbtXTzkKVraIgJdQ_WS6Yqcc8eDVUohr-iVC3pNZZpHRQJHZub5YRD5A=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Hash d0364857d5f0fbebee5cc39dcd1882e5
3576dea4b8b73f9267876fee720f236b6b6e6f00
ea2ea586d56169746c809ca7e0547d90a4f41189a11fee5976482b5083de1e23
GET /blogger_img_proxy/ANbyha09qWuB81gJsaooIq5N7-72ROerG9Ts1pCug8O5WVAQBKubCcmGj2DfMxW40jVbtXTzkKVraIgJdQ_WS6Yqcc8eDVUohr-iVC3pNZZpHRQJHZub5YRD5A=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Fri, 11 Nov 2022 11:27:55 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Thu, 10 Nov 2022 11:27:55 GMT
server: fife
content-length: 4038
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 58ad273c5ead6b1184f0bae78c306a52
a044ddd19e4523d2ddb42bfd4343aa1a0d3c4bce
71b62e94dda1d7d3c0ba08ca34c487e819b424b2da7f7cb3ec2120fb5b049b20
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f9746abd865e363c8ec59d1ce415d671
269ab2a272319239e3140c87b015d3fe553285ca
c28c2ea2fd722c4f05b13b83e74b578be4b0aeed251a37dd7553d8d2927da31e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash ca3f2252cea90af4dd61f2436982692f
f85ee05a57049d8c724abfa57d6ca02350b88429
89fe0b9cee38b5e1b0a1ba478f6671cff70de4841ccfbe6634a662acb536c6ab
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 10 Nov 2022 00:04:30 GMT
Expires: Thu, 17 Nov 2022 00:04:29 GMT
Etag: "f85ee05a57049d8c724abfa57d6ca02350b88429"
Cache-Control: max-age=563193,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 767e711458afb500-OSL
ashoupsu.com/5/5077902/?oo=1&aab=1
139.45.197.238200 OK 5.4 kB URL HTTP/2 ashoupsu.com/5/5077902/?oo=1&aab=1
IP 139.45.197.238:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (15992)
Hash d96feae3baae28d750738dbe2709e7f7
cb3859ec65e142c786bd5d82988d02d8e275a96a
f99cddecdd4cb8acf0bbd9e95816b589851484de0a3cdd4ccf35c58439cd0c81
Analyzer Verdict Alert quad9 Sinkholed
GET /5/5077902/?oo=1&aab=1 HTTP/1.1
Host: ashoupsu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:55 GMT
content-type: application/json
x-trace-id: 22ac2a5ecc1996e9adcf6d4e0d84f618
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=16424ed2be574714a1d721414f5e0fe0; expires=Fri, 10 Nov 2023 11:27:55 GMT; path=/; secure; SameSite=None
oaidts=1668079675; expires=Fri, 10 Nov 2023 11:27:55 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 2fe5c9e4eb3628bf2ec24516ac5b1efd
d5d6e1081969ccb5a2c859dbb08ac31079d6ab75
11f8421ed48150683cdab40019b712583b575b36adc3878142b336138607da0a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 06:25:22 GMT
Expires: Mon, 14 Nov 2022 06:25:21 GMT
Etag: "d5d6e1081969ccb5a2c859dbb08ac31079d6ab75"
Cache-Control: max-age=326845,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 767e711578a90b45-OSL
fonts.googleapis.com/css?family=Open+Sans:400,400i,700,700i
142.250.74.10200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,400i,700,700i
IP 142.250.74.10:0
Hash fed9d1697f764d32fb684ba0466ee1c7
eddcfc08ccca7d709c85b954140f54b042a2ab4d
9a027160ac7bdc1f7d94da4b30b43bd39254f9eb55bc643ced9b970aea252d11
GET /css?family=Open+Sans:400,400i,700,700i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 10 Nov 2022 11:27:54 GMT
date: Thu, 10 Nov 2022 11:27:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=16424ed2be574714a1d721414f5e0fe0
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=16424ed2be574714a1d721414f5e0fe0
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 702424c4b4d0729fd7e0a187aa39b4d8
8e284107ee92f154ca4f983cbbf8f0069b7c4c23
9ae927bde8bc4502a1c9872c8a3836c1aee26e6f7a57ec01447f4e62a48e2f02
GET /gid.js?userId=16424ed2be574714a1d721414f5e0fe0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:55 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=16424ed2be574714a1d721414f5e0fe0; expires=Fri, 10 Nov 2023 11:27:55 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js?hash=6a4aa661faa25b17ed584379e454cf68
31.13.72.12200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=6a4aa661faa25b17ed584379e454cf68
IP 31.13.72.12:0
File type ASCII text, with very long lines (18530)
Hash 36cb2c55744021a81dde16cf3547aa80
333be57c23ddfbd1cf1935b58cbf5100b6e9ed8c
980ddaa168e51012bc1e2269c1989677f3d7e3d2b751ed97c481a2e396d45cd1
GET /en_US/sdk.js?hash=6a4aa661faa25b17ed584379e454cf68 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 036f030f525176bb1ca8c33b8b4a4467
etag: "d00357d93628001ecdaf4bd41a38093b"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 10 Nov 2023 09:29:39 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: NsssVXRAIagd3hbPNUeqgA==
x-fb-debug: tpS+Qu67N8DYSUtT+GP9nBO1apg7wwrLzJxPjSEudDeZvXZUYaFn7e7KFkkoFyz8bKGuJL8dwpiRrLHTHPNg/w==
content-length: 88351
x-fb-trip-id: 1904183273
date: Thu, 10 Nov 2022 11:27:55 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 24 kB IP 172.64.155.188:0
Hash 1e0cd4016257b566dad21a932f4d25e3
029b92f5f742087465a6e7400cff4338280b508e
d43f15bb4010bb3cfaeb927e9c022098083b95a0534f2c1a228f1dddb8cf0938
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 10 Nov 2022 00:04:30 GMT
Expires: Thu, 17 Nov 2022 00:04:29 GMT
Etag: "f85ee05a57049d8c724abfa57d6ca02350b88429"
Cache-Control: max-age=563193,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 767e7115fa95b500-OSL
6.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 11:27:56 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://www.nodormirasmas.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 767e711739dfb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.nodormirasmas.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
region1.google-analytics.com/g/collect?v=2&tid=G-2J8KM34V2J>m=2oeb90&_p=1178447221&cid=1404057726.1668079672&ul=en-us&sr=1280x1024&_s=1&sid=1668079671&sct=1&seg=0&dl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&dt=HASTA%20EL%20VIENTO%20TIENE%20MIEDO%20-%20pel%C3%ADcula%20completa%20(M%C3%A9xico%201968)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-2J8KM34V2J>m=2oeb90&_p=1178447221&cid=1404057726.1668079672&ul=en-us&sr=1280x1024&_s=1&sid=1668079671&sct=1&seg=0&dl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&dt=HASTA%20EL%20VIENTO%20TIENE%20MIEDO%20-%20pel%C3%ADcula%20completa%20(M%C3%A9xico%201968)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-2J8KM34V2J>m=2oeb90&_p=1178447221&cid=1404057726.1668079672&ul=en-us&sr=1280x1024&_s=1&sid=1668079671&sct=1&seg=0&dl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&dt=HASTA%20EL%20VIENTO%20TIENE%20MIEDO%20-%20pel%C3%ADcula%20completa%20(M%C3%A9xico%201968)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.nodormirasmas.com
date: Thu, 10 Nov 2022 11:27:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash abc1b6dead712b3905b9b0c0c8b63b56
e63b4c3f61604e313af85d9577866b98f75faa2a
fe7ff7563830e4fd0ab0af0eb929ca26e7a59d6ac147115d127a9585867d139a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14019
Expires: Thu, 10 Nov 2022 15:21:35 GMT
Date: Thu, 10 Nov 2022 11:27:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74db090f-5da5-464b-91b1-7fac90d3e5eb.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74db090f-5da5-464b-91b1-7fac90d3e5eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d68ac59950c3276cd8f92b777a004df1
94c0ee5c14e8e8cdf95883582ba8084cc5867f93
b02d6d61c1fae8260d1fc30c0a78ebbc3482a3aa0acafb58d8269942ff8e732b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74db090f-5da5-464b-91b1-7fac90d3e5eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7987
x-amzn-requestid: 6a465dcd-6a4e-49fb-9fa9-169678d39b5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlo7HBFIAMFSQw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c9f-4ffe8f2534aeaef73329a8cd;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:19 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: WrcaH4gahZqvIVMBFxF5zwB7IXujbT64xDOL8WmuQajijIyEK7Or3g==
via: 1.1 637ef0a7bc474e9a314fa064b65e8082.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:47:28 GMT
age: 49228
etag: "94c0ee5c14e8e8cdf95883582ba8084cc5867f93"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c75dde9-2bef-4822-a6fb-e0589a3fab63.jpeg
34.120.237.76200 OK 3.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c75dde9-2bef-4822-a6fb-e0589a3fab63.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2dcde51bc367052b5d4566f2e99cef9a
0481ae2ec1c61273232fb22fc2a78d6e0d2048d6
303700c24ab524cd55bf4924e1c8032708df4498032232082b5321ac075461b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c75dde9-2bef-4822-a6fb-e0589a3fab63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3181
x-amzn-requestid: 497229d6-6e60-4a06-840e-760b26d0400f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bOA7hEDYoAMFXmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6368aeaf-79a19c2f615ee65534b23b77;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 07:07:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: x6ry-81sAws-TsvlqOQMD5laeUR1hfK9d_N507AgFU5AepaF_rq5Mg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 09:27:14 GMT
