r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13140
Expires: Thu, 09 Feb 2023 02:07:40 GMT
Date: Wed, 08 Feb 2023 22:28:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16784
Expires: Thu, 09 Feb 2023 03:08:24 GMT
Date: Wed, 08 Feb 2023 22:28:40 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 21:36:44 GMT
content-type: application/json
age: 3116
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12390
Expires: Thu, 09 Feb 2023 01:55:10 GMT
Date: Wed, 08 Feb 2023 22:28:40 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JTziMdfiFRj4vZXshBFLOmJ0IMKHrB3hCN5wyB/RgEhgiFhvmrm8cvmkyZD0KobRBabYyCP5I+A=
x-amz-request-id: H22KQ75WNZNR4GBS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 21:36:06 GMT
age: 3154
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:28:40 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
142.250.74.179301 Moved Permanently 205 B URL HTTP/1.1 www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash dbecab09f0bd6a60b6cd59d58ccb1ae0
13d02586ae50738f5826cea34c5edb4c861c8ce6
3814b3baab3e0736b886bc121822d0e590df581407a3d34da75157860f64d0d0
GET /2016/09/super-mario-world-br-snes.html HTTP/1.1
Host: www.emularoms.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Wed, 08 Feb 2023 22:28:41 GMT
Expires: Wed, 08 Feb 2023 22:28:41 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 205
Server: GSE
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 22:14:52 GMT
age: 829
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11538
Expires: Thu, 09 Feb 2023 01:40:59 GMT
Date: Wed, 08 Feb 2023 22:28:41 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1d4/bsyUjqYUqdM
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/bsyUjqYUqdM
IP 216.58.211.3:0
Hash 0756987d4b48e9dc1fd635dbe66dd6d1
e59cceb8a5ddab398e224836b748a81cf9f90524
b5eb57d0bb6e7fea3a1f7a3f53032c68320ae1409b0e2b3be17025ebb04024fd
POST /s/gts1d4/bsyUjqYUqdM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.164.243.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.243.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ER0KnL9qxnrg3b77KBxYFg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XReOkza3wlrU+/SamC/5ukUEkiQ=
www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
142.250.74.179200 OK 31 kB URL HTTP/2 www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6692)
Hash a520eedc3465d7c0113aff1c3dc8a760
a9eb3ea9f9a36ba210e7d30a2cfe8887e3eafbfa
867a068031acd191c0a4396d343b2632173043d853e68ea17020d32c697d868a
GET /2016/09/super-mario-world-br-snes.html HTTP/1.1
Host: www.emularoms.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Wed, 08 Feb 2023 22:28:41 GMT
date: Wed, 08 Feb 2023 22:28:41 GMT
cache-control: private, max-age=0
last-modified: Tue, 07 Feb 2023 11:32:34 GMT
etag: W/"7baca9a42883ad7e582fb4d985c7552ece50ee856f41ea6771701258ed95ad98"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 31336
server: GSE
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.emularoms.com.br/js/cookienotice.js
142.250.74.179200 OK 2.0 kB URL HTTP/2 www.emularoms.com.br/js/cookienotice.js
IP 142.250.74.179:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: www.emularoms.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 15 Feb 2023 22:28:42 GMT
cache-control: public, max-age=604800
last-modified: Wed, 08 Feb 2023 20:57:57 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
X-Firefox-Spdy: h2
static.tumblr.com/glpbb7a/odhnldmus/postagensrelacionadasparablog.js
192.0.77.40200 OK 4.3 kB URL HTTP/2 static.tumblr.com/glpbb7a/odhnldmus/postagensrelacionadasparablog.js
IP 192.0.77.40:0
File type HTML document, ASCII text, with very long lines (3841), with CRLF line terminators
Hash 89eecd712d0ff021e7073e455c5fd118
1668d9d8af77d58d67a3b45794be0c4ce4c074a1
6bfab591813f720e4cbb7a07bb5566cf925570366a9cada10763dbaec00edcb7
GET /glpbb7a/odhnldmus/postagensrelacionadasparablog.js HTTP/1.1
Host: static.tumblr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: application/javascript
content-length: 4343
last-modified: Tue, 17 Mar 2015 22:08:53 GMT
etag: "89eecd712d0ff021e7073e455c5fd118"
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-nc: HIT arn 2
strict-transport-security: max-age=31536000; preload
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 79408ca7246d1453a4d940001108528c
6485fceacb572c95bf5c2cdcb9a1330047c4cd85
935033a1e7f7c5a165aa3014a893514fe733d2f82709845aca5c3cda704e0731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 130bb82172a26b674a54e53bb927cccb
cea15a831d1deb00f6f5bc213d885419ea33a70d
974654b2305d1a603b85bcd46a8f12e57ab2cd0d0042cbebf206d2067e0ab25b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
216.58.207.233200 OK 7.8 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
IP 216.58.207.233:0
File type ASCII text, with very long lines (35959)
Hash 5aa2d3297bdc86bc81322aedecbb5e79
1c0a3c007e41726e167e79b70ddea76198650884
feae1fac625d0f30b5f10fa00b62df1a5600cd2178062c427e55f289b29cc630
GET /static/v1/widgets/2975350028-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7776
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 Feb 2023 16:38:36 GMT
expires: Thu, 08 Feb 2024 16:38:36 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 07 Feb 2023 20:16:52 GMT
content-type: text/css
age: 21006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
216.58.207.233200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (1441)
Hash f60e5037324bf7fd2256c16929886f09
aae4b1aea3737e0268e3578dd1d0e7cfe6c6d66b
71846da8d45274b77549b110389ab3dbcb8ce042051b5c39547909c1c343dfde
GET /static/v1/jsbin/3469866930-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6573
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:08:46 GMT
expires: Mon, 05 Feb 2024 22:08:46 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 04 Feb 2023 23:49:32 GMT
content-type: text/javascript
age: 260396
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
resources.blogblog.com/img/blank.gif
216.58.207.233200 OK 43 B URL HTTP/2 resources.blogblog.com/img/blank.gif
IP 216.58.207.233:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /img/blank.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 43
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 16:27:08 GMT
expires: Tue, 14 Feb 2023 16:27:08 GMT
cache-control: public, max-age=604800
last-modified: Mon, 06 Feb 2023 17:52:33 GMT
content-type: image/gif
age: 108094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon18_edit_allbkg.gif
216.58.207.233200 OK 162 B URL HTTP/2 resources.blogblog.com/img/icon18_edit_allbkg.gif
IP 216.58.207.233:0
File type GIF image data, version 89a, 18 x 18\012- data
Hash c991641178ff05adf0d004298b5eafa9
d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 14:16:56 GMT
expires: Tue, 14 Feb 2023 14:16:56 GMT
cache-control: public, max-age=604800
last-modified: Mon, 06 Feb 2023 17:52:33 GMT
content-type: image/gif
age: 115906
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 130bb82172a26b674a54e53bb927cccb
cea15a831d1deb00f6f5bc213d885419ea33a70d
974654b2305d1a603b85bcd46a8f12e57ab2cd0d0042cbebf206d2067e0ab25b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
resources.blogblog.com/img/icon18_email.gif
216.58.207.233200 OK 164 B URL HTTP/2 resources.blogblog.com/img/icon18_email.gif
IP 216.58.207.233:0
File type GIF image data, version 89a, 18 x 13\012- data
Hash 36b9f993db1b953f3b9b08040aaf9af4
18248661b307586dc291fd2dff4bb59cf7579475
1258cbe1e2900ec3df11a83a6bb6008d7a833f783a6df80b0d5d45a052ac1466
GET /img/icon18_email.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 03:15:09 GMT
expires: Tue, 14 Feb 2023 03:15:09 GMT
cache-control: public, max-age=604800
last-modified: Mon, 06 Feb 2023 21:53:18 GMT
content-type: image/gif
age: 155613
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-6MNHXYJYVB
142.250.74.168200 OK 78 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-6MNHXYJYVB
IP 142.250.74.168:0
File type ASCII text, with very long lines (21849)
Hash 9b3bc1f3007cb6bed2f353e9ed4569d9
5421cda198df5df5772175fe47165a055d88501c
5452af749eb0de7c55d320da19e9653a40d1e00911f9e7791dea15c253e29acd
GET /gtag/js?id=G-6MNHXYJYVB HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 08 Feb 2023 22:28:42 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77738
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-ScssRg3Bi2E/XPLxKFXgfqI/AAAAAAAAAZg/_fyv8nLXabkFN_VN-ph7DyM0a7RKPMIowCLcBGAs/w72-h72-p-k-no-nu/PS2-Versions.png
142.250.74.161200 OK 6.8 kB URL HTTP/2 1.bp.blogspot.com/-ScssRg3Bi2E/XPLxKFXgfqI/AAAAAAAAAZg/_fyv8nLXabkFN_VN-ph7DyM0a7RKPMIowCLcBGAs/w72-h72-p-k-no-nu/PS2-Versions.png
IP 142.250.74.161:0
File type PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash 94c89821606a65363e4868d33e178bf9
47d3be4f405c257fa451901227dfba47f65224da
b3d82c7e223c208f2463b03685aca92494c70f8f5252b9a1c687d6b70bd7f4a3
GET /-ScssRg3Bi2E/XPLxKFXgfqI/AAAAAAAAAZg/_fyv8nLXabkFN_VN-ph7DyM0a7RKPMIowCLcBGAs/w72-h72-p-k-no-nu/PS2-Versions.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v19a"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="PS2-Versions.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 6828
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 79408ca7246d1453a4d940001108528c
6485fceacb572c95bf5c2cdcb9a1330047c4cd85
935033a1e7f7c5a165aa3014a893514fe733d2f82709845aca5c3cda704e0731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 130bb82172a26b674a54e53bb927cccb
cea15a831d1deb00f6f5bc213d885419ea33a70d
974654b2305d1a603b85bcd46a8f12e57ab2cd0d0042cbebf206d2067e0ab25b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png
216.58.207.233200 OK 403 B URL HTTP/2 resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.png
IP 216.58.207.233:0
File type PNG image data, 20 x 1100, 8-bit/color RGBA, non-interlaced\012- data
Hash 4f7de2e6afefb125b1f14fa5cda610ee
57a145f234b504a73f9d55cf39f2231a04719456
ecb30886406e3f776ff7bc3834de849944471e626ff148bed2fa389d02866044
GET /blogblog/data/1kt/simple/gradients_light.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 403
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 15:39:07 GMT
expires: Tue, 14 Feb 2023 15:39:07 GMT
cache-control: public, max-age=604800
last-modified: Mon, 06 Feb 2023 14:52:11 GMT
content-type: image/png
age: 110975
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-8AMU0JkvVZ4/XOCRHevcvwI/AAAAAAAAAUY/mYNe1C7SlqEl8a1JzwBbVDuphIWupDTbgCLcBGAs/s320/jak-and-daxter.jpg
142.250.74.161200 OK 44 kB URL HTTP/2 1.bp.blogspot.com/-8AMU0JkvVZ4/XOCRHevcvwI/AAAAAAAAAUY/mYNe1C7SlqEl8a1JzwBbVDuphIWupDTbgCLcBGAs/s320/jak-and-daxter.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 226x320, components 3\012- data
Hash d54c0a57755067e3209310b586ecdd14
b7caae6cd89e805992e43506c7eb564a27324152
73c8f10c3381dc7467c9c396ec593b375683e341dc9ae8b438cd884c9b07452f
GET /-8AMU0JkvVZ4/XOCRHevcvwI/AAAAAAAAAUY/mYNe1C7SlqEl8a1JzwBbVDuphIWupDTbgCLcBGAs/s320/jak-and-daxter.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="jak-and-daxter.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 44305
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 01 Feb 2023 14:29:12 GMT
cache-control: public, max-age=86400, no-transform
etag: "v147"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-toLpoDQcHkI/XRF7ezTfjcI/AAAAAAAAAdU/e1cb5kgCWG4PJLM8NiSA6jJV3GWqLekgQCLcBGAs/w72-h72-p-k-no-nu/dragon-ball-z-budokai-tenkaichi-3-verso-brasileira-ps2-D_NQ_NP_779199-MLB29299536266_012019-F.jpg
142.250.74.161200 OK 6.4 kB URL HTTP/2 1.bp.blogspot.com/-toLpoDQcHkI/XRF7ezTfjcI/AAAAAAAAAdU/e1cb5kgCWG4PJLM8NiSA6jJV3GWqLekgQCLcBGAs/w72-h72-p-k-no-nu/dragon-ball-z-budokai-tenkaichi-3-verso-brasileira-ps2-D_NQ_NP_779199-MLB29299536266_012019-F.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash e754f55ee49d881fa1fde225580597fc
d3f74b9f98bd5047751a04b351bfeacef2be77f5
6799e6c7746c800d9e9637190154dd4d8a45705259aeb6a10c26de1a1c020097
GET /-toLpoDQcHkI/XRF7ezTfjcI/AAAAAAAAAdU/e1cb5kgCWG4PJLM8NiSA6jJV3GWqLekgQCLcBGAs/w72-h72-p-k-no-nu/dragon-ball-z-budokai-tenkaichi-3-verso-brasileira-ps2-D_NQ_NP_779199-MLB29299536266_012019-F.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="dragon-ball-z-budokai-tenkaichi-3-verso-brasileira-ps2-D_NQ_NP_779199-MLB29299536266_012019-F.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 6414