age: 7242
etag: "0481ae2ec1c61273232fb22fc2a78d6e0d2048d6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 178b1b5efcd0c5997d0e5b820193abe2
460630852800c0304295c78df268bfec64416f98
9822d2ef4199dcc01f81a8e6d3a91d9545466c17abfca4eb30e0a49ca8301da6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3445
x-amzn-requestid: 92b5ba7a-e45a-495c-89ae-9738fd5644bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWloyHMpoAMF-Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c9e-5508b96c349a34537809ef0e;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3-XU3AO60wbMDZcPshBPHvxEFAQHVs7-dlg52BfbxkSlDAEx9kaeeg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:58:41 GMT
age: 48555
etag: "460630852800c0304295c78df268bfec64416f98"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEh1pF89zz61y0Vw_aMEUIz0uylHofFeak8ujiYyg48B9wcUvIc1BQe7-BnnvYmmtEFw15hGbIkBHkKLw0W9WvEyLCiXHhTuogf-FN5WN_nW2x6LhSN3B6VzUbsAYwt9FYMOg0qfjes-H3Ob0F9wZ-Zy2ZQQ7XbzpB80AAF6WsbRJ_KhKMsraJncnXl3=w72-h72-p-k-no-nu
142.250.74.33200 OK 11 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEh1pF89zz61y0Vw_aMEUIz0uylHofFeak8ujiYyg48B9wcUvIc1BQe7-BnnvYmmtEFw15hGbIkBHkKLw0W9WvEyLCiXHhTuogf-FN5WN_nW2x6LhSN3B6VzUbsAYwt9FYMOg0qfjes-H3Ob0F9wZ-Zy2ZQQ7XbzpB80AAF6WsbRJ_KhKMsraJncnXl3=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type PNG image data, 72 x 72, 8-bit/color RGB, non-interlaced\012- data
Hash 9f99ebaa630ee8538fc585553661c2fd
3af123f9ac355b82d6dc4c61bce592bac2de7ee0
a18b1141890ab92afa840a3e8d1c6ed1d67bd71ec68426cb5c37ec3d6a79a257
GET /img/a/AVvXsEh1pF89zz61y0Vw_aMEUIz0uylHofFeak8ujiYyg48B9wcUvIc1BQe7-BnnvYmmtEFw15hGbIkBHkKLw0W9WvEyLCiXHhTuogf-FN5WN_nW2x6LhSN3B6VzUbsAYwt9FYMOg0qfjes-H3Ob0F9wZ-Zy2ZQQ7XbzpB80AAF6WsbRJ_KhKMsraJncnXl3=w72-h72-p-k-no-nu HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v149"
expires: Fri, 11 Nov 2022 11:27:56 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="image.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Thu, 10 Nov 2022 11:27:56 GMT
server: fife
content-length: 10936
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6f25920-a3d0-43b8-b5bf-03e98ef4db49.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6f25920-a3d0-43b8-b5bf-03e98ef4db49.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ee61492435f30b5997b4628feffd92a
7a4873a1b472f973fe8eef44a5af4eb7ace6344f
2685279092cd3c81ed4064ca47c286bc9993df2558be22326d3db2810544c4c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6f25920-a3d0-43b8-b5bf-03e98ef4db49.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10654
x-amzn-requestid: 29c382f1-c231-4293-bb36-3547bd2f93a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bRUxYFKwoAMFj7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636a01a2-5960978c2e9561057ad85692;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 07:13:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YzeTFhtl6N4a9j4R4G9mNyfmHsJ6qo6I6ChxwF3TmMiYaeJZDgVJTw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 07:27:11 GMT
age: 14445
etag: "7a4873a1b472f973fe8eef44a5af4eb7ace6344f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c73f10e-9c01-44bd-95d2-c18ba845fe07.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c73f10e-9c01-44bd-95d2-c18ba845fe07.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2917b487c605eb7f53d20ff3b4fbfef0
5dd8989fb1129638361c16ad2a1fde93a4c4aafd
aaf620d791f23829e15a454b3faf5b47a0f00ff37ada91d6de5c62c322fe90ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c73f10e-9c01-44bd-95d2-c18ba845fe07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8875
x-amzn-requestid: 1374243f-4fd8-4405-8f8a-946a8f92c457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlniEw2oAMFtfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c96-195c58a826eae13b58d21aa0;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MfDIK2PCS_o7UuNXVSNOb3YbR_P8vlF7xw75qf8WdbjRr8hzCVYu6A==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:46:28 GMT
age: 49288
etag: "5dd8989fb1129638361c16ad2a1fde93a4c4aafd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 168e1d2301217abde66b2f9ebc0ed7fc
75e175a2086e27a20cad47dd402ac538dd9fc918
e3e379ca43ae4452e954e5f8822e18ba5d8af025eac48c35965d31c914ad31a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3E379CA43AE4452E954E5F8822E18BA5D8AF025EAC48C35965D31C914AD31A2"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4423
Expires: Thu, 10 Nov 2022 12:41:39 GMT
Date: Thu, 10 Nov 2022 11:27:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe468f92f-2486-4c80-ab37-4225f9f983cc.webp
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe468f92f-2486-4c80-ab37-4225f9f983cc.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc04eddc597d6b10db5d59c53f20aec
dddc0da13526d24aaea990cc1d68d9212612da43
a7e2d1fd141c4383de3411be95b8875c9d969d5f001020793a2b4d939aaa780b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe468f92f-2486-4c80-ab37-4225f9f983cc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12268
x-amzn-requestid: cd9ea4f7-9a75-47b4-a0ad-817c821a592e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlpZHbBIAMFfUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1ca2-69a98f453929cc817bead2c7;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Xq1vIovXXR0pPaaHjKWeLcZszoEkISrYvqKvshtQ9dFTf6CUwxmIWA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:45:34 GMT
age: 49342
etag: "dddc0da13526d24aaea990cc1d68d9212612da43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20221108/r20190131/zrt_lookup.html
216.58.211.2200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20221108/r20190131/zrt_lookup.html
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20221108/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Thu, 10 Nov 2022 00:37:11 GMT
expires: Thu, 24 Nov 2022 00:37:11 GMT
cache-control: public, max-age=1209600
age: 39045
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/anon36.png
142.250.74.105200 OK 1.7 kB URL HTTP/2 resources.blogblog.com/img/anon36.png
IP 142.250.74.105:0
File type PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data
Hash 106b75877485647b4b5618523f541732
c19e26c01d2972a4c895c3688c735158785620c7
19a794aab8d93c3cafd1efa4ae19579369f92ed5f1bb114d05aa0d7c7d1b3c22
GET /img/anon36.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 1654
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 04 Nov 2022 06:44:36 GMT
expires: Fri, 11 Nov 2022 06:44:36 GMT
cache-control: public, max-age=604800
last-modified: Thu, 03 Nov 2022 14:51:43 GMT
content-type: image/png
age: 535400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEiGRdOsRrsEKeAJjDtkRq_x_jym_FJSRGK2YUFjVtzhZaiw6CFcTgpw0limNHNuswD3tDUK8htMl2EUOPkjc8K7gNQDcdVDiU34tEFeLqOK3msx9uxaIcsOSPe7GgLKkrKeQAjCr8BCwEahCx_icQ1sMvzCFm8Gaogk0G7qZKQbaVoMahPZHvig3TeU=w72-h72-p-k-no-nu
142.250.74.33200 OK 10 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEiGRdOsRrsEKeAJjDtkRq_x_jym_FJSRGK2YUFjVtzhZaiw6CFcTgpw0limNHNuswD3tDUK8htMl2EUOPkjc8K7gNQDcdVDiU34tEFeLqOK3msx9uxaIcsOSPe7GgLKkrKeQAjCr8BCwEahCx_icQ1sMvzCFm8Gaogk0G7qZKQbaVoMahPZHvig3TeU=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type PNG image data, 72 x 72, 8-bit/color RGB, non-interlaced\012- data
Hash b63e178a170ac6815882ac9ec4314944
bd17ce27c421b78d11fe76473206dfa785d6ea4b
d0174f080d17cd147c28ef940c7de7c89b2645dd896f20802b9328981020bc00
GET /img/a/AVvXsEiGRdOsRrsEKeAJjDtkRq_x_jym_FJSRGK2YUFjVtzhZaiw6CFcTgpw0limNHNuswD3tDUK8htMl2EUOPkjc8K7gNQDcdVDiU34tEFeLqOK3msx9uxaIcsOSPe7GgLKkrKeQAjCr8BCwEahCx_icQ1sMvzCFm8Gaogk0G7qZKQbaVoMahPZHvig3TeU=w72-h72-p-k-no-nu HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v13a"
expires: Fri, 11 Nov 2022 11:27:56 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="image.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Thu, 10 Nov 2022 11:27:56 GMT
server: fife
content-length: 10009
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
appatdnjl6lm.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 appatdnjl6lm.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: appatdnjl6lm.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:56 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
www.nodormirasmas.com/2022/05/terror-en-tiktok-madre-asegura-que-un.html
142.250.74.83200 OK 82 kB URL HTTP/2 www.nodormirasmas.com/2022/05/terror-en-tiktok-madre-asegura-que-un.html
IP 142.250.74.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2940)
Hash 93acae3a8d436c8a5586a379d427c2a8
5afc98e8c39fbfbcf820283478e780d912f06d8c
d698350667187e56591e6c7a0f0beb396488394187038814e95de11db14be12b
GET /2022/05/terror-en-tiktok-madre-asegura-que-un.html HTTP/1.1
Host: www.nodormirasmas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Thu, 10 Nov 2022 11:27:56 GMT
date: Thu, 10 Nov 2022 11:27:56 GMT
cache-control: private, max-age=0
last-modified: Thu, 10 Nov 2022 00:10:42 GMT
etag: W/"47ca9778dbf2fb60a84157fba9cc1d6487aa49ae458f25c003ca28f058390e3d"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 82373
server: GSE
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEgcoidBIZn1Op7wo3FRUbj36_eWrw25H5WgrAIHf2XHB-uncMdm4BemS62huQSoWFDF8jbD8x6mbqhjGrfi7GHkLR4Knz2SMlP8rCV394LSttmKLPDdkbm0TPG1y1msnCmJ9_p7ahZ-KY4_7oCKypuaTPOCsuYg9r8OxlIi6UiMJ0umo6gbs3Q-BnYU=s1107
142.250.74.33200 OK 171 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEgcoidBIZn1Op7wo3FRUbj36_eWrw25H5WgrAIHf2XHB-uncMdm4BemS62huQSoWFDF8jbD8x6mbqhjGrfi7GHkLR4Knz2SMlP8rCV394LSttmKLPDdkbm0TPG1y1msnCmJ9_p7ahZ-KY4_7oCKypuaTPOCsuYg9r8OxlIi6UiMJ0umo6gbs3Q-BnYU=s1107
IP 142.250.74.33:0
File type PNG image data, 1107 x 181, 8-bit/color RGB, non-interlaced\012- data
Size 171 kB (171118 bytes)
Hash 8317d3aca360f3d5c3591fadbbcb2e61
9c3b61b3000124c23c42868f2e0ab89d6b319d0f
1c8c25af738b722076b5df4bbaa9a5728efc7d94878b604242b2e1d47a7d23fb
GET /img/a/AVvXsEgcoidBIZn1Op7wo3FRUbj36_eWrw25H5WgrAIHf2XHB-uncMdm4BemS62huQSoWFDF8jbD8x6mbqhjGrfi7GHkLR4Knz2SMlP8rCV394LSttmKLPDdkbm0TPG1y1msnCmJ9_p7ahZ-KY4_7oCKypuaTPOCsuYg9r8OxlIi6UiMJ0umo6gbs3Q-BnYU=s1107 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "vc620"
expires: Fri, 11 Nov 2022 11:27:56 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="plantilla canal.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Thu, 10 Nov 2022 11:27:56 GMT
server: fife
content-length: 171118
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEg4Sonmud2QQZbPeidbnMwTOovpQ22LMQXm-KVwRwT7k2MTXy8Cy8Yg_WYkT9tokqVA8B1A6EEuntwP3XENr_H-A1tuYtij5ipx5VreITYkt8yxEORoayB_ucstmSH5teSNtYloEzhJxxjiOIg0N6YwzDxR5JgWs4q9rMmkQqgZTRZjVYSkCXAoTFDf=s1107
142.250.74.33200 OK 171 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEg4Sonmud2QQZbPeidbnMwTOovpQ22LMQXm-KVwRwT7k2MTXy8Cy8Yg_WYkT9tokqVA8B1A6EEuntwP3XENr_H-A1tuYtij5ipx5VreITYkt8yxEORoayB_ucstmSH5teSNtYloEzhJxxjiOIg0N6YwzDxR5JgWs4q9rMmkQqgZTRZjVYSkCXAoTFDf=s1107
IP 142.250.74.33:0
File type PNG image data, 1107 x 181, 8-bit/color RGB, non-interlaced\012- data
Size 171 kB (171118 bytes)
Hash 8317d3aca360f3d5c3591fadbbcb2e61
9c3b61b3000124c23c42868f2e0ab89d6b319d0f
1c8c25af738b722076b5df4bbaa9a5728efc7d94878b604242b2e1d47a7d23fb
GET /img/a/AVvXsEg4Sonmud2QQZbPeidbnMwTOovpQ22LMQXm-KVwRwT7k2MTXy8Cy8Yg_WYkT9tokqVA8B1A6EEuntwP3XENr_H-A1tuYtij5ipx5VreITYkt8yxEORoayB_ucstmSH5teSNtYloEzhJxxjiOIg0N6YwzDxR5JgWs4q9rMmkQqgZTRZjVYSkCXAoTFDf=s1107 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "vc622"
expires: Fri, 11 Nov 2022 11:27:56 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="plantilla canal.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Thu, 10 Nov 2022 11:27:56 GMT
server: fife
content-length: 171118
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 702424c4b4d0729fd7e0a187aa39b4d8
8e284107ee92f154ca4f983cbbf8f0069b7c4c23
9ae927bde8bc4502a1c9872c8a3836c1aee26e6f7a57ec01447f4e62a48e2f02
GET /gid.js?userId=p8sb335388ce226856839l1j2sihb639 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Cookie: ID=16424ed2be574714a1d721414f5e0fe0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:56 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=16424ed2be574714a1d721414f5e0fe0; expires=Fri, 10 Nov 2023 11:27:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 62d835d5c67b5c11824d794b8f69cd59
4d51e3cb378f22b82e1bb79bf7a0430679ab39c2
bafb9e7627b08ccd0bf68fe0e5f0865ed2682005673c5fa8672b5c4a576d746e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 62d835d5c67b5c11824d794b8f69cd59
4d51e3cb378f22b82e1bb79bf7a0430679ab39c2
bafb9e7627b08ccd0bf68fe0e5f0865ed2682005673c5fa8672b5c4a576d746e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ashoupsu.com/?rb=Yi93UJAYVrLiisN77GNp0d-cSulBGQt2nwLX843xYS4U2Qaz3f7VE8LLULxJdODdLeMhzmoaEkxgHs7Wq73cehfEjF-KZM6KZwCkrM1xur5rsqw-SCC5s7EtoJ2n5v3m_wP1oLA7E7Ifu9PPaAWoBWjy-buLHIGsyy5fR7w0OVrry8mBTkousOoJNfCOeHDIZJPy-Jx5NPRJyJR8ZSzPXMng125K3GANfmieqWBegywsY-pIHatErQ%3D%3D&request_ab2=0&zoneid=5077902&js_build=iclick-v1.448.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=5&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.1&bs=c0636430-299c-43a3-b55f-2b4004f630a2&userId=p8sb335388ce226856839l1j2sihb639&m=link
139.45.197.238200 OK 104 kB URL HTTP/2 ashoupsu.com/?rb=Yi93UJAYVrLiisN77GNp0d-cSulBGQt2nwLX843xYS4U2Qaz3f7VE8LLULxJdODdLeMhzmoaEkxgHs7Wq73cehfEjF-KZM6KZwCkrM1xur5rsqw-SCC5s7EtoJ2n5v3m_wP1oLA7E7Ifu9PPaAWoBWjy-buLHIGsyy5fR7w0OVrry8mBTkousOoJNfCOeHDIZJPy-Jx5NPRJyJR8ZSzPXMng125K3GANfmieqWBegywsY-pIHatErQ%3D%3D&request_ab2=0&zoneid=5077902&js_build=iclick-v1.448.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=5&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.1&bs=c0636430-299c-43a3-b55f-2b4004f630a2&userId=p8sb335388ce226856839l1j2sihb639&m=link
IP 139.45.197.238:0
File type JSON data\012- , ASCII text, with very long lines (4614)
Size 104 kB (103625 bytes)
Hash 05d4052b0c774d89cd05717c9a6e774d
d112ef920aff2d250294953b81bb763a925dbad1
a7a9599d63f87880a57cc7d7d1dbe125770a2c763590a307ed03c9517363bb88
Analyzer Verdict Alert quad9 Sinkholed
GET /?rb=Yi93UJAYVrLiisN77GNp0d-cSulBGQt2nwLX843xYS4U2Qaz3f7VE8LLULxJdODdLeMhzmoaEkxgHs7Wq73cehfEjF-KZM6KZwCkrM1xur5rsqw-SCC5s7EtoJ2n5v3m_wP1oLA7E7Ifu9PPaAWoBWjy-buLHIGsyy5fR7w0OVrry8mBTkousOoJNfCOeHDIZJPy-Jx5NPRJyJR8ZSzPXMng125K3GANfmieqWBegywsY-pIHatErQ%3D%3D&request_ab2=0&zoneid=5077902&js_build=iclick-v1.448.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=5&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.1&bs=c0636430-299c-43a3-b55f-2b4004f630a2&userId=p8sb335388ce226856839l1j2sihb639&m=link HTTP/1.1
Host: ashoupsu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nodormirasmas.com/
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Cookie: OAID=16424ed2be574714a1d721414f5e0fe0; oaidts=1668079675
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:56 GMT
content-type: application/json
x-trace-id: 6d843c03fcd2e8e6c3401186dd0a3ead
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=p8sb335388ce226856839l1j2sihb639; expires=Fri, 10 Nov 2023 11:27:56 GMT; path=/; secure; SameSite=None
oaidts=1668079676; expires=Fri, 10 Nov 2023 11:27:56 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 17 Nov 2022 11:27:56 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 53969222478ce2872bf565129c21380d
eebc4155a20b9a0a4ed9bffafd90406b104a95e3
33b092496fdea1bd04987a571382666ae5ac2a5ff568d5498c1b63ea46aa559f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "33B092496FDEA1BD04987A571382666AE5AC2A5FF568D5498C1B63EA46AA559F"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18328
Expires: Thu, 10 Nov 2022 16:33:24 GMT
Date: Thu, 10 Nov 2022 11:27:56 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 280937c8e5118a2c79b44455ac814cc8
2b0739876899dadc94292c8d3a25d41eb18d979d
3175e8f22bc806bd6c5c60852e76e969f33040b090384c70db75fc5326ee90c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.166200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.166:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 11:14:05 GMT
expires: Thu, 10 Nov 2022 11:29:05 GMT
cache-control: public, max-age=900
age: 831
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=www.nodormirasmas.com
172.217.21.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.nodormirasmas.com
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.nodormirasmas.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 10 Nov 2022 11:27:56 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=www.nodormirasmas.com
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=www.nodormirasmas.com
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.nodormirasmas.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 10 Nov 2022 11:27:56 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 62d835d5c67b5c11824d794b8f69cd59
4d51e3cb378f22b82e1bb79bf7a0430679ab39c2
bafb9e7627b08ccd0bf68fe0e5f0865ed2682005673c5fa8672b5c4a576d746e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2817ce33ca8b3667491f155a141abfa7
c39855bf058d975083bd145b944a438b47307a36
33bb12b05df7cb1e19ba5647d57b5cc5f0a79095a2ca40a04e5fe076b7e33422
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash da6ea2384d89dcf08521ba15aaa8c085
141a73f1f12700389cecb3548d37c2d5286e7a95
db36322a9271b8e877ba3b1b59c0b8783eb5e9ac8cddd9ecce4180904e7a1088
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 98d2dcb84a37daa2fb23c827ff88b340
0044d5f3939f68f1dd840bf8fcc0a136beda6ae3
7eb6cb22996da7036eb151d07a2fcc0df7018d5111f19e84a911e7edefe3e327
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=www.nodormirasmas.com&callback=_gfp_s_&client=ca-pub-5102432077805239&gpid_exp=1
172.217.21.162200 OK 256 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www.nodormirasmas.com&callback=_gfp_s_&client=ca-pub-5102432077805239&gpid_exp=1
IP 172.217.21.162:0