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 01 Feb 2023 14:29:12 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1d6"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-sYIGMkcULwQ/XOgMkMK35nI/AAAAAAAAAXU/fG9BaXrJH5kLC5vKOdPlq8QSmZcTplU4gCLcBGAs/s320/Tenchu_Shadow_Assassins.jpg
142.250.74.161200 OK 30 kB URL HTTP/2 1.bp.blogspot.com/-sYIGMkcULwQ/XOgMkMK35nI/AAAAAAAAAXU/fG9BaXrJH5kLC5vKOdPlq8QSmZcTplU4gCLcBGAs/s320/Tenchu_Shadow_Assassins.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 220x299, components 3\012- data
Hash efaf08b5af99ee386a4fc3604de71a54
330949986b2c6e25afbc82d503222d41f786f0bd
50b450126e505f944d132774693dc92c8c4e6fb367a8fe4e2d63daa2ddc6a580
GET /-sYIGMkcULwQ/XOgMkMK35nI/AAAAAAAAAXU/fG9BaXrJH5kLC5vKOdPlq8QSmZcTplU4gCLcBGAs/s320/Tenchu_Shadow_Assassins.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Tenchu_Shadow_Assassins.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 29714
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 01 Feb 2023 14:29:12 GMT
cache-control: public, max-age=86400, no-transform
etag: "v176"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-EttegaMxsYc/XQzrBsB9J-I/AAAAAAAAAcw/PVLStIR_tCYjdizhrmMncGFgr6tBouTFwCLcBGAs/w72-h72-p-k-no-nu/alone-in-the-dark-the-new-nightmare-dublado-ps2-D_NQ_NP_947325-MLB25434702529_032017-F.jpg
142.250.74.161200 OK 5.0 kB URL HTTP/2 1.bp.blogspot.com/-EttegaMxsYc/XQzrBsB9J-I/AAAAAAAAAcw/PVLStIR_tCYjdizhrmMncGFgr6tBouTFwCLcBGAs/w72-h72-p-k-no-nu/alone-in-the-dark-the-new-nightmare-dublado-ps2-D_NQ_NP_947325-MLB25434702529_032017-F.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 60e06afba682958e62aa148381449b68
c51ceaa817b045753ae6603021162a50c95d922c
6f5c73c9ee383c25c1f831a1ee84aee41f0b1f1850f541486b861c428a6fcae0
GET /-EttegaMxsYc/XQzrBsB9J-I/AAAAAAAAAcw/PVLStIR_tCYjdizhrmMncGFgr6tBouTFwCLcBGAs/w72-h72-p-k-no-nu/alone-in-the-dark-the-new-nightmare-dublado-ps2-D_NQ_NP_947325-MLB25434702529_032017-F.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="alone-in-the-dark-the-new-nightmare-dublado-ps2-D_NQ_NP_947325-MLB25434702529_032017-F.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 5047
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 01 Feb 2023 14:29:12 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1cd"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-s5YuUdnyQpY/WKeoVtiQFjI/AAAAAAAADbQ/y-JrNu3TomYRWOJ-whS-SySBczIHWMJdwCLcB/s320/soul.jpg
142.250.74.161200 OK 53 kB URL HTTP/2 1.bp.blogspot.com/-s5YuUdnyQpY/WKeoVtiQFjI/AAAAAAAADbQ/y-JrNu3TomYRWOJ-whS-SySBczIHWMJdwCLcB/s320/soul.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x316, components 3\012- data
Hash 5e1852ad8a64ba2fedc7aaefcab48201
1b25a2517d395f4ae003bc2016076159df5c19a2
2aa1b234a6fdf01905a54320371629f5cc3aa197bea63e804d755fde96065017
GET /-s5YuUdnyQpY/WKeoVtiQFjI/AAAAAAAADbQ/y-JrNu3TomYRWOJ-whS-SySBczIHWMJdwCLcB/s320/soul.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "vdb5"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="soul.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 53097
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-Ef85UT7eV4I/XRafxyukCKI/AAAAAAAAAeQ/vN8W-pbRvwQ1z3VsHzj_CNdWm1bHVZBhACLcBGAs/w72-h72-p-k-no-nu/Black-Playstation-2.jpg
142.250.74.161200 OK 6.2 kB URL HTTP/2 1.bp.blogspot.com/-Ef85UT7eV4I/XRafxyukCKI/AAAAAAAAAeQ/vN8W-pbRvwQ1z3VsHzj_CNdWm1bHVZBhACLcBGAs/w72-h72-p-k-no-nu/Black-Playstation-2.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash d59c35a409d663ce09b2e533f6560a16
2bff0c082dbb1b5f3b6b99d1aa509ac577da1860
927934dabf41e1e5cf03815d457f466ca9c2a5b0c340a9c3db7bf0305410e69c
GET /-Ef85UT7eV4I/XRafxyukCKI/AAAAAAAAAeQ/vN8W-pbRvwQ1z3VsHzj_CNdWm1bHVZBhACLcBGAs/w72-h72-p-k-no-nu/Black-Playstation-2.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1e5"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Black-Playstation-2.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 6198
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1.bp.blogspot.com/-lyA1SyfE1Cc/XRJ9IZUaKII/AAAAAAAAAdg/bF5ZZdKOc4YX3YZJestZf5kiYDIkyZyEACLcBGAs/w72-h72-p-k-no-nu/resident-evil-4-dublado-portugus-ps2-brinde-D_NQ_NP_633715-MLB27072771885_032018-F.jpg
142.250.74.161200 OK 3.8 kB URL HTTP/2 1.bp.blogspot.com/-lyA1SyfE1Cc/XRJ9IZUaKII/AAAAAAAAAdg/bF5ZZdKOc4YX3YZJestZf5kiYDIkyZyEACLcBGAs/w72-h72-p-k-no-nu/resident-evil-4-dublado-portugus-ps2-brinde-D_NQ_NP_633715-MLB27072771885_032018-F.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash e4b6c205f4e472263465d57ccf908853
249d9e9bb5e279feb9047ce37d9b1b38a497c560
b2b6751c2a9baa83f4e0d33fe922b6337524d652f51bce5a2457474052e71a81
GET /-lyA1SyfE1Cc/XRJ9IZUaKII/AAAAAAAAAdg/bF5ZZdKOc4YX3YZJestZf5kiYDIkyZyEACLcBGAs/w72-h72-p-k-no-nu/resident-evil-4-dublado-portugus-ps2-brinde-D_NQ_NP_633715-MLB27072771885_032018-F.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1d9"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="resident-evil-4-dublado-portugus-ps2-brinde-D_NQ_NP_633715-MLB27072771885_032018-F.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 3843
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-BJZO2fIOcXk/WN1z2FwwNWI/AAAAAAAACB4/Pa7vBkO5dBcLFv7_UbAEPGBiqud_tuA9gCLcB/w72-h72-p-k-no-nu/1224%2B-%2BGrand%2BTheft%2BAuto.%2BSan%2BAndreas%2B-%2B10%2B-%2B26-10-2004%2B-%2BAction%2BAdventure.jpg
142.250.74.161200 OK 5.2 kB URL HTTP/2 1.bp.blogspot.com/-BJZO2fIOcXk/WN1z2FwwNWI/AAAAAAAACB4/Pa7vBkO5dBcLFv7_UbAEPGBiqud_tuA9gCLcB/w72-h72-p-k-no-nu/1224%2B-%2BGrand%2BTheft%2BAuto.%2BSan%2BAndreas%2B-%2B10%2B-%2B26-10-2004%2B-%2BAction%2BAdventure.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 5da6fa6adec1550d794d080a6d7e9368
e666fd93682008d35858c7f762bf2959cfaaad95
9bef09dcaa7d0fad45fd81f585d4ba278184e2a5a6393f54070972426c788d2d
GET /-BJZO2fIOcXk/WN1z2FwwNWI/AAAAAAAACB4/Pa7vBkO5dBcLFv7_UbAEPGBiqud_tuA9gCLcB/w72-h72-p-k-no-nu/1224%2B-%2BGrand%2BTheft%2BAuto.%2BSan%2BAndreas%2B-%2B10%2B-%2B26-10-2004%2B-%2BAction%2BAdventure.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v81f"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1224 - Grand Theft Auto. San Andreas - 10 - 26-10-2004 - Action Adventure.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 5211
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/3801814646-widgets.js
216.58.207.233200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/3801814646-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2221)
Hash 4b866f80aa72c49d02f36338402a59e5
ca95baa3565ec41d9635387ac90b2add0e05a47d
aff6590600f8a33efdbaf01cc67e5a435e38ec8997b3c6b1f34a1ca8ff72fe7e
GET /static/v1/widgets/3801814646-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56575
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 02:58:16 GMT
expires: Tue, 06 Feb 2024 02:58:16 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 06 Feb 2023 00:50:58 GMT
content-type: text/javascript
age: 243026
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-KzeL8eIuiDs/YGNNgKFJGcI/AAAAAAAAAnM/mldYK7qGNSIGGXZxi7ubWuyKZHjXXhTiwCLcBGAsYHQ/w72-h72-p-k-no-nu/SLES_556.76_BG.jpg
142.250.74.161200 OK 5.6 kB URL HTTP/2 1.bp.blogspot.com/-KzeL8eIuiDs/YGNNgKFJGcI/AAAAAAAAAnM/mldYK7qGNSIGGXZxi7ubWuyKZHjXXhTiwCLcBGAsYHQ/w72-h72-p-k-no-nu/SLES_556.76_BG.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 2d564db8c51c7322d579d92620ad1ee8
869d074b629af18a28509fba690db4e83064e108
5408bd0586820362d0135c909cef26ed155f2d6be5cf5068da744d1ff4b76630
GET /-KzeL8eIuiDs/YGNNgKFJGcI/AAAAAAAAAnM/mldYK7qGNSIGGXZxi7ubWuyKZHjXXhTiwCLcBGAsYHQ/w72-h72-p-k-no-nu/SLES_556.76_BG.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="SLES_556.76_BG.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 5550
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 01 Feb 2023 14:29:12 GMT
cache-control: public, max-age=86400, no-transform
etag: "v274"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-R2X6lsHfd0Y/W4tgZZDKgpI/AAAAAAAAAFY/EzI-OnqjIXwVllq3KQM2lrjarpjR0vmBQCK4BGAYYCw/s1600/My%2BPost1.png
142.250.74.161200 OK 135 kB URL HTTP/2 1.bp.blogspot.com/-R2X6lsHfd0Y/W4tgZZDKgpI/AAAAAAAAAFY/EzI-OnqjIXwVllq3KQM2lrjarpjR0vmBQCK4BGAYYCw/s1600/My%2BPost1.png
IP 142.250.74.161:0
File type PNG image data, 1100 x 275, 8-bit/color RGBA, non-interlaced\012- data
Size 135 kB (135281 bytes)
Hash 2e58bb4e3e6fbf07febb0d0d55439639
bb990e27c44dc2a62444cda19999d01c5875bc04
4a39723fa6445a3c7cdfb7eec862ae345f67957e771c5fb1798f29188e9f4659
GET /-R2X6lsHfd0Y/W4tgZZDKgpI/AAAAAAAAAFY/EzI-OnqjIXwVllq3KQM2lrjarpjR0vmBQCK4BGAYYCw/s1600/My%2BPost1.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="My Post1.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 135281
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 01 Feb 2023 14:29:12 GMT
cache-control: public, max-age=86400, no-transform
etag: "v57"
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 79408ca7246d1453a4d940001108528c
6485fceacb572c95bf5c2cdcb9a1330047c4cd85
935033a1e7f7c5a165aa3014a893514fe733d2f82709845aca5c3cda704e0731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3.bp.blogspot.com/--0bydFwl9hg/WbKsXx4Dp4I/AAAAAAAAFV0/HqncFoYBdkM7YElHL57ll1n-FSo7ExDcgCLcBGAs/w72-h72-p-k-no-nu/PSone-Console-Set-NoLCD.png
142.250.74.161200 OK 6.0 kB URL HTTP/2 3.bp.blogspot.com/--0bydFwl9hg/WbKsXx4Dp4I/AAAAAAAAFV0/HqncFoYBdkM7YElHL57ll1n-FSo7ExDcgCLcBGAs/w72-h72-p-k-no-nu/PSone-Console-Set-NoLCD.png
IP 142.250.74.161:0
File type PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash 5bc95e4721fb91bcfeb47bff4e7dbd66
af705a9782381927a17ac1bd09bca0da1cd919c6
55738fda018d0e0459f3bee0d7d78c38b0aeddd2323ced0668150e9dcb49025a
GET /--0bydFwl9hg/WbKsXx4Dp4I/AAAAAAAAFV0/HqncFoYBdkM7YElHL57ll1n-FSo7ExDcgCLcBGAs/w72-h72-p-k-no-nu/PSone-Console-Set-NoLCD.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1563"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="PSone-Console-Set-NoLCD.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 6007
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
142.250.74.138200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP 142.250.74.138:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 Feb 2023 09:43:36 GMT
expires: Thu, 08 Feb 2024 09:43:36 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 45906
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
2.bp.blogspot.com/-2Khxh3Hr5Vk/Wsjie32819I/AAAAAAAAFeA/8a4PylxbfNcQzDeqxybkBXiT-6UFUFPRwCLcBGAs/w72-h72-p-k-no-nu/SonyPSP1000Body.jpg
142.250.74.161200 OK 1.8 kB URL HTTP/2 2.bp.blogspot.com/-2Khxh3Hr5Vk/Wsjie32819I/AAAAAAAAFeA/8a4PylxbfNcQzDeqxybkBXiT-6UFUFPRwCLcBGAs/w72-h72-p-k-no-nu/SonyPSP1000Body.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash ae4199f227ea6de53bdfd61a70fcb1b6
f2f22142d5d1008532601e3643c8562eec551f47
c9a3434e345028d85633a598c7edde0bc7d398b652a54f17d64f208256808103
GET /-2Khxh3Hr5Vk/Wsjie32819I/AAAAAAAAFeA/8a4PylxbfNcQzDeqxybkBXiT-6UFUFPRwCLcBGAs/w72-h72-p-k-no-nu/SonyPSP1000Body.jpg HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v15e1"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="SonyPSP1000Body.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 1837
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
4.bp.blogspot.com/-U_kZChTmfOY/WMx_3g2IKSI/AAAAAAAAD8w/p95u5sQd5eU3FmTIBOGdU51FMkbZuv4ygCPcB/w72-h72-p-k-no-nu/game.jpg
142.250.74.161200 OK 4.0 kB URL HTTP/2 4.bp.blogspot.com/-U_kZChTmfOY/WMx_3g2IKSI/AAAAAAAAD8w/p95u5sQd5eU3FmTIBOGdU51FMkbZuv4ygCPcB/w72-h72-p-k-no-nu/game.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 02a44d3ed3c0fcdc27b7c413bf71af56
66fea975247fcfb4d7d850235699dd7a3017b434
7dbe635efa11a1becf16b2e34250974d91041189fd7cec44f0d9ccb3bd6025eb
GET /-U_kZChTmfOY/WMx_3g2IKSI/AAAAAAAAD8w/p95u5sQd5eU3FmTIBOGdU51FMkbZuv4ygCPcB/w72-h72-p-k-no-nu/game.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "vfcc"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="game.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 4001
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 79408ca7246d1453a4d940001108528c
6485fceacb572c95bf5c2cdcb9a1330047c4cd85
935033a1e7f7c5a165aa3014a893514fe733d2f82709845aca5c3cda704e0731
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
4.bp.blogspot.com/-JptdbA3S9lY/V8-T3etotkI/AAAAAAAABu0/dSpcsB7GrsQV3Prt4AEgLz1WLP-6SWEEgCLcB/w72-h72-p-k-no-nu/Cv_aos_agb_rgb.jpg