File type ASCII text, with very long lines (401), with no line terminators
Hash f3498f9b43270250d481ab5f8bf129a1
c8bf0d9b776d3206ebf45a12923d29dbdcd255fa
4184565214cfc259d9874d7985de1a5230177387704d2256f6bc6f60893be9e8
GET /gampad/cookie.js?domain=www.nodormirasmas.com&callback=_gfp_s_&client=ca-pub-5102432077805239&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 10 Nov 2022 11:27:56 GMT
server: cafe
cache-control: private
content-length: 256
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 98d2dcb84a37daa2fb23c827ff88b340
0044d5f3939f68f1dd840bf8fcc0a136beda6ae3
7eb6cb22996da7036eb151d07a2fcc0df7018d5111f19e84a911e7edefe3e327
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
play.google.com/log?format=json&hasfast=true&authuser=0
216.58.207.206200 OK 0 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 216.58.207.206:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Thu, 10 Nov 2022 11:27:57 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+485; expires=Sat, 09-Nov-2024 11:27:57 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 10 Nov 2022 11:27:57 GMT
cache-control: private
X-Firefox-Spdy: h2
play.google.com/log?format=json&hasfast=true&authuser=0
216.58.207.206200 OK 131 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 216.58.207.206:0
File type JSON data\012- , ASCII text, with no line terminators
Hash babb6f090aeebc6f421624475b4aefff
06079b7547949822c118224e51604f4c5ebf80c8
b2fe8b91f31edc7284cc9690e90dd4a38d985598374df68967d917590beb55dd
POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
X-Goog-AuthUser: 0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 1561
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Thu, 10 Nov 2022 11:27:57 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+724; expires=Sat, 09-Nov-2024 11:27:57 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 10 Nov 2022 11:27:57 GMT
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 10 Nov 2022 11:27:57 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 9b27d0bfaf6ec30690eba902f50ce1ce
b274adea0a925d814dfd0ad80d1888dd06f4e269
f66f94bb109a214e8d83f5112c7468c729357833cf65e2d7db4f49564fac3485
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/EWuoZ_9LU3hL76PT3YFLg_EjKJdTpZ6rgtgTJA98OBY.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/EWuoZ_9LU3hL76PT3YFLg_EjKJdTpZ6rgtgTJA98OBY.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (35974)
Hash 89da5756c3061bf086f28e85c062ea28
d46d62afb0048e31e65c624e26fc5620eb1e7fdd
7c5e7453571c65550671610b433b6a9ce831d3532c6c503539f8a060e5b264df
GET /js/th/EWuoZ_9LU3hL76PT3YFLg_EjKJdTpZ6rgtgTJA98OBY.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14351
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 18:36:34 GMT
expires: Thu, 09 Nov 2023 18:36:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 20 Oct 2022 10:30:00 GMT
content-type: text/javascript
age: 60683
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
142.250.74.164200 OK 668 B URL HTTP/2 www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
IP 142.250.74.164:0
File type ASCII text, with very long lines (1034), with no line terminators
Hash 9854f5bd4803e3efa3955490085899af
271bba7dd46d88634e82cc830db00532821f4666
ede4d0952d07599d8151270dbefc3e679aae845dbbd1786b43e9ef50548b9230
GET /recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
expires: Thu, 10 Nov 2022 11:27:57 GMT
date: Thu, 10 Nov 2022 11:27:57 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 668
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash dc41b60b2d353f7576a4c9d05c72ec71
3ce3bb7818468f35ffb593581751495f2e899fb9
06d8b098715e1057b385d5c7bd4b907c4e2a3c0b922d855d6ac68674d4fcaa08
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 10 Nov 2022 11:27:57 GMT
server: ESF
cache-control: private
content-length: 30723
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash b53274f1c4f81053a52b2a8da3017e00
9eddf45e7b209e1fa8c8927b769d10751dd88dd1
1936a2d7d87e37c81b68fa49699de08fdc5ab2881f37fb1f6fd66d54cccf96ab
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 10 Nov 2022 11:27:57 GMT
server: ESF
cache-control: private
content-length: 30745
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 24f7571e306d068f1f196a316eb95c9b
b0afe7bf2d22d3e30eb97ef7ee160e1fe1e0c114
82e26881a116c8484b307b9b45aac1c09078231c57941bbaa506b1708e1389b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
appatdnjl6lm.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 appatdnjl6lm.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: appatdnjl6lm.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:57 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 61a9432317cba5908c0a73266e8b8a62
c8bc872f016956cbb5569d7727bdfd46d64146c6
fafa5e76a4ed086616cce2f8e5af613630b11221ec9001d30cac72f6c1f350de
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 24f7571e306d068f1f196a316eb95c9b
b0afe7bf2d22d3e30eb97ef7ee160e1fe1e0c114
82e26881a116c8484b307b9b45aac1c09078231c57941bbaa506b1708e1389b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/48asQpd-JBk/sddefault.webp
216.58.207.246200 OK 40 kB URL HTTP/2 i.ytimg.com/vi_webp/48asQpd-JBk/sddefault.webp
IP 216.58.207.246:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 316de4913caee08977bdb63976de8099
9c831f48c2f11f79ec94222868ecbbf1fef2f94d
35088f37dbaf85d190eb234101b807606f6b9077dcb5cb2c0b42759bec40ae27
GET /vi_webp/48asQpd-JBk/sddefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 39610
date: Thu, 10 Nov 2022 11:27:57 GMT
expires: Thu, 10 Nov 2022 13:27:57 GMT
cache-control: public, max-age=7200
etag: "1637246739"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js
142.250.74.163200 OK 162 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (590)
Size 162 kB (162282 bytes)
Hash 05e06c50dab6f3d7f8bfde22301888db
64b3c20c788d298a672fabf9627eac914d95ed08
95176711feca1110e764a31e36764d5b331b033ed56fb372b42250329b33e1d6
GET /recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162282
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 15:58:35 GMT
expires: Tue, 07 Nov 2023 15:58:35 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 31 Oct 2022 04:02:45 GMT
content-type: text/javascript
age: 242962
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi/BZLjOrJ25Gs/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AHUBoAC4AOKAgwIABABGHIgPSg6MA8=&rs=AOn4CLBO5banoHplJtayaFCDeLmzIuJXDw
216.58.207.246200 OK 18 kB URL HTTP/2 i.ytimg.com/vi/BZLjOrJ25Gs/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AHUBoAC4AOKAgwIABABGHIgPSg6MA8=&rs=AOn4CLBO5banoHplJtayaFCDeLmzIuJXDw
IP 216.58.207.246:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash 3d63eb58069aee5e3f790d068e535abd
008aeca56c546230ca4dba6a7632dac949aa5192
1011d675a0b6166ab610dac0cc207287936f3305d807567066246972641b9173
GET /vi/BZLjOrJ25Gs/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AHUBoAC4AOKAgwIABABGHIgPSg6MA8=&rs=AOn4CLBO5banoHplJtayaFCDeLmzIuJXDw HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 18067
date: Thu, 10 Nov 2022 11:27:57 GMT
expires: Thu, 10 Nov 2022 13:27:57 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 24f7571e306d068f1f196a316eb95c9b
b0afe7bf2d22d3e30eb97ef7ee160e1fe1e0c114
82e26881a116c8484b307b9b45aac1c09078231c57941bbaa506b1708e1389b6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 61a9432317cba5908c0a73266e8b8a62
c8bc872f016956cbb5569d7727bdfd46d64146c6
fafa5e76a4ed086616cce2f8e5af613630b11221ec9001d30cac72f6c1f350de
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu98fgqDzv_6zDweHEuTDg_od1LB_4uaJV0SLkhO=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 2.9 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu98fgqDzv_6zDweHEuTDg_od1LB_4uaJV0SLkhO=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 8f47f668c055e1a885a0349577aef574
022c6e638f8e71e363aef6e3df2778c462f7789f
f64e429505535136dee03762a47f319d74a8d8b580885598bcfb0f403a388344
GET /ytc/AMLnZu98fgqDzv_6zDweHEuTDg_od1LB_4uaJV0SLkhO=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v25"
expires: Fri, 11 Nov 2022 11:27:57 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Thu, 10 Nov 2022 11:27:57 GMT
server: fife
content-length: 2907
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yt3.ggpht.com/gSrwZtNbOwJhiQEHHuf004r6bdJszXa4hXhfvT54SiXBLJSNe5JL020FG9GtB8b-S1RPc6wwkA=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.0 kB URL HTTP/2 yt3.ggpht.com/gSrwZtNbOwJhiQEHHuf004r6bdJszXa4hXhfvT54SiXBLJSNe5JL020FG9GtB8b-S1RPc6wwkA=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash a85dae0d9e5aa4eac33a1189dfb15ca9
e6f883942e4de0bd3cb175b5685126f71ea09c6e
9ef8fe9c0d2f94cf6e2c69d5f3736c7e3be31682d098b0b118eefb09769bd32a
GET /gSrwZtNbOwJhiQEHHuf004r6bdJszXa4hXhfvT54SiXBLJSNe5JL020FG9GtB8b-S1RPc6wwkA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Fri, 11 Nov 2022 11:27:57 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="channels4_profile.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Thu, 10 Nov 2022 11:27:57 GMT
server: fife
content-length: 3041
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=a9d0c93a7f1c4f44bb3cd3d4859ef8f1
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=a9d0c93a7f1c4f44bb3cd3d4859ef8f1
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 702424c4b4d0729fd7e0a187aa39b4d8
8e284107ee92f154ca4f983cbbf8f0069b7c4c23
9ae927bde8bc4502a1c9872c8a3836c1aee26e6f7a57ec01447f4e62a48e2f02
GET /gid.js?userId=a9d0c93a7f1c4f44bb3cd3d4859ef8f1 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Cookie: ID=16424ed2be574714a1d721414f5e0fe0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=16424ed2be574714a1d721414f5e0fe0; expires=Fri, 10 Nov 2023 11:27:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ea8f2561d95482c4c464fbaaf13ff409
3deec71459a68e8afaf2690be789748d0ced91e4
2978b7f9fe43898edacc8ab2f6f8765d718918e8389d51cbbc948c84d467ffd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2978B7F9FE43898EDACC8AB2F6F8765D718918E8389D51CBBC948C84D467FFD6"
Last-Modified: Thu, 10 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19332
Expires: Thu, 10 Nov 2022 16:50:10 GMT
Date: Thu, 10 Nov 2022 11:27:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 11e4535712197ace6063ae2a6c8c6911
bcfae7b13c5d1be9bace7d58242d242adff6e67b
5c35534f3c4f6f58b8624ee41d77be8ae4c074853e84a5a539c4615fc9f90e31
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C35534F3C4F6F58B8624EE41D77BE8AE4C074853E84A5A539C4615FC9F90E31"
Last-Modified: Tue, 08 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13677
Expires: Thu, 10 Nov 2022 15:15:55 GMT
Date: Thu, 10 Nov 2022 11:27:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 67392cc711751012197025c4e3f8bec6
4a8390beb3132816311b3bea53d6c982a3a74528
e348ba66f41c5bce09ace67b2fa1386640562545b82086907cd76c966ce11dd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E348BA66F41C5BCE09ACE67B2FA1386640562545B82086907CD76C966CE11DD6"
Last-Modified: Wed, 09 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18719
Expires: Thu, 10 Nov 2022 16:39:57 GMT
Date: Thu, 10 Nov 2022 11:27:58 GMT
Connection: keep-alive
adsco.re/p
162.252.214.5200 OK 171 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash 2619074d6deef55fa341eabe5b0e0843
287d36fb62e35fd26d7d2303f5b216dc96e34601
4131a03c4495580e596eb561f7abdbc5b7a6590179264243f079ab579fd4568b
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2565
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://www.nodormirasmas.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
ibrapush.com/zone?pub=0&zone_id=5077934&is_mobile=false&domain=www.nodormirasmas.com&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 ibrapush.com/zone?pub=0&zone_id=5077934&is_mobile=false&domain=www.nodormirasmas.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash 4dacbf0569a63ec3a1432602be24bf03
9af5ca97a5e6ebfb22deb96542f36235d4eabe76
7ce85b9a49b95a8b7f1d087089691cb2e72d5477d5d1e995ddd3c640521961ab
GET /zone?pub=0&zone_id=5077934&is_mobile=false&domain=www.nodormirasmas.com&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nodormirasmas.com/
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 4f895689eb0339489e9d2926951a4bc1
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
betotodilea.com/400/5077932
139.45.197.237200 OK 68 kB URL HTTP/2 betotodilea.com/400/5077932
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0e5fe463907b189d1f5f836c298f0b96
5b108e9699fb8bfaf3c803cd1b23d969a938b992
3aede4c47ae71cc348f0c879077a57bab856c097948e470a14c4e58bb63c5ef9
Analyzer Verdict Alert quad9 Sinkholed
GET /400/5077932 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/javascript
x-trace-id: 494ca1cfbd121d4ab1c7efca92d805a6
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=287d0cf5bcfd4e258e4ee9741257241e; expires=Fri, 10 Nov 2023 11:27:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8af9489e21335e095cadbe716ea9267a
59e3ef7cc22ef2093d1454be3f395ebb691ff8dd
49c1a8961499cfffcebf02a1a6a154f0dda49f55ad199da2fc9e8828ca7470a8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5967
Cache-Control: max-age=167426
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:58 GMT
Etag: "636cb3f1-117"
Expires: Sat, 12 Nov 2022 09:58:24 GMT
Last-Modified: Thu, 10 Nov 2022 08:18:57 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 702424c4b4d0729fd7e0a187aa39b4d8
8e284107ee92f154ca4f983cbbf8f0069b7c4c23
9ae927bde8bc4502a1c9872c8a3836c1aee26e6f7a57ec01447f4e62a48e2f02
GET /gid.js?userId=p8sb335388ce226856839l1j2sihb639 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Cookie: ID=16424ed2be574714a1d721414f5e0fe0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=16424ed2be574714a1d721414f5e0fe0; expires=Fri, 10 Nov 2023 11:27:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.84.149200 OK 5.5 kB IP 104.21.84.149:0
File type ASCII text, with very long lines (13017), with no line terminators
Hash f4aac826be9aae9a428b78b1691412a7
647df363dbb3ec70f5cec5f2585d9102419a9875
752cbfe47fe8d4f244749ddf8bfc4eed4631cff127c8084b884591442e35ce03
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 14:05:58 GMT
etag: W/"634eb2c6-32d9"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 221
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8LIaAsIUmd3NGTj0Bycq9m%2But2i77GnUJek3D1TISkVAPPLhQXt%2B%2BhwaTcGhAnIBOd%2B8iQvohX4YMB8wA1a2FDvTH%2FF2tUBCPZz1d4yFKfXIz%2BXIFCHfIzGZ%2BrsMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 767e7125386c1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nanouwho.com/27/67dae0fda1f30b6204d46c27d6d86928
139.45.197.242200 OK 123 kB URL HTTP/2 nanouwho.com/27/67dae0fda1f30b6204d46c27d6d86928
IP 139.45.197.242:0
Size 123 kB (122852 bytes)
Hash a795b24dd536be43b0c08b3264cbed6a
a6f3178a0d73db93026d9290b176938850d31553
caaee9792082999053ef3558ada3b6412efd87593e71491aadf55d14e08e4d80
Analyzer Verdict Alert quad9 Sinkholed
GET /27/67dae0fda1f30b6204d46c27d6d86928 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Cookie: scm=1; OAID=ffb1369c252541ecb84289fb0f98df24; oaidts=1668079678
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Tue, 08 Nov 2022 10:49:08 GMT
expires: Tue, 08 Dec 2082 10:49:08 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://c.adsco.re/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 74f57ed4981620fe2f73f9f139cd4ed9
0f4c4063e03ace911adcadd640b8dc47da56212a
b6ec81a2be293fac6c5f9c6dc59595ab3505eabebfe523501dfd1e9af1d86c1a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6EC81A2BE293FAC6C5F9C6DC59595AB3505EABEBFE523501DFD1E9AF1D86C1A"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8259
Expires: Thu, 10 Nov 2022 13:45:37 GMT
Date: Thu, 10 Nov 2022 11:27:58 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 702424c4b4d0729fd7e0a187aa39b4d8
8e284107ee92f154ca4f983cbbf8f0069b7c4c23
9ae927bde8bc4502a1c9872c8a3836c1aee26e6f7a57ec01447f4e62a48e2f02
GET /gid.js?userId=p8sb335388ce226856839l1j2sihb639 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Cookie: ID=16424ed2be574714a1d721414f5e0fe0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=16424ed2be574714a1d721414f5e0fe0; expires=Fri, 10 Nov 2023 11:27:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
www.encadenados.org/rdc/images/stories/rashomon/num_104/sospecha-0.jpg
109.234.84.20200 OK 122 kB URL HTTP/2 www.encadenados.org/rdc/images/stories/rashomon/num_104/sospecha-0.jpg
IP 109.234.84.20:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1024, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=703], progressive, precision 8, 333x485, components 3\012- data
Size 122 kB (122402 bytes)
Hash 062c133d382252eaf1ef024569add935
574df3a2032d04f507cb570105c2018ba26285ff
1889181435db6c54baff9aeb6c03e1e8824ebeb064339ab78f9d8b34c23ae5a3
GET /rdc/images/stories/rashomon/num_104/sospecha-0.jpg HTTP/1.1
Host: www.encadenados.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 17 Nov 2022 11:27:58 GMT
content-type: image/jpeg
last-modified: Wed, 24 Mar 2021 07:14:47 GMT
accept-ranges: bytes
content-length: 122402
date: Thu, 10 Nov 2022 11:27:58 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 3857c924c98f7678c371a11b77346e9a
84aab459b9074e5fcc5e6e98f4662e6cf8d4a607
70408dca6bf6610239f3ff741618ad574d4045fa7f9303dbbb27e4eaa08bc5ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 00:52:20 GMT
Expires: Mon, 14 Nov 2022 00:52:19 GMT
Etag: "84aab459b9074e5fcc5e6e98f4662e6cf8d4a607"
Cache-Control: max-age=306860,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 767e712709270b45-OSL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 949