142.250.74.161200 OK 4.9 kB URL HTTP/2 4.bp.blogspot.com/-JptdbA3S9lY/V8-T3etotkI/AAAAAAAABu0/dSpcsB7GrsQV3Prt4AEgLz1WLP-6SWEEgCLcB/w72-h72-p-k-no-nu/Cv_aos_agb_rgb.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 2b8757b357fa6a5841f68bf14afdef70
e5e6b3c0a297ab8645edd4176df2fdba83f30157
a021699b01d9222b50ac70b1a24ecaf80f001e2f4dc119502f0875c9fcc84641
GET /-JptdbA3S9lY/V8-T3etotkI/AAAAAAAABu0/dSpcsB7GrsQV3Prt4AEgLz1WLP-6SWEEgCLcB/w72-h72-p-k-no-nu/Cv_aos_agb_rgb.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Cv_aos_agb_rgb.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 4933
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 01 Feb 2023 14:29:12 GMT
cache-control: public, max-age=86400, no-transform
etag: "v6ee"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
4.bp.blogspot.com/-QHFaZ1t-62M/XOVLeqbymhI/AAAAAAAAAXA/7wfE98_Rt-MeyhnnzOzamqaT_vM_4ezSgCLcBGAs/w72-h72-p-k-no-nu/Wii.png
142.250.74.161200 OK 5.4 kB URL HTTP/2 4.bp.blogspot.com/-QHFaZ1t-62M/XOVLeqbymhI/AAAAAAAAAXA/7wfE98_Rt-MeyhnnzOzamqaT_vM_4ezSgCLcBGAs/w72-h72-p-k-no-nu/Wii.png
IP 142.250.74.161:0
File type PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash 93f34963bc06a35da6679422553e2d0f
6b9435334dd2c2d5af291a2ce4a9cef91be3d941
a704243779be9eb86e2110071c72d6698118eacc126e660856f2367e677f6ce0
GET /-QHFaZ1t-62M/XOVLeqbymhI/AAAAAAAAAXA/7wfE98_Rt-MeyhnnzOzamqaT_vM_4ezSgCLcBGAs/w72-h72-p-k-no-nu/Wii.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Wii.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 5358
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 01 Feb 2023 14:29:12 GMT
cache-control: public, max-age=86400, no-transform
etag: "v171"
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js
IP 142.250.74.138:0
File type Unicode text, UTF-8 text, with very long lines (65168)
Hash ebaa24930d6b905fe00c9457484b78a9
f97496ee81148e264b3735464b8bfced1a8b2fad
b9bd9830d7eceae230cfaa5105e8a3ec432392f270cee156637dac8d0684d614
GET /ajax/libs/jquery/1.5/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30082
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 15:45:44 GMT
expires: Wed, 07 Feb 2024 15:45:44 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 110578
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
3.bp.blogspot.com/-iARutayoGdM/YAsCvx1WMiI/AAAAAAAAAmU/IjkqT6x1UoAmPPJ-W_vhEiPC-K4-ghZYACK4BGAYYCw/s1600/baixe%2Bna%2Bplaystore.png
142.250.74.161200 OK 17 kB URL HTTP/2 3.bp.blogspot.com/-iARutayoGdM/YAsCvx1WMiI/AAAAAAAAAmU/IjkqT6x1UoAmPPJ-W_vhEiPC-K4-ghZYACK4BGAYYCw/s1600/baixe%2Bna%2Bplaystore.png
IP 142.250.74.161:0
File type PNG image data, 646 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 397f761906e17d3624abe335ae9993c9
62f1f7baa5523f2525b8f37c8b2734f25d5b6cbe
824d94aadada8270672de6216d6edb3d6d5128f1c4feb84ac98c3051cd95af64
GET /-iARutayoGdM/YAsCvx1WMiI/AAAAAAAAAmU/IjkqT6x1UoAmPPJ-W_vhEiPC-K4-ghZYACK4BGAYYCw/s1600/baixe%2Bna%2Bplaystore.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v266"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="baixe na playstore.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 17336
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
3.bp.blogspot.com/-QZM3SCx8yHU/V9R6g_O-P8I/AAAAAAAAB3g/-4BOu5hU2y0-RB-TR99USEZQTignqTL6gCLcB/s320/297%2B-%2BThe%2BLegend%2Bof%2BZelda.%2BA%2BLink%2Bto%2Bthe%2BPast%2B-%2B10%2B-%2B13-04-1992%2B-%2BRPG.jpg
142.250.74.161200 OK 43 kB URL HTTP/2 3.bp.blogspot.com/-QZM3SCx8yHU/V9R6g_O-P8I/AAAAAAAAB3g/-4BOu5hU2y0-RB-TR99USEZQTignqTL6gCLcB/s320/297%2B-%2BThe%2BLegend%2Bof%2BZelda.%2BA%2BLink%2Bto%2Bthe%2BPast%2B-%2B10%2B-%2B13-04-1992%2B-%2BRPG.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x223, components 3\012- data
Hash 14cf9e2f3511b3cd8a49598119e92b26
6cb61c11b989875cba029410c59c8afd2d47011d
23cc38a85e2615c750ebf8b1e1889db8d0243e8f25b0ea8fa366d5be98a30ab4
GET /-QZM3SCx8yHU/V9R6g_O-P8I/AAAAAAAAB3g/-4BOu5hU2y0-RB-TR99USEZQTignqTL6gCLcB/s320/297%2B-%2BThe%2BLegend%2Bof%2BZelda.%2BA%2BLink%2Bto%2Bthe%2BPast%2B-%2B10%2B-%2B13-04-1992%2B-%2BRPG.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v77e"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="297 - The Legend of Zelda. A Link to the Past - 10 - 13-04-1992 - RPG.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 42695
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
4.bp.blogspot.com/-BaMbAKY1zhY/WOwQOSFgIVI/AAAAAAAAADM/aSrtNYEYXwAEe1ax4UBEkSvkbNOCzPj8wCK4B/s0/castlevsotnWlpr5-2560x1600.png
142.250.74.161200 OK 305 kB URL HTTP/2 4.bp.blogspot.com/-BaMbAKY1zhY/WOwQOSFgIVI/AAAAAAAAADM/aSrtNYEYXwAEe1ax4UBEkSvkbNOCzPj8wCK4B/s0/castlevsotnWlpr5-2560x1600.png
IP 142.250.74.161:0
File type PNG image data, 2000 x 1250, 8-bit colormap, non-interlaced\012- data
Size 305 kB (304715 bytes)
Hash d359ef89d4499aff31543743018844f7
e89e55c2aef1e921f5466e6ce31303d3cfd5de31
6046586270e33bdb28463515508138cd344f6f019a83417abebb9277d0de3563
GET /-BaMbAKY1zhY/WOwQOSFgIVI/AAAAAAAAADM/aSrtNYEYXwAEe1ax4UBEkSvkbNOCzPj8wCK4B/s0/castlevsotnWlpr5-2560x1600.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v34"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="castlevsotnWlpr5-2560x1600.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 304715
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash da7ec6cdfb8eb8618e25bd1233622b0e
fa69c0711b2ad58b96ffbcaa8c1c8e617415712d
39ea51794254bafd67a8070483a664e61f63d5a7b15b8b083a109564641c11ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.emularoms.com.br/feeds/posts/default/-/baixar?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6
142.250.74.179200 OK 4.8 kB URL HTTP/2 www.emularoms.com.br/feeds/posts/default/-/baixar?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6
IP 142.250.74.179:0
File type Unicode text, UTF-8 text, with very long lines (29201)
Hash 715ebc4b0900c65ecee08d6dfe42d403
2d45318716e98249ffc21f27918b638d39246570
b882b2c720d672989a7ab5a08b178da22ab554cfb4a384cf046086975f0ce5a1
GET /feeds/posts/default/-/baixar?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6 HTTP/1.1
Host: www.emularoms.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
etag: W/"f9460cb8423aa759ca60f12743a02dc8925ffeb58dfcebd709a219b66c422470"
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: text/javascript; charset=UTF-8
server: blogger-renderd
expires: Wed, 08 Feb 2023 22:28:43 GMT
cache-control: public, must-revalidate, proxy-revalidate, max-age=1
x-content-type-options: nosniff
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 11:32:34 GMT
content-encoding: gzip
content-length: 4816
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 130bb82172a26b674a54e53bb927cccb
cea15a831d1deb00f6f5bc213d885419ea33a70d
974654b2305d1a603b85bcd46a8f12e57ab2cd0d0042cbebf206d2067e0ab25b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 463b1bc4c1f8b511b90497273054e6a5
f182df6ec615c3d12b759cff7d9c2d34fafc3b89
d125b0f5b74425a014f95e416a92fcf0cf893620849d5d151eb6f22cd6615bb1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:28:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 06:42:13 GMT
Expires: Tue, 14 Feb 2023 06:42:12 GMT
Etag: "f182df6ec615c3d12b759cff7d9c2d34fafc3b89"
Cache-Control: max-age=461009,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967ccc3fc9c0b06-OSL
1.bp.blogspot.com/-MDkxf3y14G8/X95dtHVa54I/AAAAAAAAAlY/rPq1lc6ExvQmuGZKNBxlf3HorXvTB3vVgCLcBGAsYHQ/w200-h200/Icone.png
142.250.74.161200 OK 280 B URL HTTP/2 1.bp.blogspot.com/-MDkxf3y14G8/X95dtHVa54I/AAAAAAAAAlY/rPq1lc6ExvQmuGZKNBxlf3HorXvTB3vVgCLcBGAsYHQ/w200-h200/Icone.png
IP 142.250.74.161:0
Hash 5d6c5288efc61d2297933de7c3f1f6a6
43a4e06465a346ff84a01e8c7c71d5a9580676fc
2d490212f49a95600de5102fdc67b725c8c2235a5811dc8097d583122d1eeb60
GET /-MDkxf3y14G8/X95dtHVa54I/AAAAAAAAAlY/rPq1lc6ExvQmuGZKNBxlf3HorXvTB3vVgCLcBGAsYHQ/w200-h200/Icone.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Icone.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 27879
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Wed, 01 Feb 2023 14:29:12 GMT
cache-control: public, max-age=86400, no-transform
etag: "v257"
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/fZsZQHTe04o/maxresdefault.jpg
216.58.211.22200 OK 76 kB URL HTTP/2 i.ytimg.com/vi/fZsZQHTe04o/maxresdefault.jpg
IP 216.58.211.22:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Hash f03e647222cf45aa1c6bbb9f4bd3ae83
7f40826d54e294f98c969e127471347919ca39e7
2ea670e724ced49fd9adb80ec9574a837290fca5ff5cf0928575d91180f4f2a1
GET /vi/fZsZQHTe04o/maxresdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 75459
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 Feb 2023 22:28:42 GMT
expires: Thu, 09 Feb 2023 00:28:42 GMT
cache-control: public, max-age=7200
etag: "1508773286"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash da7ec6cdfb8eb8618e25bd1233622b0e
fa69c0711b2ad58b96ffbcaa8c1c8e617415712d
39ea51794254bafd67a8070483a664e61f63d5a7b15b8b083a109564641c11ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 463b1bc4c1f8b511b90497273054e6a5
f182df6ec615c3d12b759cff7d9c2d34fafc3b89
d125b0f5b74425a014f95e416a92fcf0cf893620849d5d151eb6f22cd6615bb1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:28:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 06:42:13 GMT
Expires: Tue, 14 Feb 2023 06:42:12 GMT
Etag: "f182df6ec615c3d12b759cff7d9c2d34fafc3b89"
Cache-Control: max-age=461009,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967ccc4bbaeb51b-OSL
3.bp.blogspot.com/-wniLpw_HmQ0/V8xdrHqPsJI/AAAAAAAABqU/TnkjcuUig083yEnvRZTWBj6BGEj8-GoggCPcB/s1600/clique-aqui-para-baixar-baixaki-a1.jpg
142.250.74.161200 OK 10 kB URL HTTP/2 3.bp.blogspot.com/-wniLpw_HmQ0/V8xdrHqPsJI/AAAAAAAABqU/TnkjcuUig083yEnvRZTWBj6BGEj8-GoggCPcB/s1600/clique-aqui-para-baixar-baixaki-a1.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 192x95, components 3\012- data
Hash 2f71999d2485688357c8873d5b4bfda8
110e6ccc41fada0b84d74d988d3c68725760876b
a11939306075ae2dd02c319f25052886ac04d271477947495137f2c97b36339f
GET /-wniLpw_HmQ0/V8xdrHqPsJI/AAAAAAAABqU/TnkjcuUig083yEnvRZTWBj6BGEj8-GoggCPcB/s1600/clique-aqui-para-baixar-baixaki-a1.jpg HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v6a5"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="clique-aqui-para-baixar-baixaki-a1.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 10291
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-5Zzymqpy4oA/W6HAhr981vI/AAAAAAAAAJE/7MYMMNbrcoIjc-u6EWHjo2aKjE5usmQ0ACLcBGAs/w72-h72-p-k-no-nu/nintendo-ds-original-grey-model_taef.png
142.250.74.161200 OK 11 kB URL HTTP/2 1.bp.blogspot.com/-5Zzymqpy4oA/W6HAhr981vI/AAAAAAAAAJE/7MYMMNbrcoIjc-u6EWHjo2aKjE5usmQ0ACLcBGAs/w72-h72-p-k-no-nu/nintendo-ds-original-grey-model_taef.png
IP 142.250.74.161:0
File type PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced\012- data
Hash db60d7f5013721208dd82516043cb090
5765cf49c9d7200008207fd254dd1feb8024c5f4
fe262cf24059cb8e8feff7c221cf20d24be5280c1fce3be829efa42f4a1584cc
GET /-5Zzymqpy4oA/W6HAhr981vI/AAAAAAAAAJE/7MYMMNbrcoIjc-u6EWHjo2aKjE5usmQ0ACLcBGAs/w72-h72-p-k-no-nu/nintendo-ds-original-grey-model_taef.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v92"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="nintendo-ds-original-grey-model_taef.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 11062
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1.bp.blogspot.com/-92c08Mvk4Iw/V81ueKEgbZI/AAAAAAAABqw/flhTXYBgZ-4rW0NrS-ed_6_pMNhKri5dACLcB/s320/Super-Mario-World.jpg
142.250.74.161200 OK 25 kB URL HTTP/2 1.bp.blogspot.com/-92c08Mvk4Iw/V81ueKEgbZI/AAAAAAAABqw/flhTXYBgZ-4rW0NrS-ed_6_pMNhKri5dACLcB/s320/Super-Mario-World.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 250x182, components 3\012- data
Hash b425e0ff60564b2aab89150b6a7e16b2
30982c364b7e731c749a6a6e1583564b75fb9a7d
2b378c59e8c6dc2af8cf87a2c4e26255e24bb91ccd6f51fb5bc80de2c88e91b9
GET /-92c08Mvk4Iw/V81ueKEgbZI/AAAAAAAABqw/flhTXYBgZ-4rW0NrS-ed_6_pMNhKri5dACLcB/s320/Super-Mario-World.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v6af"
expires: Thu, 09 Feb 2023 22:28:42 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Super-Mario-World.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:28:42 GMT
server: fife
content-length: 25053
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4c834f74b2d6a38ee12b05cebac372b9
591010a999a2857a62d2f0f65405279f58e64b7e
04c90091589f3dbc11be254478b6bf83f4f4d4b349e0e84d0709d7cea644aff2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04C90091589F3DBC11BE254478B6BF83F4F4D4B349E0E84D0709D7CEA644AFF2"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6853
Expires: Thu, 09 Feb 2023 00:22:55 GMT
Date: Wed, 08 Feb 2023 22:28:42 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 463b1bc4c1f8b511b90497273054e6a5
f182df6ec615c3d12b759cff7d9c2d34fafc3b89
d125b0f5b74425a014f95e416a92fcf0cf893620849d5d151eb6f22cd6615bb1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:28:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 06:42:13 GMT
Expires: Tue, 14 Feb 2023 06:42:12 GMT
Etag: "f182df6ec615c3d12b759cff7d9c2d34fafc3b89"
Cache-Control: max-age=461009,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967ccc67eb10b06-OSL
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b0d9e507828136fee12797af97805fd9
d9dd1bd92393f65f7106803d1f8386be408baab8
3c1994161ca52032d1f9335a6ca7dc763bcfe8d0648dae3d17f29984b7b799ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C1994161CA52032D1F9335A6CA7DC763BCFE8D0648DAE3D17F29984B7B799AD"
Last-Modified: Tue, 07 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16743
Expires: Thu, 09 Feb 2023 03:07:45 GMT
Date: Wed, 08 Feb 2023 22:28:42 GMT
Connection: keep-alive
pl17466449.highperformancecpmgate.com/89/0c/c0/890cc08a7168652ba4d2507655925ced.js
173.233.137.52200 OK 13 kB URL HTTP/1.1 pl17466449.highperformancecpmgate.com/89/0c/c0/890cc08a7168652ba4d2507655925ced.js
IP 173.233.137.52:0
File type ASCII text, with very long lines (37122), with no line terminators
Hash 0a4b4898ca0fbc2b8fd21262bc3c582c
c14cfbfc5ddbc697604964409947df8b8fa39e30
98f6bdc663c94a1cc2dddc4650d4f756707d826dead3169ff7bbc188fed953a7
Analyzer Verdict Alert quad9 Sinkholed
GET /89/0c/c0/890cc08a7168652ba4d2507655925ced.js HTTP/1.1
Host: pl17466449.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:42 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9553f40457187c910cf7343fbea0e449
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
call.cleverwebserver.com/?id=52852&c=NO&r=null&l=91&b=Firefox&os=Win10&mob=0&v=1.23.4&ref=aHR0cHM6Ly93d3cuZW11bGFyb21zLmNvbS5ici8yMDE2LzA5L3N1cGVyLW1hcmlvLXdvcmxkLWJyLXNuZXMuaHRtbA%3D%3D&ruri=&iv=-1&ctr=NO
104.18.25.246200 OK 43 B URL HTTP/2 call.cleverwebserver.com/?id=52852&c=NO&r=null&l=91&b=Firefox&os=Win10&mob=0&v=1.23.4&ref=aHR0cHM6Ly93d3cuZW11bGFyb21zLmNvbS5ici8yMDE2LzA5L3N1cGVyLW1hcmlvLXdvcmxkLWJyLXNuZXMuaHRtbA%3D%3D&ruri=&iv=-1&ctr=NO
IP 104.18.25.246:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
GET /?id=52852&c=NO&r=null&l=91&b=Firefox&os=Win10&mob=0&v=1.23.4&ref=aHR0cHM6Ly93d3cuZW11bGFyb21zLmNvbS5ici8yMDE2LzA5L3N1cGVyLW1hcmlvLXdvcmxkLWJyLXNuZXMuaHRtbA%3D%3D&ruri=&iv=-1&ctr=NO HTTP/1.1
Host: call.cleverwebserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: image/gif
content-length: 43
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7967ccc77df3b4e8-OSL
X-Firefox-Spdy: h2
quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.emularoms.com.br/choice.js
54.230.111.39204 No Content 0 B URL HTTP/2 quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.emularoms.com.br/choice.js
IP 54.230.111.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /choice/6Fv0cGNfc_bw8/www.emularoms.com.br/choice.js HTTP/1.1
Host: quantcast.mgr.consensu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: max-age=3600
date: Wed, 08 Feb 2023 22:28:42 GMT
server: AmazonS3
cross-origin-resource-policy: cross-origin
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5vGS5EUoCQ8ntdE5YymGmU0UPD8ctDSI0EIFYfoLatd1HRjUI87-jQ==
X-Firefox-Spdy: h2
pl17455984.profitablecpmgate.com/008417edc1510549578086e745199c79/invoke.js
192.243.61.227200 OK 9.3 kB URL HTTP/1.1 pl17455984.profitablecpmgate.com/008417edc1510549578086e745199c79/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25106), with no line terminators
Hash 657acef031778d36e7d45e6befc8b748
87288361e92ab9f14bd1bb2898fb2084aad160c4
448e9b6438e02e0dbf88eaef9c40e6f972fd2afc35da4f10ff51fa05e99d157e
GET /008417edc1510549578086e745199c79/invoke.js HTTP/1.1
Host: pl17455984.profitablecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:42 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96f7fe7154142abf9f915e8783f5803a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.emularoms.com.br/feeds/posts/default/-/super%20nintendo?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6
142.250.74.179200 OK 5.6 kB URL HTTP/2 www.emularoms.com.br/feeds/posts/default/-/super%20nintendo?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6
IP 142.250.74.179:0
File type Unicode text, UTF-8 text, with very long lines (38978)
Hash f4908a699b68b7cd60269ae91c7d5c69
92c8180c9ac1c2f415a71cb50eb4967e8f2c68fd
712279119bdbab9fab1d7851770bd1c541cbcfd38b57d83b3827023594ad3d21
GET /feeds/posts/default/-/super%20nintendo?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6 HTTP/1.1
Host: www.emularoms.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
etag: W/"12b777db79d08377fda408b5b070c0c4eea1ba6fab1fd1b3f42ed5e85c0c143a"
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: text/javascript; charset=UTF-8
server: blogger-renderd
expires: Wed, 08 Feb 2023 22:28:43 GMT
cache-control: public, must-revalidate, proxy-revalidate, max-age=1
x-content-type-options: nosniff
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 11:32:34 GMT
content-encoding: gzip
content-length: 5550
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c41c722798f0e3638024f21a5a7a8d83
db3ccc45ee1b163a36affe20ac87fa33c5fd6146
2c47b9c17f99c9852ece1fdf54f4c6dc7b97fc61c663126a5136162560cfb399
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2C47B9C17F99C9852ECE1FDF54F4C6DC7B97FC61C663126A5136162560CFB399"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12181
Expires: Thu, 09 Feb 2023 01:51:43 GMT
Date: Wed, 08 Feb 2023 22:28:42 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17219
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Wed, 08 Feb 2023 22:28:42 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17218
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Wed, 08 Feb 2023 22:28:43 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17218
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Wed, 08 Feb 2023 22:28:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg
34.120.237.76200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 28ae39b238f62d6c0aee7bb16ff863d5
3c2247e40747c3ca72dd7877facee9a9fecf0f59
c530ba92455ea45e14410f497d2df04cc1321e2937cc7e81aa75f4fc14206a7c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3014
x-amzn-requestid: bec40915-584b-48fc-94c2-293e96567474
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKGrGoAMFelg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-2250ff00772341353151dd34;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmJxNCnPKUD5O4HCWIjqeVaanXL50KZ60Xu1iOC6bisRBDJNkVXvww==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "3c2247e40747c3ca72dd7877facee9a9fecf0f59"
content-type: image/jpeg
age: 3246
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnbG_CYddidhGlygFinwMyN81eHxP_vRzxsm7QBIAJzFqwaKTt-POQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:44 GMT
age: 3239
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9614e0f-1b62-40ec-b140-9464c5527d5e.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9614e0f-1b62-40ec-b140-9464c5527d5e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 403cadd5f6beb14f5d2a4dd9eafc68d3
4724b4929c1afcc134ead274238725e4ce729b26
13d7b7ca88de8341e3ec835a5a7d8c79bc50a136aff8eb90aa3c2267f3e8cc08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9614e0f-1b62-40ec-b140-9464c5527d5e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5241
x-amzn-requestid: 3ffb8a54-178e-4574-9662-8dc7696203fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACiy0FOqIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e41811-26219fa14a85f6e81e4cf129;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:45:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8U_d5u2rtXAyLLBhRZ3BbQkFOc5gxZIPhnyL5XOvjGV6-8KqWyn8FQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:45:53 GMT
etag: "4724b4929c1afcc134ead274238725e4ce729b26"
content-type: image/jpeg
age: 2570
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 12:41:28 GMT
age: 35235
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc553a8677d9c0bf4835a0c29a7345c
ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8
e821faf86e44f2b9c9d5bd8cd3575c0a99acfc58774077034c413e345a7c0c0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7451
x-amzn-requestid: a900a5b4-85cd-4817-8e70-2516eb33a0a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fox8IHMuIAMFdHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9c9e7-1122726b315a7c5623d1ff3f;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 02:09:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JFPF2xZJ9QIqJbOEjTi5gt2aflnM9HVaWp8FpRAIIeDf59cJzbp6kw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:46:36 GMT
age: 2527
etag: "ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y-1zzLzVegi0T-SAyTpUuFD6iVVYbuL5u71dc74BY2l7PrxVu-am5w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
age: 3246
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.emularoms.com.br/feeds/posts/default/-/roms?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6
142.250.74.179200 OK 4.2 kB URL HTTP/2 www.emularoms.com.br/feeds/posts/default/-/roms?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6
IP 142.250.74.179:0
File type Unicode text, UTF-8 text, with very long lines (30749)
Hash e74cfbe8dc3d0015aa08c33313be4888
2ad3febe50ef5d6d933627fa98438993edc33dc0
bd189ffe72bf7e54f53f4e4d9794f58de2348781d79dfba4e1af168bb95486c4
GET /feeds/posts/default/-/roms?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6 HTTP/1.1
Host: www.emularoms.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
etag: W/"34e968972c8295fd2222a9507458feb31f2aaebd416898890646201ae9e7fa59"
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: text/javascript; charset=UTF-8
server: blogger-renderd
expires: Wed, 08 Feb 2023 22:28:43 GMT
cache-control: public, must-revalidate, proxy-revalidate, max-age=1
x-content-type-options: nosniff
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 11:32:34 GMT
content-encoding: gzip
content-length: 4233
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash a28222744ed7330bea9a621b935adcc1
d6c82547cae9ebf20c9e2534b2b072977d721399
14be94c7e087e140464c8d3cb8b77642c6ed07cde45992faa54d577cf26df94a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 22:28:43 GMT
Last-Modified: Wed, 08 Feb 2023 22:01:09 GMT
Server: ECS (nyb/1D0A)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xmWZJTMBS-Q628CxvCaCfpJrDgRL5I60tLdn-AZeADj98MZFdZTKdQ==
Age: 1654
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 35f1569cd0d991151261b85eb07883d1
2e31f6949262c4e6207b2909afcd8a801c80900b
9354005d45d8d91c6362c41ae8dd82307d511d4c46fd87cc687f99b0c41823d1
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.emularoms.com.br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:43 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.emularoms.com.br
access-control-allow-credentials: true
set-cookie: uid_id2=e008e31a-c268-40ed-bc9d-4249fa431ab9:3:1; expires=Sat, 05 Feb 2033 22:28:43 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
www.emularoms.com.br/feeds/posts/default/-/roms%20traduzidas?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6
142.250.74.179200 OK 5.2 kB URL HTTP/2 www.emularoms.com.br/feeds/posts/default/-/roms%20traduzidas?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6
IP 142.250.74.179:0
File type Unicode text, UTF-8 text, with very long lines (37372)
Hash 24dc31e246716b87e301c8198f9f30da
b43bf3e0cce0c9bd3d30ac4872000d36a6a11cbe
d10749e5e66908dfe767f860a423805da6171dc916a3e0a4261187b908e16354
GET /feeds/posts/default/-/roms%20traduzidas?alt=json-in-script&callback=related_results_labels_thumbs&max-results=6 HTTP/1.1
Host: www.emularoms.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/2016/09/super-mario-world-br-snes.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
etag: W/"bb43e963818d0d5303d26f469f9c889252c4136b971f12513b429e8f89fece92"
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: text/javascript; charset=UTF-8
server: blogger-renderd