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 10 Nov 2022 11:28:03 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www.nodormirasmas.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.207.202200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.207.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.207.202200 OK 110 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.207.202:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 22eaad3b6996218dd7c8d52b17e00be9
7b19071334f18748746a80b5bbe8d04b974239c1
185932ca9cb617804644700c90d4b4fd962c78b57cf065d31f1611697353f685
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1346
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 10 Nov 2022 11:27:58 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.207.202200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.207.202:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 487d587437a3cdd6f471dbc8b979b181
4683062e0bb932e09475500d84b78d184a7f9139
1b2676f1c180879e04df75f1ac366ce0de4cefccc4800ad10184f1db7e0c65f2
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 962
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 10 Nov 2022 11:27:58 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
nanouwho.com/9?z=5077933&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&sah=1002&drf=&hil=1&ist=0&oaid=p8sb335388ce226856839l1j2sihb639
139.45.197.242204 No Content 0 B URL HTTP/2 nanouwho.com/9?z=5077933&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&sah=1002&drf=&hil=1&ist=0&oaid=p8sb335388ce226856839l1j2sihb639
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5077933&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&sah=1002&drf=&hil=1&ist=0&oaid=p8sb335388ce226856839l1j2sihb639 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.nodormirasmas.com/
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 702424c4b4d0729fd7e0a187aa39b4d8
8e284107ee92f154ca4f983cbbf8f0069b7c4c23
9ae927bde8bc4502a1c9872c8a3836c1aee26e6f7a57ec01447f4e62a48e2f02
GET /gid.js?userId=p8sb335388ce226856839l1j2sihb639 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Cookie: ID=16424ed2be574714a1d721414f5e0fe0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=16424ed2be574714a1d721414f5e0fe0; expires=Fri, 10 Nov 2023 11:27:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=p8sb335388ce226856839l1j2sihb639
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 702424c4b4d0729fd7e0a187aa39b4d8
8e284107ee92f154ca4f983cbbf8f0069b7c4c23
9ae927bde8bc4502a1c9872c8a3836c1aee26e6f7a57ec01447f4e62a48e2f02
GET /gid.js?userId=p8sb335388ce226856839l1j2sihb639 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Cookie: ID=16424ed2be574714a1d721414f5e0fe0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=16424ed2be574714a1d721414f5e0fe0; expires=Fri, 10 Nov 2023 11:27:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
nanouwho.com/9?z=5077933&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&sah=1002&drf=&hil=1&ist=0&oaid=p8sb335388ce226856839l1j2sihb639
139.45.197.242200 OK 2.6 kB URL HTTP/2 nanouwho.com/9?z=5077933&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&sah=1002&drf=&hil=1&ist=0&oaid=p8sb335388ce226856839l1j2sihb639
IP 139.45.197.242:0
File type JSON data\012- , ASCII text, with very long lines (6332), with no line terminators
Hash e607ab62d0fae514551e94fef646a285
e123496af06a13418f4decbe38650201c45ceb46
b15d66d7b42dcc97f95cf37c690559d4c66733a1e8ddbb0bed176fc8d3acc65f
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5077933&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&sah=1002&drf=&hil=1&ist=0&oaid=p8sb335388ce226856839l1j2sihb639 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 207
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Cookie: scm=1; OAID=ffb1369c252541ecb84289fb0f98df24; oaidts=1668079678
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 73a4edc9e45ec829a752f5d3274d0d54
access-control-expose-headers: X-Sc
set-cookie: OAID=p8sb335388ce226856839l1j2sihb639; expires=Fri, 10 Nov 2023 11:27:58 GMT; secure; SameSite=None
oaidts=1668079678; expires=Fri, 10 Nov 2023 11:27:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/500/5077932?excludes=&oaid=p8sb335388ce226856839l1j2sihb639&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5077932?excludes=&oaid=p8sb335388ce226856839l1j2sihb639&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5077932?excludes=&oaid=p8sb335388ce226856839l1j2sihb639&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.nodormirasmas.com/
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.nodormirasmas.com/
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nodormirasmas.com/
Content-Type: application/json
Origin: https://www.nodormirasmas.com
Content-Length: 428
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4346cbf4d5f76db7f43196a00af2b3fb
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5c9ca14c24af104676e2bb1506415e7e
def206f4e4d8f493b0baaadcaddb30306be6c90d
2cfb10398e99eb284c2e30414bbdf73dbe45c6388f7a639d4c019f2775cbb72f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CFB10398E99EB284C2E30414BBDF73DBE45C6388F7A639D4C019F2775CBB72F"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13380
Expires: Thu, 10 Nov 2022 15:10:59 GMT
Date: Thu, 10 Nov 2022 11:27:59 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash c1a36fd73586ad2de92caefb0c7f12ed
7539c1c4e2b579373b373be8879083d66c03f63e
1469a6dd9325d5c2ba3b2ea0a315540e937111923747e0366d6f441b92b04cdd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 11:27:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 08 Nov 2022 18:12:24 GMT
Expires: Tue, 15 Nov 2022 18:12:23 GMT
Etag: "7539c1c4e2b579373b373be8879083d66c03f63e"
Cache-Control: max-age=455663,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 767e712abccf0b45-OSL
betotodilea.com/500/5077932?excludes=&oaid=p8sb335388ce226856839l1j2sihb639&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 20 kB URL HTTP/2 betotodilea.com/500/5077932?excludes=&oaid=p8sb335388ce226856839l1j2sihb639&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 15bf892b1d1f18af37c5259f3397c90f
1e25dd1f4fd27b907395763827388cb6d83e2cd6
c4e15d43e8173304fa435d26bcd50acb561a8f78cdcb70445c4ea7f7b2c174a0
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5077932?excludes=&oaid=p8sb335388ce226856839l1j2sihb639&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=898&wfc=7&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Cookie: OAID=287d0cf5bcfd4e258e4ee9741257241e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
content-type: application/javascript
x-trace-id: f86b82e241b682f9545a08f15efeeed4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://www.nodormirasmas.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=p8sb335388ce226856839l1j2sihb639; expires=Fri, 10 Nov 2023 11:27:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
offerimage.com/www/images/d995b3e4c37b07be75218a653fa1110a.jpeg
104.22.33.172200 OK 12 kB URL HTTP/2 offerimage.com/www/images/d995b3e4c37b07be75218a653fa1110a.jpeg
IP 104.22.33.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash d995b3e4c37b07be75218a653fa1110a
f65205d0ee64ca84506c9571c7f622cc9007c05d
f457644cc2d00bb9eaa0e56c33fc42a8d7fba1fcd263d9fdc33d02284b50967b
GET /www/images/d995b3e4c37b07be75218a653fa1110a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 11:27:59 GMT
content-type: image/jpeg
content-length: 12425
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6358a071-3089"
expires: Fri, 11 Nov 2022 07:02:50 GMT
last-modified: Wed, 26 Oct 2022 02:50:25 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 15909
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 767e712bfe9395f6-ARN
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ead9edfa0e251964a35e05abd6824133
95f8fe7417573db8fdc2e50e64c590e7d41216b8
c74bfbc3cd85fec5e716326ed9c70934f44ed32de7f87af2eb9669c7cf6fd799
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C74BFBC3CD85FEC5E716326ED9C70934F44ED32DE7F87AF2EB9669C7CF6FD799"
Last-Modified: Wed, 09 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2514
Expires: Thu, 10 Nov 2022 12:09:53 GMT
Date: Thu, 10 Nov 2022 11:27:59 GMT
Connection: keep-alive
interstitial-07.com/contents/s/61/ca/c9/abe4000ff800a1619d3ae68abd/01321064831989.jpeg
139.45.197.154200 OK 44 kB URL HTTP/2 interstitial-07.com/contents/s/61/ca/c9/abe4000ff800a1619d3ae68abd/01321064831989.jpeg
IP 139.45.197.154:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 61cac9abe4000ff800a1619d3ae68abd
91196f20e3545dc5aa0789064bd7ac67fe1fa1cc
0a5e8b356fd62fdd87ff330784ee29dcb1c5bbc55f80e4d0dfcb7eb89c0fb2d9