expires: Wed, 08 Feb 2023 22:28:43 GMT
cache-control: public, must-revalidate, proxy-revalidate, max-age=1
x-content-type-options: nosniff
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 11:32:34 GMT
content-encoding: gzip
content-length: 5188
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c41c722798f0e3638024f21a5a7a8d83
db3ccc45ee1b163a36affe20ac87fa33c5fd6146
2c47b9c17f99c9852ece1fdf54f4c6dc7b97fc61c663126a5136162560cfb399
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2C47B9C17F99C9852ECE1FDF54F4C6DC7B97FC61C663126A5136162560CFB399"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12180
Expires: Thu, 09 Feb 2023 01:51:43 GMT
Date: Wed, 08 Feb 2023 22:28:43 GMT
Connection: keep-alive
friendshipmale.com/sfp.js
172.64.202.23200 OK 27 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.202.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 249d5bb8f8d5fd948efc1354d88c6817
7c912d3b06643207404fedefff09fafa13366c0d
f3bfe89639b988ecb00f0cfee2f14749541d67e96bd6b6308d6e934031db1352
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:43 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 4b0df92fdcbb7fa7d088a1aefd165dde
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 08 Feb 2023 22:28:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N2%2BCnIg%2FbE3YdNo0yEW3FeWsYGsbvux5cygiBr4cayiPMB4QRVMYvzh5oBqqaGGtH6IP6kq%2BnXMVxTVHf5SXgpS8KcWYq3CTUbwZhnFzgbvGqrP6hVt6T2zHNcIXtPDfM%2BEHmd8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccc8eb4e88bc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 84889b914548f7820766f27a40699cfa
bc674cdb5819759b5ecd5aabfde47f56127f5d89
e2a69fe4edd028d00a8a744b62ef51dada2aff144da0cd9813efc887a11f70a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
142.250.74.164200 OK 665 B URL HTTP/2 www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
IP 142.250.74.164:0
File type ASCII text, with very long lines (1034), with no line terminators
Hash c7f89fdd783e35486b22625cb506da04
7a45defd22786b1ca257b21bb74d758149037426
3a695a81a72e80c5b9ce0889c960c64c9af49fc5e6c7e90a377686943020e4ad
GET /recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 08 Feb 2023 22:28:43 GMT
date: Wed, 08 Feb 2023 22:28:43 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 665
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
geniusdexchange.com/a/display.php?r=6069026
35.227.202.173200 OK 2.5 kB URL HTTP/2 geniusdexchange.com/a/display.php?r=6069026
IP 35.227.202.173:0
Hash 4442a2fbf4893290161ac523a54f9c2a
855a8a5d0941b8f16a1779fe8a142497c4b0f0bf
39c85819746618c05f2f1b9558304dc00c9ca58177fdc7401a86b22793cebc15
GET /a/display.php?r=6069026 HTTP/1.1
Host: geniusdexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f47bf01c087fce105e5c33197377b37a
ef300a4e005109449a84a5f46e3ca0a15b9c70b3
a03ebba906474ff72bfc918850117f1ccff1846a4b1e1670d0a54124969c941c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A03EBBA906474FF72BFC918850117F1CCFF1846A4B1E1670D0A54124969C941C"
Last-Modified: Wed, 08 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6056
Expires: Thu, 09 Feb 2023 00:09:39 GMT
Date: Wed, 08 Feb 2023 22:28:43 GMT
Connection: keep-alive
www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
142.250.74.35200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (633)
Size 164 kB (163841 bytes)
Hash fe98364486b3206867b17008f995646f
35a5e9aa210970f7abd718d99e629c6982a3cc02
1fd703cb16e3f6f3f7192109d19c69d6e5ac1cfa0feb5b105a86564b7970d28a
GET /recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163841
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 08:53:11 GMT
expires: Wed, 07 Feb 2024 08:53:11 GMT
cache-control: public, max-age=31536000
age: 135332
last-modified: Tue, 31 Jan 2023 02:51:47 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
play.google.com/log?format=json&hasfast=true&authuser=0
142.250.74.14200 OK 131 B URL HTTP/2 play.google.com/log?format=json&hasfast=true&authuser=0
IP 142.250.74.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash babb6f090aeebc6f421624475b4aefff
06079b7547949822c118224e51604f4c5ebf80c8
b2fe8b91f31edc7284cc9690e90dd4a38d985598374df68967d917590beb55dd
POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
X-Goog-AuthUser: 0
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 1561
Origin: https://www.blogger.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.blogger.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Wed, 08 Feb 2023 22:28:43 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+142; expires=Fri, 07-Feb-2025 22:28:43 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 08 Feb 2023 22:28:43 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 17b6e1fbc841cdfcb12a0d61d6ea8b20
05c11f7b5210ff3d14f1eb76ea7042f6632f8837
cc3353112c07e2e61a0ead417a8cefa0ae7f3a826fef11211dacbf2ee57fa959
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CC3353112C07E2E61A0EAD417A8CEFA0AE7F3A826FEF11211DACBF2EE57FA959"
Last-Modified: Tue, 07 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4946
Expires: Wed, 08 Feb 2023 23:51:09 GMT
Date: Wed, 08 Feb 2023 22:28:43 GMT
Connection: keep-alive
www.topdisplayformat.com/2c5aa468eda12aeb920d7a6116fdda5a/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 www.topdisplayformat.com/2c5aa468eda12aeb920d7a6116fdda5a/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26939), with no line terminators
Hash f5561ef00f0f6957c2656b6513f219d7
9791d5ffd3e687f27fdf563779ffb631215aede0
022f10966b3735037f9ae844a9538fa19d155cbe5034813e7894a2ab71e2f6f0
Analyzer Verdict Alert quad9 Sinkholed
GET /2c5aa468eda12aeb920d7a6116fdda5a/invoke.js HTTP/1.1
Host: www.topdisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c23e252da0df94b568bcd44b47f52226
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.topdisplayformat.com/c18e445c06696f87b0e820c5393eb067/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 www.topdisplayformat.com/c18e445c06696f87b0e820c5393eb067/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash f5199e03f36a354b13588187c0cc335c
97de51ee4b534dd5cfd16cd440163bd6fe6aeaf3
a19d9c9994c8f625929406ea59f6d66260fb21893a1b3693e41355f75b46b034
Analyzer Verdict Alert quad9 Sinkholed
GET /c18e445c06696f87b0e820c5393eb067/invoke.js HTTP/1.1
Host: www.topdisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9d15ba6b77c543641345275b82720484
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
pistolsizehoe.com/sbar.json?key=890cc08a7168652ba4d2507655925ced&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
192.243.61.225200 OK 4.4 kB URL HTTP/1.1 pistolsizehoe.com/sbar.json?key=890cc08a7168652ba4d2507655925ced&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6339), with no line terminators
Hash 974237567cbac1618c52038f859b3598
4c480d860bfa56500552f8c46db6c8d3d757538a
6badff6323cf687ca9c19841e6ceda8febb4799308e4941cfc4e6eab213d1658
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=890cc08a7168652ba4d2507655925ced&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1 HTTP/1.1
Host: pistolsizehoe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.emularoms.com.br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:44 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.emularoms.com.br
Access-Control-Allow-Origin: https://www.emularoms.com.br
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17365950; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
uid_id2=e008e31a-c268-40ed-bc9d-4249fa431ab9:3:1; expires=Wed, 15 Feb 2023 22:28:44 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
slec890cc08a7168652ba4d2507655925ced=[3905509]; expires=Wed, 08 Feb 2023 22:28:49 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ee0005779d18b5bec422459192ff3b25
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 21:48:03 GMT
expires: Fri, 02 Feb 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 520841
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c427f0a40e9a37185a90f0cb32c47dca
d6d6eb862f7ad162b809aec3e278157dea68f530
8e80aa6b23166b468ad5da901087251dfe3def8a81adecbdc2d9908da74678d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E80AA6B23166B468AD5DA901087251DFE3DEF8A81ADECBDC2D9908DA74678D6"
Last-Modified: Mon, 06 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1142
Expires: Wed, 08 Feb 2023 22:47:46 GMT
Date: Wed, 08 Feb 2023 22:28:44 GMT
Connection: keep-alive
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 17:20:45 GMT
expires: Tue, 06 Feb 2024 17:20:45 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 191279
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 39f72ee961e1afed82fed52212ec6b65
557eae661c60433cfbbe14dbca5df31259e0c59b
b527888545839ca25e30f2fe8d409f3de6ab08d98a974dd14626b728e5ead13c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6361
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:44 GMT
Last-Modified: Wed, 08 Feb 2023 20:42:43 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 39f72ee961e1afed82fed52212ec6b65
557eae661c60433cfbbe14dbca5df31259e0c59b
b527888545839ca25e30f2fe8d409f3de6ab08d98a974dd14626b728e5ead13c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6361
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:44 GMT
Last-Modified: Wed, 08 Feb 2023 20:42:43 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
priestsuede.com/watch.1349021912201.js?key=2c5aa468eda12aeb920d7a6116fdda5a&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
192.243.61.227307 Temporary Redirect 0 B URL HTTP/1.1 priestsuede.com/watch.1349021912201.js?key=2c5aa468eda12aeb920d7a6116fdda5a&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1349021912201.js?key=2c5aa468eda12aeb920d7a6116fdda5a&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1 HTTP/1.1
Host: priestsuede.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.emularoms.com.br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:44 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.emularoms.com.br
Access-Control-Allow-Origin: https://www.emularoms.com.br
Access-Control-Allow-Credentials: true
Location: https://priestsuede.com/watch.1349021912201.js?key=2c5aa468eda12aeb920d7a6116fdda5a&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1&shu=2ad02cebc7f99f3e64feb3f79bcb3b0e335971128932c7e8a9971234ad29d7d0117cc2f3069402dd05fce8f04316dd018e755c8ece1b04135a84100ec15bb6fbee6f9fcdd4b347fb99d1f308e92e9c7f0f156d41734e4f7592cdca6972280e&pst=1675895384&rmtc=t
Set-Cookie: u_pl=17358756; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM1ODc1NiwiayI6IjJjNWFhNDY4ZWRhMTJhZWI5MjBkN2E2MTE2ZmRkYTVhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODg5MzA0LCJwaWQiOjQ4NTg3NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoiY3k5dThjcmQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuZW11bGFyb21zLmNvbS5ici8yMDE2LzA5L3N1cGVyLW1hcmlvLXdvcmxkLWJyLXNuZXMuaHRtbCJ9fQ.0OMxVOEs6ULWWR1Cv_qP8AD8BVTU_BCM0YYbceJamVA; expires=Wed, 08 Feb 2023 22:29:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2b22f9f08a28b6f266cbbbe6a4c0b08d
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bcc93dbda60c7761e7348f76e2c8ef43
02fb1cb40f3670fdb045be0bed406652fda4d870
5f202fd25480f98b5cc9f840df1b7a3d0652576585a2bdde28055253b48bc840
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F202FD25480F98B5CC9F840DF1B7A3D0652576585A2BDDE28055253B48BC840"
Last-Modified: Wed, 08 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9617
Expires: Thu, 09 Feb 2023 01:09:01 GMT
Date: Wed, 08 Feb 2023 22:28:44 GMT
Connection: keep-alive
www.topdisplayformat.com/c6131b49a06e3943789f5f86d3e6eff5/invoke.js
192.243.61.225200 OK 12 kB URL HTTP/1.1 www.topdisplayformat.com/c6131b49a06e3943789f5f86d3e6eff5/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (26947)
Hash f49106aec2cc401fa843b632f18bba1d
3ea7da03da4e67f1bb1b6017d39a7cfa338b8bba
fbb1fcd3e0b6e52fad8065689ab94b290af15c1a4f8e6407b393d1622f7dfce5
Analyzer Verdict Alert quad9 Sinkholed
GET /c6131b49a06e3943789f5f86d3e6eff5/invoke.js HTTP/1.1
Host: www.topdisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d86eb03c77a19e9c2aa26ee904b6bc66
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yY/l/en_US/Sk7a3s5Eq5q.js?_nc_x=Ij3Wp8lg5Kz
157.240.205.11200 OK 24 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yY/l/en_US/Sk7a3s5Eq5q.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.205.11:0
File type ASCII text, with very long lines (42287)
Hash 80ed0131a5bdb566b2d48a7edfe8c31d
029a363070ac3edc1e6dbf8ebcdad2cdea94034e
ebbaeb8b1ff01293510c5a78f72b70991545305913bf6e77f52936e0a04d0033
GET /rsrc.php/v3iEpO4/yY/l/en_US/Sk7a3s5Eq5q.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 08 Feb 2024 17:10:26 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: gO0BMaW9tWay1Ip+3+jDHQ==
x-fb-debug: Yh/ihgApDPa/LdzjooDDBalzF2ObL3KUi21qVBTmMCnrSMmbH4eQknogBIA9oVRrkzsR5hhD8UzMIST2pR2FdA==
content-length: 23594
x-fb-trip-id: 1679558926
date: Wed, 08 Feb 2023 22:28:44 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pistolsizehoe.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9lczvZ9CVQSGSCIVkoeD0vKqumukyi2CMkWBMQhLJ%2Bn3VzHOq6hXvVXVNZhUNSJatG124qDmdZIgGSf4AP%2BjJRmaVVpABZ0DRvRBx40a6p2HwLt699527OPfc8%2FFGvUcoarZz%2BT2zrrOMLcQd6r96XRfSNM6%2FeM0PaIee8q%2FrYjE65a9NHtt%2FI6Bxh77mv6PEqlkIaUBpQAP%2FnLYqNWsLUxS6fJAEnYR2orATxBHW7H97V3twzIPs75Gj0HL8v5UfHkGLEYr84VnlVitTvv52XmesMhZ9ufl%2BsVqYpkB%2BUKbWQ1pszqZh3JiQzw%2FBFJuzDWD6dyYbgOsx8X4OwIvNGU3w%2Ft19pjyDKsDlc2j6I6hsBM1GEOYWtHxCACFx8RKK%2FN5FYxt2Yx9lE3RM5v5%2BCt2MydzuCyjyr89kes2%2FarK60qZwWEtb6LUR9PIIZb2Fat2DbrYgqo%2BgJUGRt9By56SitKe6AZsX4WJvPqJKznORyPkojJKURd2A8WQqjdYj6HSETA3A3GHUzkOtPdSph7r0kMsdn8VJSulSytNutxcJIbpdIeLeooxlN%2BqlFLWYcB%2BgKgcQ2QDC3kRpb2JVf%2FokPjom5OlvsPX3cCstnPTgKoK%2BbNEogsYRNIyg0QRNRdD027syc6Fr78nM1TyY5XCWu%2B3QVMsb7K6pllVBNso98vxEOO%2FIP99iVe34vYQKQXtsKVjsLcYhZ5EMY7q0GMdJGAsl4XQL7Q6BOQ%2FrekxO%2FHQMpR6TZ%2FRf4GwLLtuC0C%2BC1S%2BDNcOlkIKtDKMexXrxUE38Y03uOsLkHW4hTYuymkN1w9vI9shL0yOe%2BuwPKLF9%2BtcV%2B9B%2F%2FAWEbVHaFh%2FoxwTL2e3hFdOQO1dM48ijS2Wlc73OJge%2BWrFKzX35rrrRGCvPn3WD%2B2%2BKCTApH1xTrrrACqmLZUe%2BOqOlVPacsUKRb86764pfrt3KmdoWdXnh8lvnzuelVc5pU4zA9BN7H0KPybO%2FHJ9a1z9yDNqOYOsWeb1NZgFttiDKm3Dl9undD%2F9%2FcnfhOJwhsNnBDC89NHU7tCE%2F%2BMw0QaYOesZbOHUgAVfb3%2F25j22421i2Hlh1a2rYvm3Rz1qwbABXHx5Wpd0%2B%2FWN3GuCZN%2BSZ9e7wzGaf7Evr9I6v4pSmioaKpwlPlxiVSRolnCWBWuIxC1C5sfj9lRP%2FAgAA%2F%2F8BAAD%2F%2Fxl4jvWSBAAA
192.243.61.225200 OK 7 B URL HTTP/1.1 pistolsizehoe.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9lczvZ9CVQSGSCIVkoeD0vKqumukyi2CMkWBMQhLJ%2Bn3VzHOq6hXvVXVNZhUNSJatG124qDmdZIgGSf4AP%2BjJRmaVVpABZ0DRvRBx40a6p2HwLt699527OPfc8%2FFGvUcoarZz%2BT2zrrOMLcQd6r96XRfSNM6%2FeM0PaIee8q%2FrYjE65a9NHtt%2FI6Bxh77mv6PEqlkIaUBpQAP%2FnLYqNWsLUxS6fJAEnYR2orATxBHW7H97V3twzIPs75Gj0HL8v5UfHkGLEYr84VnlVitTvv52XmesMhZ9ufl%2BsVqYpkB%2BUKbWQ1pszqZh3JiQzw%2FBFJuzDWD6dyYbgOsx8X4OwIvNGU3w%2Ft19pjyDKsDlc2j6I6hsBM1GEOYWtHxCACFx8RKK%2FN5FYxt2Yx9lE3RM5v5%2BCt2MydzuCyjyr89kes2%2FarK60qZwWEtb6LUR9PIIZb2Fat2DbrYgqo%2BgJUGRt9By56SitKe6AZsX4WJvPqJKznORyPkojJKURd2A8WQqjdYj6HSETA3A3GHUzkOtPdSph7r0kMsdn8VJSulSytNutxcJIbpdIeLeooxlN%2BqlFLWYcB%2BgKgcQ2QDC3kRpb2JVf%2FokPjom5OlvsPX3cCstnPTgKoK%2BbNEogsYRNIyg0QRNRdD027syc6Fr78nM1TyY5XCWu%2B3QVMsb7K6pllVBNso98vxEOO%2FIP99iVe34vYQKQXtsKVjsLcYhZ5EMY7q0GMdJGAsl4XQL7Q6BOQ%2FrekxO%2FHQMpR6TZ%2FRf4GwLLtuC0C%2BC1S%2BDNcOlkIKtDKMexXrxUE38Y03uOsLkHW4hTYuymkN1w9vI9shL0yOe%2BuwPKLF9%2BtcV%2B9B%2F%2FAWEbVHaFh%2FoxwTL2e3hFdOQO1dM48ijS2Wlc73OJge%2BWrFKzX35rrrRGCvPn3WD%2B2%2BKCTApH1xTrrrACqmLZUe%2BOqOlVPacsUKRb86764pfrt3KmdoWdXnh8lvnzuelVc5pU4zA9BN7H0KPybO%2FHJ9a1z9yDNqOYOsWeb1NZgFttiDKm3Dl9undD%2F9%2FcnfhOJwhsNnBDC89NHU7tCE%2F%2BMw0QaYOesZbOHUgAVfb3%2F25j22421i2Hlh1a2rYvm3Rz1qwbABXHx5Wpd0%2B%2FWN3GuCZN%2BSZ9e7wzGaf7Evr9I6v4pSmioaKpwlPlxiVSRolnCWBWuIxC1C5sfj9lRP%2FAgAA%2F%2F8BAAD%2F%2Fxl4jvWSBAAA
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYsc1Rd9lczvZ9CVQSGSCIVkoeD0vKqumukyi2CMkWBMQhLJ%2Bn3VzHOq6hXvVXVNZhUNSJatG124qDmdZIgGSf4AP%2BjJRmaVVpABZ0DRvRBx40a6p2HwLt699527OPfc8%2FFGvUcoarZz%2BT2zrrOMLcQd6r96XRfSNM6%2FeM0PaIee8q%2FrYjE65a9NHtt%2FI6Bxh77mv6PEqlkIaUBpQAP%2FnLYqNWsLUxS6fJAEnYR2orATxBHW7H97V3twzIPs75Gj0HL8v5UfHkGLEYr84VnlVitTvv52XmesMhZ9ufl%2BsVqYpkB%2BUKbWQ1pszqZh3JiQzw%2FBFJuzDWD6dyYbgOsx8X4OwIvNGU3w%2Ft19pjyDKsDlc2j6I6hsBM1GEOYWtHxCACFx8RKK%2FN5FYxt2Yx9lE3RM5v5%2BCt2MydzuCyjyr89kes2%2FarK60qZwWEtb6LUR9PIIZb2Fat2DbrYgqo%2BgJUGRt9By56SitKe6AZsX4WJvPqJKznORyPkojJKURd2A8WQqjdYj6HSETA3A3GHUzkOtPdSph7r0kMsdn8VJSulSytNutxcJIbpdIeLeooxlN%2BqlFLWYcB%2BgKgcQ2QDC3kRpb2JVf%2FokPjom5OlvsPX3cCstnPTgKoK%2BbNEogsYRNIyg0QRNRdD027syc6Fr78nM1TyY5XCWu%2B3QVMsb7K6pllVBNso98vxEOO%2FIP99iVe34vYQKQXtsKVjsLcYhZ5EMY7q0GMdJGAsl4XQL7Q6BOQ%2FrekxO%2FHQMpR6TZ%2FRf4GwLLtuC0C%2BC1S%2BDNcOlkIKtDKMexXrxUE38Y03uOsLkHW4hTYuymkN1w9vI9shL0yOe%2BuwPKLF9%2BtcV%2B9B%2F%2FAWEbVHaFh%2FoxwTL2e3hFdOQO1dM48ijS2Wlc73OJge%2BWrFKzX35rrrRGCvPn3WD%2B2%2BKCTApH1xTrrrACqmLZUe%2BOqOlVPacsUKRb86764pfrt3KmdoWdXnh8lvnzuelVc5pU4zA9BN7H0KPybO%2FHJ9a1z9yDNqOYOsWeb1NZgFttiDKm3Dl9undD%2F9%2FcnfhOJwhsNnBDC89NHU7tCE%2F%2BMw0QaYOesZbOHUgAVfb3%2F25j22421i2Hlh1a2rYvm3Rz1qwbABXHx5Wpd0%2B%2FWN3GuCZN%2BSZ9e7wzGaf7Evr9I6v4pSmioaKpwlPlxiVSRolnCWBWuIxC1C5sfj9lRP%2FAgAA%2F%2F8BAAD%2F%2Fxl4jvWSBAAA HTTP/1.1
Host: pistolsizehoe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Cookie: u_pl=17365950; uid_id2=e008e31a-c268-40ed-bc9d-4249fa431ab9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:44 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7230592d6e8a1d69c642ad2ae78d8c6f
Strict-Transport-Security: max-age=0; includeSubdomains
priestsuede.com/watch.1349021912201.js?key=2c5aa468eda12aeb920d7a6116fdda5a&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1&shu=2ad02cebc7f99f3e64feb3f79bcb3b0e335971128932c7e8a9971234ad29d7d0117cc2f3069402dd05fce8f04316dd018e755c8ece1b04135a84100ec15bb6fbee6f9fcdd4b347fb99d1f308e92e9c7f0f156d41734e4f7592cdca6972280e&pst=1675895384&rmtc=t
192.243.61.227200 OK 633 B URL HTTP/1.1 priestsuede.com/watch.1349021912201.js?key=2c5aa468eda12aeb920d7a6116fdda5a&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1&shu=2ad02cebc7f99f3e64feb3f79bcb3b0e335971128932c7e8a9971234ad29d7d0117cc2f3069402dd05fce8f04316dd018e755c8ece1b04135a84100ec15bb6fbee6f9fcdd4b347fb99d1f308e92e9c7f0f156d41734e4f7592cdca6972280e&pst=1675895384&rmtc=t
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (581)
Hash d369eed45244ebb079baecf4e29f1095
8230794aaed8231eafb0f3fa58b86ea441e0ee78
f04c3ff4b2fb396381973c6509ad81e0d69d0e51a0094cad206c43d46aa3db4b
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1349021912201.js?key=2c5aa468eda12aeb920d7a6116fdda5a&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1&shu=2ad02cebc7f99f3e64feb3f79bcb3b0e335971128932c7e8a9971234ad29d7d0117cc2f3069402dd05fce8f04316dd018e755c8ece1b04135a84100ec15bb6fbee6f9fcdd4b347fb99d1f308e92e9c7f0f156d41734e4f7592cdca6972280e&pst=1675895384&rmtc=t HTTP/1.1
Host: priestsuede.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.emularoms.com.br
Referer: https://www.emularoms.com.br/
Connection: keep-alive
Cookie: u_pl=17358756; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM1ODc1NiwiayI6IjJjNWFhNDY4ZWRhMTJhZWI5MjBkN2E2MTE2ZmRkYTVhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODg5MzA0LCJwaWQiOjQ4NTg3NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoiY3k5dThjcmQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuZW11bGFyb21zLmNvbS5ici8yMDE2LzA5L3N1cGVyLW1hcmlvLXdvcmxkLWJyLXNuZXMuaHRtbCJ9fQ.0OMxVOEs6ULWWR1Cv_qP8AD8BVTU_BCM0YYbceJamVA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.emularoms.com.br
Access-Control-Allow-Origin: https://www.emularoms.com.br
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e008e31a-c268-40ed-bc9d-4249fa431ab9:3:1; expires=Wed, 15 Feb 2023 22:28:44 GMT; secure; SameSite=None
iprc4088f573bd798fa8110339bd0ed252d5=2717342; expires=Fri, 10 Feb 2023 00:28:44 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
pdhtkv27=true; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
uncs27=1; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5063cf7e63e4de7d37dabe6a792efecc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
comradeglorious.com/watch.51599321466.js?key=c18e445c06696f87b0e820c5393eb067&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 comradeglorious.com/watch.51599321466.js?key=c18e445c06696f87b0e820c5393eb067&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.51599321466.js?key=c18e445c06696f87b0e820c5393eb067&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1 HTTP/1.1
Host: comradeglorious.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.emularoms.com.br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 22:28:44 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.emularoms.com.br
Access-Control-Allow-Origin: https://www.emularoms.com.br
Access-Control-Allow-Credentials: true
Location: https://comradeglorious.com/watch.51599321466.js?key=c18e445c06696f87b0e820c5393eb067&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1&shu=d68ada5698cf1f80ff995939d83c20357bf05e29230649c471cc6cdea79110e8b833aa236ee336ec0ff8b70dc3deb62420c5346fce6530d14baa1728f45929cf886128c3aa86043fd66050e56b3fc1c70eef5535&pst=1675895384&rmtc=t
Set-Cookie: u_pl=17355487; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM1NTQ4NywiayI6ImMxOGU0NDVjMDY2OTZmODdiMGU4MjBjNTM5M2ViMDY3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODg5MzA0LCJwaWQiOjQ4NTg3NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY3hoaXcxdGsyYyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5lbXVsYXJvbXMuY29tLmJyLzIwMTYvMDkvc3VwZXItbWFyaW8td29ybGQtYnItc25lcy5odG1sIn19.UY_M5jl4G8XJg-7LWtcc4mSOulz8eX64rczKmwaeUbE; expires=Wed, 08 Feb 2023 22:29:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b7e3c4ce03fb9add1816935d9cfd0751
Strict-Transport-Security: max-age=0; includeSubdomains
static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/SoOEikRhknf.css?_nc_x=Ij3Wp8lg5Kz
157.240.205.11200 OK 5.1 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/SoOEikRhknf.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.205.11:0
File type ASCII text, with very long lines (4431)
Hash f8b35a5d8db4b0e96a220066781c3bf3
4b4afe37a6b58a95096400598aa77fd9156f210f
7d612fbb394df536575f33feddf534045820c667bba2319bd64c8e3ea386f4c6
GET /rsrc.php/v3/yY/l/0,cross/SoOEikRhknf.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 08 Feb 2024 17:13:04 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: +LNaXY20sOlqIgBmeBw78w==
x-fb-debug: 7n48aLFtq+bfbjSLxh+CzdAkbe9pOQUsCfe0RXpRURlFghIbxL4JScRozu2JMmg8S03eynl5pxSj2rc36QEr5Q==
content-length: 5103
x-fb-trip-id: 1679558926
date: Wed, 08 Feb 2023 22:28:44 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
157.240.205.11200 OK 830 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.205.11:0
File type ASCII text, with very long lines (724)
Hash d63a02ce87c07ffcfa869fef7fc5f233
cae745fef84088abe3525bb77f75c55cd1d4cc2c
bf9d4d71541a0a1f31b10be351add847ee935da6de355756314c8ca96512444d
GET /rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 30 Jan 2024 20:10:22 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 1joCzofAf/z6hp/vf8XyMw==
x-fb-debug: o1mv2+Itt2avImjwuEEKEOuOFS9k/jRIodYPYIrkXAAvtCxejB5Kr8ihwDm+NS3PlF9cTVFv7OJwVvKzvCnVsQ==
priority: u=3,i
content-length: 830
x-fb-trip-id: 1679558926
date: Wed, 08 Feb 2023 22:28:44 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yU/r/O4UmSNWin4E.js?_nc_x=Ij3Wp8lg5Kz
157.240.205.11200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yU/r/O4UmSNWin4E.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.205.11:0
File type C source, ASCII text, with very long lines (8848)
Hash 40fab775b9d5c0cd37478bb98c8d3fd4
3a47077aff06f1dcb1c7f15371f717bcc0501ddf
15bda90227b20a41920214b955645583399f5231147f10d3dee099fe91b442e4
GET /rsrc.php/v3/yU/r/O4UmSNWin4E.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 03 Feb 2024 05:38:20 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: QPq3dbnVwM03R4u5jI0/1A==
x-fb-debug: b4tvWsQW4Kw/RPpLS/jwdIs5QlSAyESmzCRfWqTdEtrKjbGIldtXaPmG7/7kynH/7CfNoIkWpFM2WgGUkZ32Dw==
content-length: 16342
x-fb-trip-id: 1679558926
date: Wed, 08 Feb 2023 22:28:44 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b317d1ec3f151d7348a57c62f689a6ef
1fe7df7bc019e321f82943119fae230b0126258d
8fc767ad26c25f2f3b37af2517babae85f1a274b54cca3db1df4c80e939fd50f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8FC767AD26C25F2F3B37AF2517BABAE85F1A274B54CCA3DB1DF4C80E939FD50F"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4662
Expires: Wed, 08 Feb 2023 23:46:26 GMT
Date: Wed, 08 Feb 2023 22:28:44 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2a3af67b913d6d3fc77bc538c02d19e3
fcd05f6f61077ec3ecf97fbe2088089bb665021b