GET /contents/s/61/ca/c9/abe4000ff800a1619d3ae68abd/01321064831989.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=nYwiHM7Iw27vt2d&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D1344982831%26z%3D5077933%26b%3D13179805%26c%3D5549482%26var%3D%26d%3Dhttps%253A%252F%252Fiwantuonly.com%252Fclick.php%253Fc%253D1119%2526key%253D59mbnk099b21z773135c4542%2526c1%253D%257Bzoneid%257D%2526c2%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D5nBIlukzwXvXn9EMyGWaEAZOAioy2_UughdswTo3tfIqA41S4fDaNdI-8Hac3-lo5-7rY8cn5FmVABKyqnbzeL1IdN_CjgLT1Lt8TKHb3ScW6CK9mgis6ciSGr3zO2gcsW7tHJgNSxSMLuoMRARCOSnzeIQDy5s1_Yk5jZv6HnXh78i_lqkDncUNchgo-hGiS_6kQdkORwNWDZ3CRAi98scZtpXr8VuSzn2qxWiKZHd6uLGmEB1Pp3FzCeQGqGd4fqp0uM27p7rg11st8BMUeLQfklo_NNdbW2z7Zoj6zqsAMo3H-80gpsNH9bISDXNYW2TPGpdGOAuxym1fIbpZT8m8GuDSkDuQdiXwntBZgJ5yaV-i5L1Bms_3iHaeup4Tkr-6UG38cYh8AWyPk62FI1Ikjih8qNDA1JI--J2d4RKIE2yHwZXTic7aLUvojjyhmNkwxE-YzHhD2ASJl1PSMs7alDNUE8uRzD-DJrmOhhl2yCRgSi-BwMzwZqo5tn6bHrz3BBzkIvhoPjb6RDuUtV6PC7puAYf28WyGj-SRI9BVaHO8nQhVsdRQl_7tJNZ8USW3ATRLpPzL4uoIc99PC8FTUzGbzeCVaAArJVzHtKbvBSaNcWwI2NdHO800xQv_GKw5WkRE0f7-Z3Y6%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D7aca3223-f41e-42c0-9e33-cf75aabd4e52%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.nodormirasmas.com%252F2022%252F05%252Fhasta-el-viento-tiene-miedo-pelicula.html%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D898%26wfc%3D7%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
content-type: image/jpeg
content-length: 43510
last-modified: Sun, 15 May 2022 13:32:25 GMT
etag: "628100e9-a9f6"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: cc88ad95eab5837fbda7928005f2b1d4
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
antiadblocksystems.com/wVlexQ.php?_=BAYAY2zgPgFjbOA-gAGBAsAAIMDN8k950tf6qmfJVvM0EiAW6TiX5Z0bh9magsSvothlwQBIMEYCIQDKO0h8XvXz3QQIX1ANsAQD6-dzOhB1oRXlaK6_jxQPawIhAP7x-yVEMdX0hlIJz7d4wwXetprDsATY-qAmwfuNPFxR&v=4&tIkrQwlY=4777731&minBid=&OzeWTYIR=3:1,3:1,0&iqSAeGwF=&OqbgBrjQ=&s=1280,1024,1,1280,1024,0
208.95.113.2200 OK 44 B URL HTTP/2 antiadblocksystems.com/wVlexQ.php?_=BAYAY2zgPgFjbOA-gAGBAsAAIMDN8k950tf6qmfJVvM0EiAW6TiX5Z0bh9magsSvothlwQBIMEYCIQDKO0h8XvXz3QQIX1ANsAQD6-dzOhB1oRXlaK6_jxQPawIhAP7x-yVEMdX0hlIJz7d4wwXetprDsATY-qAmwfuNPFxR&v=4&tIkrQwlY=4777731&minBid=&OzeWTYIR=3:1,3:1,0&iqSAeGwF=&OqbgBrjQ=&s=1280,1024,1,1280,1024,0
IP 208.95.113.2:0
File type ASCII text, with no line terminators
Hash d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /wVlexQ.php?_=BAYAY2zgPgFjbOA-gAGBAsAAIMDN8k950tf6qmfJVvM0EiAW6TiX5Z0bh9magsSvothlwQBIMEYCIQDKO0h8XvXz3QQIX1ANsAQD6-dzOhB1oRXlaK6_jxQPawIhAP7x-yVEMdX0hlIJz7d4wwXetprDsATY-qAmwfuNPFxR&v=4&tIkrQwlY=4777731&minBid=&OzeWTYIR=3:1,3:1,0&iqSAeGwF=&OqbgBrjQ=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: antiadblocksystems.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Thu, 10 Nov 2022 11:27:59 GMT
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 484ffed0dd68e2643518fd9802bd459a
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nodormirasmas.com/
Content-Type: application/json
Origin: https://www.nodormirasmas.com
Content-Length: 795
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1adfde73bc3f75759790aa6a4b036b48
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.nodormirasmas.com/sw.js
142.250.74.83404 Not Found 80 kB URL HTTP/2 www.nodormirasmas.com/sw.js
IP 142.250.74.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2940)
Hash eb9088e715f2fe0d3e89a550379f9ba1
29961f9647d63f3847171fbd4aa36c7c4519f803
6727faa827fd6b9c82a381da0c0685516ffccb409ae790b3dc3b377ca1708b8d
GET /sw.js HTTP/1.1
Host: www.nodormirasmas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nodormirasmas.com/2022/05/hasta-el-viento-tiene-miedo-pelicula.html
Connection: keep-alive
Cookie: _ga_2J8KM34V2J=GS1.1.1668079671.1.0.1668079671.0.0.0; _ga=GA1.1.1404057726.1668079672; a=7C7ogGktgdVzMA621TawP48OZVMMHDtw; prefetchAd_5077902=true; __gads=ID=82641324393cd865-228385b773ce007c:T=1668079676:RT=1668079676:S=ALNI_MZnG-qXR1e-i7ihtfsSVYX2oDmC4g; __gpi=UID=00000b7f7cbe5a67:T=1668079676:RT=1668079676:S=ALNI_MZMuv6O8mk98htrP8nbuC4zX3UGXA; prefetchAd_5077935=true; token_QpUJAAAAAAAAGu98Hdz1l_lcSZ2rY60Ajjk9U1c=BAYAY2zgPgFjbOA-gAGBAsAAIMDN8k950tf6qmfJVvM0EiAW6TiX5Z0bh9magsSvothlwQBIMEYCIQDKO0h8XvXz3QQIX1ANsAQD6-dzOhB1oRXlaK6_jxQPawIhAP7x-yVEMdX0hlIJz7d4wwXetprDsATY-qAmwfuNPFxR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 10 Nov 2022 11:27:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 79772
server: GSE
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 119e5814bf97cc28488dd0c89752f798
c0c9d06895d9821e225697bad269390031a05ac4
d0bc12eee3b4591bfbd69b03c8e59a5c0d0cefeeee0cc7fc7020f5e04f09d381
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 11:27:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nodormirasmas.com/
Content-Type: application/json
Origin: https://www.nodormirasmas.com
Content-Length: 436
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:28:02 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7f2a499c4e31b333c7e5150191c6016d
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=ce487902694f435bb97b40d718a8cf87&zoneId=5077934&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=ce487902694f435bb97b40d718a8cf87&zoneId=5077934&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 702424c4b4d0729fd7e0a187aa39b4d8
8e284107ee92f154ca4f983cbbf8f0069b7c4c23
9ae927bde8bc4502a1c9872c8a3836c1aee26e6f7a57ec01447f4e62a48e2f02
GET /gid.js?pub=0&userId=ce487902694f435bb97b40d718a8cf87&zoneId=5077934&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nodormirasmas.com/
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Cookie: ID=16424ed2be574714a1d721414f5e0fe0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:28:02 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=16424ed2be574714a1d721414f5e0fe0; expires=Fri, 10 Nov 2023 11:28:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
www.youtube.com/embed/48asQpd-JBk
142.250.74.174200 OK 0 B URL HTTP/2 www.youtube.com/embed/48asQpd-JBk
IP 142.250.74.174:0
GET /embed/48asQpd-JBk HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 10 Nov 2022 11:27:55 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=q66pntIczVE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=n9Je02df8rE; Domain=.youtube.com; Expires=Tue, 09-May-2023 11:27:55 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+986; expires=Sat, 09-Nov-2024 11:27:55 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/embed/BZLjOrJ25Gs
142.250.74.174200 OK 0 B URL HTTP/2 www.youtube.com/embed/BZLjOrJ25Gs
IP 142.250.74.174:0
GET /embed/BZLjOrJ25Gs HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 10 Nov 2022 11:27:55 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=dPw4_mt5yV0; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=B0SzLU7nP78; Domain=.youtube.com; Expires=Tue, 09-May-2023 11:27:55 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+309; expires=Sat, 09-Nov-2024 11:27:55 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
172.67.211.29200 OK 0 B IP 172.67.211.29:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 11:27:55 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 7268c8f94b3428155a3ea3437b6dd33a
cache-control: max-age=86400
last-modified: Mon, 07 Nov 2022 13:56:58 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 11 Nov 2022 09:28:31 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 7164
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bc4%2BZ%2FnFajDatYKI1fvnavD7gtc0koQuJLq2an2HR14hCx1jfSxLXbCICAMZcUek5q9Xp%2FARqO8XSIyIXLiyhcYFI2nHPeO%2F9Y3Si2qWzboNQoGwjbreHmDCYtDOZLEW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 767e7111bb34b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.blogger.com/comment/frame/812672324124708636?po=7384918047025786607&hl=es-419&skin=contempo&blogspotRpcToken=5518152
142.250.74.105200 OK 0 B URL HTTP/2 www.blogger.com/comment/frame/812672324124708636?po=7384918047025786607&hl=es-419&skin=contempo&blogspotRpcToken=5518152
IP 142.250.74.105:0
GET /comment/frame/812672324124708636?po=7384918047025786607&hl=es-419&skin=contempo&blogspotRpcToken=5518152 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www.blogger.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 10 Nov 2022 11:27:55 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: require-trusted-types-for 'script';report-uri /_/BloggerCommentUi/cspreport, script-src 'nonce-jfAlCCIq5P4F9F9pbeAHbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/BloggerCommentUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/BloggerCommentUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"BloggerCommentUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/BloggerCommentUi/external"}]}
cross-origin-resource-policy: same-site
cross-origin-opener-policy: same-origin; report-to="BloggerCommentUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=lqCPLQRGpEhht3kS34Ld_K4mm83oZkHJwvLfs3QqkGc04JcbEaXFO7nzLvB7MY6C7iYM8d_1dtD-nw0sJjBVHKunG0yf5S-293O9GF9Gg_ZLn62fR6VVCjyDbDGBoxAK9gr6dew7SRXtpIx29bjbMPkpk-7BrvRg8XszdZivjcw; expires=Fri, 12-May-2023 11:27:55 GMT; path=/; domain=.blogger.com; Secure; HttpOnly
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/tag.min.js?z=5077934