1ef37b70af5f7ee1a25656f06dd4685b9836d77574f3eda4775f5a540dbdd5c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1059
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:44 GMT
Etag: "63e3c9fd-117"
Last-Modified: Wed, 08 Feb 2023 22:11:05 GMT
Server: ECS (amb/6BC1)
X-Cache: HIT
Content-Length: 279
static.xx.fbcdn.net/rsrc.php/v3/yK/r/yk1MEuO0z4C.js?_nc_x=Ij3Wp8lg5Kz
157.240.205.11200 OK 85 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yK/r/yk1MEuO0z4C.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.205.11:0
File type ASCII text, with very long lines (18631)
Hash 62a6c56bcd5867e3c80d243d3f4a3e5f
7a73b046cb04f649cf5248d28d90de629fe462e2
b3ba48f1b1c62f773f228441f101ed6cdaa211ee434eb6408b856a67b57064ad
GET /rsrc.php/v3/yK/r/yk1MEuO0z4C.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 08 Feb 2024 19:47:24 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: YqbFa81YZ+PIDSQ9P0o+Xw==
x-fb-debug: /VEAyd5CvlW0HgfuKDUfwQm8bXnY/ZSv9i3WlVtRjD8OE7DDR/oT3fIL/Z0smoMf8DD2de90ZJPci0gV1BImXQ==
priority: u=3,i
content-length: 85216
x-fb-trip-id: 1679558926
date: Wed, 08 Feb 2023 22:28:44 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yD/r/GL3fwyPuftm.js?_nc_x=Ij3Wp8lg5Kz
157.240.205.11200 OK 1.6 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yD/r/GL3fwyPuftm.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.205.11:0
File type ASCII text, with very long lines (1984)
Hash 6e9da4ca37bd91ed4b55bdfd94d641e6
581d1c986cf5809cd2fc1859f732d936b53708a8
b24defbd5bcb2f39db991c8361c62e39b0f199d8d72fa9f023739defee55dbd3
GET /rsrc.php/v3/yD/r/GL3fwyPuftm.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 26 Jan 2024 18:55:04 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: bp2kyje9ke1LVb39lNZB5g==
x-fb-debug: HRPbQquyHyE2DJaomc93qALfWhFBTIdwmKYVdpgqDHGFFaT7wj8WFWiC3w9ETbnYl3iq7m85UI20GSJNOAxSqA==
priority: u=3,i
content-length: 1649
x-fb-trip-id: 1679558926
date: Wed, 08 Feb 2023 22:28:44 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
comradeglorious.com/watch.8518901557.js?key=c6131b49a06e3943789f5f86d3e6eff5&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 comradeglorious.com/watch.8518901557.js?key=c6131b49a06e3943789f5f86d3e6eff5&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.8518901557.js?key=c6131b49a06e3943789f5f86d3e6eff5&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1 HTTP/1.1
Host: comradeglorious.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.emularoms.com.br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 22:28:44 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.emularoms.com.br
Access-Control-Allow-Origin: https://www.emularoms.com.br
Access-Control-Allow-Credentials: true
Location: https://comradeglorious.com/watch.8518901557.js?key=c6131b49a06e3943789f5f86d3e6eff5&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1&shu=3a72ab23ab36514c11fe810d66365c19c1bbfa08cb5fbe2ccf1599bf96eca4295acf116dd32b9466517a2e313cba2be9c4446de2de4943ab3b95289b03f052861d68b5012e683246dd97222b9e2587e177961a13&pst=1675895384&rmtc=t
Set-Cookie: u_pl=17358706; expires=Thu, 09 Feb 2023 22:28:44 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM1ODcwNiwiayI6ImM2MTMxYjQ5YTA2ZTM5NDM3ODlmNWY4NmQzZTZlZmY1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODg5MzA0LCJwaWQiOjQ4NTg3NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJxNThobnMxcjFwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmVtdWxhcm9tcy5jb20uYnIvMjAxNi8wOS9zdXBlci1tYXJpby13b3JsZC1ici1zbmVzLmh0bWwifX0.Q52k290qJtpy7QLAuXd-vXhJzRQPyYLnn4iDu4aVzeE; expires=Wed, 08 Feb 2023 22:29:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 51d2acc05b92e28d90482dc6c5689b77
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2a3af67b913d6d3fc77bc538c02d19e3
fcd05f6f61077ec3ecf97fbe2088089bb665021b
1ef37b70af5f7ee1a25656f06dd4685b9836d77574f3eda4775f5a540dbdd5c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5158
Cache-Control: max-age=155398
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:45 GMT
Etag: "63e3c9fd-117"
Expires: Fri, 10 Feb 2023 17:38:43 GMT
Last-Modified: Wed, 08 Feb 2023 16:12:45 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e52c62e29c66d8b8ced593c18dc6f97b
9fd8008871bcdbe98471cc1d49abe429f68208ec
a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11492
Expires: Thu, 09 Feb 2023 01:40:17 GMT
Date: Wed, 08 Feb 2023 22:28:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0f562aac16a429c7fcf25028afe357a5
0a16025a02fc99bf61f3d231b709598dae28b510
699b2e11b6de1ca661231288e20b2e9816e077dcca7245ea4deb7e662df77e70
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "699B2E11B6DE1CA661231288E20B2E9816E077DCCA7245EA4DEB7E662DF77E70"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=588
Expires: Wed, 08 Feb 2023 22:38:33 GMT
Date: Wed, 08 Feb 2023 22:28:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7f9292bde1a4df6db24400a6f978d56f
2509e0cacb6b47fcab688d71ace227b40299a22b
27b13e02b853efc04dedb63f3a3a52425db910fb0b5d20b6bad05d491967a6f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "27B13E02B853EFC04DEDB63F3A3A52425DB910FB0B5D20B6BAD05D491967A6F3"
Last-Modified: Wed, 08 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17649
Expires: Thu, 09 Feb 2023 03:22:54 GMT
Date: Wed, 08 Feb 2023 22:28:45 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
172.64.167.9200 OK 591 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP 172.64.167.9:0
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:45 GMT
content-type: image/png
content-length: 591
last-modified: Tue, 21 Sep 2021 12:03:43 GMT
etag: "6149ca1f-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7375051
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=otBs3mArAPlqIgwQL5ULok4c7H%2FLfF5sO2oguzRdrixIaxUKvii8YFLrT1yQqlc52dLUODUG70aL2Y1o%2FxZHeQxbKJ35oTYGF2uodBeCCy2tZ0IiSWx7BKVoYt2uj8jOEefzNrVeZvTE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccd74b9c8e2a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
comradeglorious.com/watch.8518901557?key=c6131b49a06e3943789f5f86d3e6eff5&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
192.243.59.12200 OK 1.2 kB URL HTTP/1.1 comradeglorious.com/watch.8518901557?key=c6131b49a06e3943789f5f86d3e6eff5&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (529)
Hash feb666786000eba88462529b51f7db8e
0e07bd63cea73b1391a30f298d8f49e6ee71567f
acd939c718292d62da3afad7ddd5f6ed3344fdf495871231f0a539f7331c585b
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.8518901557?key=c6131b49a06e3943789f5f86d3e6eff5&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1 HTTP/1.1
Host: comradeglorious.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Cookie: u_pl=17358706; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM1ODcwNiwiayI6ImM2MTMxYjQ5YTA2ZTM5NDM3ODlmNWY4NmQzZTZlZmY1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODg5MzA0LCJwaWQiOjQ4NTg3NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJxNThobnMxcjFwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmVtdWxhcm9tcy5jb20uYnIvMjAxNi8wOS9zdXBlci1tYXJpby13b3JsZC1ici1zbmVzLmh0bWwifX0.Q52k290qJtpy7QLAuXd-vXhJzRQPyYLnn4iDu4aVzeE
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 22:28:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM1ODcwNiwiayI6ImM2MTMxYjQ5YTA2ZTM5NDM3ODlmNWY4NmQzZTZlZmY1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODg5MzA0LCJwaWQiOjQ4NTg3NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJxNThobnMxcjFwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL3d3dy5lbXVsYXJvbXMuY29tLmJyLzIwMTYvMDkvc3VwZXItbWFyaW8td29ybGQtYnItc25lcy5odG1sIn19.egqMwm_tiHOqaIYwQsU_fxreY-JN8FHP--V5AoV2SiM; expires=Wed, 08 Feb 2023 22:29:45 GMT; secure; SameSite=None
uid_id2=e008e31a-c268-40ed-bc9d-4249fa431ab9:3:1; expires=Wed, 15 Feb 2023 22:28:45 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a383617ac8258efd87e7e6af8dbc0286
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/si/d3/d1/b3/d3d1b3933aa7b496d9e1204be72308b2/1672873426.png
45.133.44.9200 OK 74 kB URL HTTP/2 cdn.cloudimagesb.com/si/d3/d1/b3/d3d1b3933aa7b496d9e1204be72308b2/1672873426.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 7745eafaf9d9341680983b7119a94c16
4a85313147bf037da8082ae012d69a15ee88c0a6
a4abad4524a2df3f925df666a99925cd36cd19487a53427ba05771fca458caf9
GET /si/d3/d1/b3/d3d1b3933aa7b496d9e1204be72308b2/1672873426.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:45 GMT
content-type: image/png
content-length: 74291
server: nginx/1.17.6
last-modified: Wed, 04 Jan 2023 23:03:54 GMT
etag: "63b605da-12233"
expires: Fri, 10 Feb 2023 22:28:45 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e52c62e29c66d8b8ced593c18dc6f97b
9fd8008871bcdbe98471cc1d49abe429f68208ec
a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11492
Expires: Thu, 09 Feb 2023 01:40:17 GMT
Date: Wed, 08 Feb 2023 22:28:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2bdc9571df788c329c2a26051808684b
64914ddbdca3265cbdc4eb394d5d956e8e4c7bcb
239ac3527a45be01bfe4fc019e691983326728b94723556d8eccbd8d344b8900
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "239AC3527A45BE01BFE4FC019E691983326728B94723556D8ECCBD8D344B8900"
Last-Modified: Mon, 06 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13240
Expires: Thu, 09 Feb 2023 02:09:25 GMT
Date: Wed, 08 Feb 2023 22:28:45 GMT
Connection: keep-alive
jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17358756
173.233.137.52200 OK 41 kB URL HTTP/1.1 jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17358756
IP 173.233.137.52:0
Hash 9333ee4cb1df9b7c109d9d6ae19580b1
f71695ee4482e5333b2ccad02eebd3b73905a2f5
7f7ff0ae9b931fc5c9ff464969ed1ef94c8f68129daed1748a20f4d591d39ee1
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17358756 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Thu, 09 Feb 2023 22:28:45 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTczNTg3NTYiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuZW11bGFyb21zLmNvbS5ici8ifX0.8RuG_E1N74Zz0bgSJtMTE1X6e4XZWX6V9jwq04TckJY; expires=Wed, 08 Feb 2023 22:29:45 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aa8b603eb19a173018bf57dccd0663dc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
45.133.44.4200 OK 440 B URL HTTP/2 cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash cdfce6b518206240b0eeb693f95a3b7e
b69d6e71da7b659b9e25380346fe7ad2bef65709
c598ffdf9f17c5f6f36a2468d0a20c5d8a4e6fb71920afc5c359821d91f0cf57
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.emularoms.com.br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:44 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 08 Feb 2023 23:28:44 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
comradeglorious.com/watch.51599321466?key=c18e445c06696f87b0e820c5393eb067&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
173.233.137.52200 OK 1.2 kB URL HTTP/1.1 comradeglorious.com/watch.51599321466?key=c18e445c06696f87b0e820c5393eb067&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (529)
Hash 14397708b38ed258647227525e4c530f
6cd698be6dd583bf9b1bb607d8a970d1aa8fc93d
369252165fc5ebb98dcf37a30703fe8fafdcfb197a75a6ff1499cf6c6dfd1cfd
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.51599321466?key=c18e445c06696f87b0e820c5393eb067&kw=%5B%22emularoms%22%2C%22super%22%2C%22mario%22%2C%22world%22%2C%22br%22%2C%22snes%22%5D&refer=https%3A%2F%2Fwww.emularoms.com.br%2F2016%2F09%2Fsuper-mario-world-br-snes.html&tz=0&dev=e&res=12.1055&uuid=e008e31a-c268-40ed-bc9d-4249fa431ab9%3A3%3A1 HTTP/1.1
Host: comradeglorious.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Cookie: u_pl=17358706; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM1ODcwNiwiayI6ImM2MTMxYjQ5YTA2ZTM5NDM3ODlmNWY4NmQzZTZlZmY1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODg5MzA0LCJwaWQiOjQ4NTg3NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJxNThobnMxcjFwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3LmVtdWxhcm9tcy5jb20uYnIvMjAxNi8wOS9zdXBlci1tYXJpby13b3JsZC1ici1zbmVzLmh0bWwifX0.Q52k290qJtpy7QLAuXd-vXhJzRQPyYLnn4iDu4aVzeE
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17358706,17355487; expires=Thu, 09 Feb 2023 22:28:45 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM1NTQ4NywiayI6ImMxOGU0NDVjMDY2OTZmODdiMGU4MjBjNTM5M2ViMDY3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODg5MzA0LCJwaWQiOjQ4NTg3NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY3hoaXcxdGsyYyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5lbXVsYXJvbXMuY29tLmJyLzIwMTYvMDkvc3VwZXItbWFyaW8td29ybGQtYnItc25lcy5odG1sIn19.UY_M5jl4G8XJg-7LWtcc4mSOulz8eX64rczKmwaeUbE; expires=Wed, 08 Feb 2023 22:29:45 GMT; secure; SameSite=None