139.45.197.250200 OK 0 B URL HTTP/2 ibrapush.com/pfe/current/tag.min.js?z=5077934
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=5077934 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/javascript
last-modified: Tue, 08 Nov 2022 14:20:39 GMT
etag: W/"636a65b7-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=gVmRNfhn-AalJBO3EBJZDcqE8_w361PcD9YvWUZaaEpCc-9kjV5ZKDnq88FkzEVGuDIg_-PG7gGonfthDqx24dqGJHdJTNmGMBuDsKlR9p8-RJqWLwduTZLByr5PUoypxq1532n7l2sgNhbxv36qQ3JyLm1v9yw0aomCQ71fyQPa7bk0O7FCqzMb8qYAEQ3WI9jBbIddaUw4Ba96Dt_xK9w1Spkrp7OcCedBt5g2rhI36UFTrTOjiA%3D%3D&request_ab2=0&zoneid=5077935&js_build=iclick-v1.448.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=898&wiw=1280&wfc=7&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.1&bs=63b09635-8e53-4703-8ae0-96b89a87bd6a&userId=p8sb335388ce226856839l1j2sihb639&m=link
139.45.197.243200 OK 0 B URL HTTP/2 onmarshtompor.com/?rb=gVmRNfhn-AalJBO3EBJZDcqE8_w361PcD9YvWUZaaEpCc-9kjV5ZKDnq88FkzEVGuDIg_-PG7gGonfthDqx24dqGJHdJTNmGMBuDsKlR9p8-RJqWLwduTZLByr5PUoypxq1532n7l2sgNhbxv36qQ3JyLm1v9yw0aomCQ71fyQPa7bk0O7FCqzMb8qYAEQ3WI9jBbIddaUw4Ba96Dt_xK9w1Spkrp7OcCedBt5g2rhI36UFTrTOjiA%3D%3D&request_ab2=0&zoneid=5077935&js_build=iclick-v1.448.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=898&wiw=1280&wfc=7&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.1&bs=63b09635-8e53-4703-8ae0-96b89a87bd6a&userId=p8sb335388ce226856839l1j2sihb639&m=link
IP 139.45.197.243:0
GET /?rb=gVmRNfhn-AalJBO3EBJZDcqE8_w361PcD9YvWUZaaEpCc-9kjV5ZKDnq88FkzEVGuDIg_-PG7gGonfthDqx24dqGJHdJTNmGMBuDsKlR9p8-RJqWLwduTZLByr5PUoypxq1532n7l2sgNhbxv36qQ3JyLm1v9yw0aomCQ71fyQPa7bk0O7FCqzMb8qYAEQ3WI9jBbIddaUw4Ba96Dt_xK9w1Spkrp7OcCedBt5g2rhI36UFTrTOjiA%3D%3D&request_ab2=0&zoneid=5077935&js_build=iclick-v1.448.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=898&wiw=1280&wfc=7&pl=https%3A%2F%2Fwww.nodormirasmas.com%2F2022%2F05%2Fhasta-el-viento-tiene-miedo-pelicula.html&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.1&bs=63b09635-8e53-4703-8ae0-96b89a87bd6a&userId=p8sb335388ce226856839l1j2sihb639&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nodormirasmas.com/
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: application/json
x-trace-id: 3f4ef37593a15b601859bf95cf343ed7
access-control-allow-origin: https://www.nodormirasmas.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=p8sb335388ce226856839l1j2sihb639; expires=Fri, 10 Nov 2023 11:27:58 GMT; path=/; secure; SameSite=None
oaidts=1668079678; expires=Fri, 10 Nov 2023 11:27:58 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 17 Nov 2022 11:27:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.11.207:0
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 11:27:54 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cdn-cache: HIT
cf-cache-status: HIT
age: 13526428
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 767e710f7f141c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.antiadblocksystems.com/angular-translate-loader-static-files.min.js
185.76.9.26200 OK 0 B URL HTTP/2 www.antiadblocksystems.com/angular-translate-loader-static-files.min.js
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
GET /angular-translate-loader-static-files.min.js HTTP/1.1
Host: www.antiadblocksystems.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nodormirasmas.com
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 11:27:55 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.20:443"; ma=2592000; v="44,43,39"
expires: Thu, 17 Nov 2022 11:27:54 GMT
access-control-allow-origin: *
link: <https://antiadblocksystems.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1668684475
server: CDN77-Turbo
x-77-nzt: AblMCRTi356h
x-77-nzt-ray: ffffffff3384ecb43ae06c6317cb9a30
x-cache: MISS
x-77-pop: stockholmSE
x-77-cache: MISS
content-encoding: br
X-Firefox-Spdy: h2
interstitial-07.com/?l=nYwiHM7Iw27vt2d&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D1344982831%26z%3D5077933%26b%3D13179805%26c%3D5549482%26var%3D%26d%3Dhttps%253A%252F%252Fiwantuonly.com%252Fclick.php%253Fc%253D1119%2526key%253D59mbnk099b21z773135c4542%2526c1%253D%257Bzoneid%257D%2526c2%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D5nBIlukzwXvXn9EMyGWaEAZOAioy2_UughdswTo3tfIqA41S4fDaNdI-8Hac3-lo5-7rY8cn5FmVABKyqnbzeL1IdN_CjgLT1Lt8TKHb3ScW6CK9mgis6ciSGr3zO2gcsW7tHJgNSxSMLuoMRARCOSnzeIQDy5s1_Yk5jZv6HnXh78i_lqkDncUNchgo-hGiS_6kQdkORwNWDZ3CRAi98scZtpXr8VuSzn2qxWiKZHd6uLGmEB1Pp3FzCeQGqGd4fqp0uM27p7rg11st8BMUeLQfklo_NNdbW2z7Zoj6zqsAMo3H-80gpsNH9bISDXNYW2TPGpdGOAuxym1fIbpZT8m8GuDSkDuQdiXwntBZgJ5yaV-i5L1Bms_3iHaeup4Tkr-6UG38cYh8AWyPk62FI1Ikjih8qNDA1JI--J2d4RKIE2yHwZXTic7aLUvojjyhmNkwxE-YzHhD2ASJl1PSMs7alDNUE8uRzD-DJrmOhhl2yCRgSi-BwMzwZqo5tn6bHrz3BBzkIvhoPjb6RDuUtV6PC7puAYf28WyGj-SRI9BVaHO8nQhVsdRQl_7tJNZ8USW3ATRLpPzL4uoIc99PC8FTUzGbzeCVaAArJVzHtKbvBSaNcWwI2NdHO800xQv_GKw5WkRE0f7-Z3Y6%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D7aca3223-f41e-42c0-9e33-cf75aabd4e52%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.nodormirasmas.com%252F2022%252F05%252Fhasta-el-viento-tiene-miedo-pelicula.html%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D898%26wfc%3D7%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.154200 OK 0 B URL HTTP/2 interstitial-07.com/?l=nYwiHM7Iw27vt2d&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D1344982831%26z%3D5077933%26b%3D13179805%26c%3D5549482%26var%3D%26d%3Dhttps%253A%252F%252Fiwantuonly.com%252Fclick.php%253Fc%253D1119%2526key%253D59mbnk099b21z773135c4542%2526c1%253D%257Bzoneid%257D%2526c2%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D5nBIlukzwXvXn9EMyGWaEAZOAioy2_UughdswTo3tfIqA41S4fDaNdI-8Hac3-lo5-7rY8cn5FmVABKyqnbzeL1IdN_CjgLT1Lt8TKHb3ScW6CK9mgis6ciSGr3zO2gcsW7tHJgNSxSMLuoMRARCOSnzeIQDy5s1_Yk5jZv6HnXh78i_lqkDncUNchgo-hGiS_6kQdkORwNWDZ3CRAi98scZtpXr8VuSzn2qxWiKZHd6uLGmEB1Pp3FzCeQGqGd4fqp0uM27p7rg11st8BMUeLQfklo_NNdbW2z7Zoj6zqsAMo3H-80gpsNH9bISDXNYW2TPGpdGOAuxym1fIbpZT8m8GuDSkDuQdiXwntBZgJ5yaV-i5L1Bms_3iHaeup4Tkr-6UG38cYh8AWyPk62FI1Ikjih8qNDA1JI--J2d4RKIE2yHwZXTic7aLUvojjyhmNkwxE-YzHhD2ASJl1PSMs7alDNUE8uRzD-DJrmOhhl2yCRgSi-BwMzwZqo5tn6bHrz3BBzkIvhoPjb6RDuUtV6PC7puAYf28WyGj-SRI9BVaHO8nQhVsdRQl_7tJNZ8USW3ATRLpPzL4uoIc99PC8FTUzGbzeCVaAArJVzHtKbvBSaNcWwI2NdHO800xQv_GKw5WkRE0f7-Z3Y6%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D7aca3223-f41e-42c0-9e33-cf75aabd4e52%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.nodormirasmas.com%252F2022%252F05%252Fhasta-el-viento-tiene-miedo-pelicula.html%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D898%26wfc%3D7%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.154:0
GET /?l=nYwiHM7Iw27vt2d&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D1344982831%26z%3D5077933%26b%3D13179805%26c%3D5549482%26var%3D%26d%3Dhttps%253A%252F%252Fiwantuonly.com%252Fclick.php%253Fc%253D1119%2526key%253D59mbnk099b21z773135c4542%2526c1%253D%257Bzoneid%257D%2526c2%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D5nBIlukzwXvXn9EMyGWaEAZOAioy2_UughdswTo3tfIqA41S4fDaNdI-8Hac3-lo5-7rY8cn5FmVABKyqnbzeL1IdN_CjgLT1Lt8TKHb3ScW6CK9mgis6ciSGr3zO2gcsW7tHJgNSxSMLuoMRARCOSnzeIQDy5s1_Yk5jZv6HnXh78i_lqkDncUNchgo-hGiS_6kQdkORwNWDZ3CRAi98scZtpXr8VuSzn2qxWiKZHd6uLGmEB1Pp3FzCeQGqGd4fqp0uM27p7rg11st8BMUeLQfklo_NNdbW2z7Zoj6zqsAMo3H-80gpsNH9bISDXNYW2TPGpdGOAuxym1fIbpZT8m8GuDSkDuQdiXwntBZgJ5yaV-i5L1Bms_3iHaeup4Tkr-6UG38cYh8AWyPk62FI1Ikjih8qNDA1JI--J2d4RKIE2yHwZXTic7aLUvojjyhmNkwxE-YzHhD2ASJl1PSMs7alDNUE8uRzD-DJrmOhhl2yCRgSi-BwMzwZqo5tn6bHrz3BBzkIvhoPjb6RDuUtV6PC7puAYf28WyGj-SRI9BVaHO8nQhVsdRQl_7tJNZ8USW3ATRLpPzL4uoIc99PC8FTUzGbzeCVaAArJVzHtKbvBSaNcWwI2NdHO800xQv_GKw5WkRE0f7-Z3Y6%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D7aca3223-f41e-42c0-9e33-cf75aabd4e52%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.nodormirasmas.com%252F2022%252F05%252Fhasta-el-viento-tiene-miedo-pelicula.html%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D898%26wfc%3D7%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=D2Mx2KonJm0DruRh-H0sJF2eXREHItzcKofj9lBWP3o; expires=Thu, 10-Nov-2022 12:27:59 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/1?z=5077933
139.45.197.242200 OK 0 B IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5077933 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nodormirasmas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 11:27:58 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: e92721fb55bfe6f3946537901cc3fad8
access-control-expose-headers: X-Sc
x-sc: hr_yi41bVKizPJ7ZujiFghR03ZwiW2mWR5Fq6UlutmIzYNfDR7Pf7uDxBVlCMH_PDFs6ajrUr7HmduNTqkwrE1oQuhY=
set-cookie: scm=1; expires=Fri, 10 Nov 2023 11:27:58 GMT; secure; SameSite=None
OAID=ffb1369c252541ecb84289fb0f98df24; expires=Fri, 10 Nov 2023 11:27:58 GMT; secure; SameSite=None
oaidts=1668079678; expires=Fri, 10 Nov 2023 11:27:58 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2