uid_id2=e008e31a-c268-40ed-bc9d-4249fa431ab9:3:1; expires=Wed, 15 Feb 2023 22:28:45 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ab8c4ad86c16550a17f21d75037b67d3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
172.64.167.9200 OK 6.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
IP 172.64.167.9:0
Hash 9a99ac2357d2e5bba1d7e1239104b71c
802ae4461bb562693f10979a0a3a8a590c5f530e
af59245d0cee1c1253a9a657056e8a0686f84a86f1af8cd4647c66da886e49f2
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.emularoms.com.br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:45 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:03:42 GMT
etag: W/"6149ca1e-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p2VbLwLqX%2Fgom%2FlQe4mbAyhxfuWMQRowcXG%2FoR8eH5CXJD2PessDQiaHlnPRu6Yg92mKvxhi3Fey3JmyEwQ0imuU6aWuNHm00mWFghn%2Fc083sLdKQC87eRtTKKPLEt2N%2FpvBdgs3Csov"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccd6cdbb743f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
jennyvisits.com/dyfc1k09?shu=4d900ff6040c795699477990fee8c183fe9da29dc1b7a62fde27560e94ff02558de97ee88949dcb9d8c2e5e238c914cc9fb587095b7ee53ee002065779841a8bb60388036d75a37d727d92d7c6273c932a3a8bb829aa7fde6a3c0807935a73&pst=1675895385&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fwww.emularoms.com.br%2F&psid=17358756
173.233.137.52302 Found 0 B URL HTTP/1.1 jennyvisits.com/dyfc1k09?shu=4d900ff6040c795699477990fee8c183fe9da29dc1b7a62fde27560e94ff02558de97ee88949dcb9d8c2e5e238c914cc9fb587095b7ee53ee002065779841a8bb60388036d75a37d727d92d7c6273c932a3a8bb829aa7fde6a3c0807935a73&pst=1675895385&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fwww.emularoms.com.br%2F&psid=17358756
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?shu=4d900ff6040c795699477990fee8c183fe9da29dc1b7a62fde27560e94ff02558de97ee88949dcb9d8c2e5e238c914cc9fb587095b7ee53ee002065779841a8bb60388036d75a37d727d92d7c6273c932a3a8bb829aa7fde6a3c0807935a73&pst=1675895385&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fwww.emularoms.com.br%2F&psid=17358756 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jennyvisits.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTczNTg3NTYiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuZW11bGFyb21zLmNvbS5ici8ifX0.8RuG_E1N74Zz0bgSJtMTE1X6e4XZWX6V9jwq04TckJY; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 22:28:45 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
Set-Cookie: pdhtkv=true; expires=Thu, 09 Feb 2023 22:28:45 GMT
uncs=1; expires=Thu, 09 Feb 2023 22:28:45 GMT
pdhtkv28=true; expires=Thu, 09 Feb 2023 22:28:45 GMT
uncs28=1; expires=Thu, 09 Feb 2023 22:28:45 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6ec7c70672a4a91817185aa7cc40f4d1
Strict-Transport-Security: max-age=0; includeSubdomains
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
95.101.10.186307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
IP 95.101.10.186:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 08 Feb 2023 22:28:46 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 08 Feb 2023 22:28:46 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 08-Feb-3022 22:28:46 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=44
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
172.64.167.9200 OK 70 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP 172.64.167.9:0
Hash 06f31cdada8b99cada210da595c085cc
fc172e6c808e6903f995b20fd3397331555232c3
7886916081411d9c122ce416b107a94ae8e5bd4c9af75fe442469ff6bafb3fb4
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:45 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1149025
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FjnwrPoo3D1AHpe5OrPofuyU%2F1NxlfEktS014ggCUJHlsLoIAZcdySbKrLa5k%2FLsIlp8zXCxwVedycT%2BwWT7A%2BdkEEcxr4uSOdQbJhmDI8RRtWY1kDlr3NrVrg8S3J3vsY3hV9gNM0HF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccd74b9a8e2a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 08 Feb 2023 22:28:46 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
set-cookie: JSESSIONID=node0mdjiev91gtl51p8msqsed8pfh3732202.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0mdjiev91gtl51p8msqsed8pfh; Path=/; Domain=.unibet.nu; Expires=Fri, 07-Feb-2025 22:28:46 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Fri, 07-Feb-2025 22:28:46 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://jennyvisits.com/"; Path=/; Domain=.unibet.nu; Expires=Fri, 07-Feb-2025 22:28:46 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=127656177_C7D1A0EE20D6494B962319B89E36EE84; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=68246908; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fjennyvisits.com%2F; Path=/; Domain=.unibet.nu; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7D1A0EE20D6494B962319B89E36EE84%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
referer: https://jennyvisits.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 08 Feb 2023 22:28:46 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Cookie: __ucbt=node0mdjiev91gtl51p8msqsed8pfh; uniattr=ST.0.T; uniattr_ref="https://jennyvisits.com/"; affiliateId=1; B-TAG=127656177_C7D1A0EE20D6494B962319B89E36EE84; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fjennyvisits.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_C7D1A0EE20D6494B962319B89E36EE84%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 08 Feb 2023 22:28:46 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 08 Feb 2023 22:28:46 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e32687e478bf56dc0f304e023d480073
e3e4fc4db7e4d669c4d0d1936291c2666057620f
e8a4ada038b4cf2b703e0026c31b829f5114cb281a6f4fab391d0e3796a7595f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8A4ADA038B4CF2B703E0026C31B829F5114CB281A6F4FAB391D0E3796A7595F"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3513
Expires: Wed, 08 Feb 2023 23:27:19 GMT
Date: Wed, 08 Feb 2023 22:28:46 GMT
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.24.188200 OK 996 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.24.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Hash 34fcc83f8862c0f01b3eb2067e013ad9
794d7f5170a74f4cc9ee48f4800ba96f0429cc1d
b768bc0b5e8e8d7230fe9a634812d9782fbc32a84d1c09819224e21d19d3098a
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF99174612EA"
x-ms-request-id: 82c2bcc2-201e-0029-1081-312c76000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554299
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde4d8a1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
104.18.24.188200 OK 5.2 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
IP 104.18.24.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2392)
Hash 47c14e9298ebf3cccbdd2bef62c63b9b
9f8bd1ba01e0601ad3a9d17ce109d50109b26cc7
7189ad04986c5911f3e9f459b0a59230743a0efd8339ec7a1364096c1f0ebe1e
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: djoKeCzytkLU3NSdQsOPbQ==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
x-ms-request-id: a93f823b-c01e-0021-5e0c-3c3679000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=127656177_C7D1A0EE20D6494B962319B89E36EE84;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 7967ccdd6c9e1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5304 Not Modified 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 304 Not Modified
date: Wed, 08 Feb 2023 22:28:46 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 19:19:40 GMT
expires: Wed, 07 Feb 2024 19:19:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 97746
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 187328a63de6aba551a3e83c5d92f2e9
e18f209d9fe00056952bfaac1e770fa6b47ca2ed
ef8619278b84af8054b15c470a0ad66ea52091538cb84c56252706bb46fff42c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5777
Cache-Control: max-age=141261
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:46 GMT
Etag: "63e3905a-117"
Expires: Fri, 10 Feb 2023 13:43:07 GMT
Last-Modified: Wed, 08 Feb 2023 12:06:50 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 187328a63de6aba551a3e83c5d92f2e9
e18f209d9fe00056952bfaac1e770fa6b47ca2ed
ef8619278b84af8054b15c470a0ad66ea52091538cb84c56252706bb46fff42c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2275
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:46 GMT
Last-Modified: Wed, 08 Feb 2023 21:50:51 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5304 Not Modified 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84; clientId=polopoly_desktop
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 08 Feb 2023 22:28:46 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
104.18.24.188200 OK 98 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP 104.18.24.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Hash 8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407
GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/jpeg
content-length: 98453
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: jm2a9e8brf6Slbj8lnk8KA==
etag: "0x8DAFF991565B252"
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 3cf155d6-101e-000d-3081-31dad6000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 554298
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccdf7ebe1c12-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
104.18.24.188200 OK 11 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP 104.18.24.188:0
File type Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Hash 0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: font/woff2
content-length: 10924
cache-control: public, max-age=900, immutable
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: "0x8DAFF991816B1DF"
x-ms-request-id: 17c1ab9c-c01e-0043-7481-31f45e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554290
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccdf7ec01c12-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.24.188200 OK 5.7 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.24.188:0
Hash b1fcd1492716ac213541b23615e120aa
f78f5a6fccb1a68528c8c1f8f51ebb76286d4b80
5ef961d3e0c5d2cd97d6693b15189844ac9fc8a9ceee57bd87f534a3dd574859
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
etag: W/"0x8DAFF9914DE94BB"
x-ms-request-id: 580bcb77-701e-0034-8081-3121ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554294
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde3d5b1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.24.188200 OK 933 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.24.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Hash 04884a94bfc2e9ae618c6cf74385cf1c
9d4bb0569d400f693d21ecc9efb9131e2f7d46df
cd55902864688babe1d3a4091989f0553b240962a120c167c695e6b3fa647825
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF99157C1D3C"
x-ms-request-id: ec6073d8-501e-0051-6881-318f8e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554300
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde4d721c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 Feb 2023 07:51:59 GMT
expires: Thu, 08 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 52607
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
172.64.133.15200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP 172.64.133.15:0
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: font/woff2
content-length: 74320
x-amz-id-2: 7JHPP2BeVU5ANlt9sqHmUKzp7fn5DUZiWgTsgCd5ljWDlmUP0ZKYKAF2o05XV0hkjiMH8dFk4fc=
x-amz-request-id: 7A9QY3QV0HCY2BBV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: "3638e62ea50e6f5859b6a15276c25c87"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1070025
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QfF5rUgrtq9PtCTy9m7TqivYq9FdQ3DAuItIbOkAgZBzjuP0DY5yRAg7Ill7XCznnEV6EgD%2BjqDMHdbenzIK49DVrvL1QYp1Rhn%2FRV%2BAyMG46o%2FI4nnQuDwrE0Mqx3xAeB76b7BK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967ccdf9c107300-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.24.188404 Not Found 16 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.24.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash aad6317657ffdbd1a250de220b9f20df
42ba47bdce3348a521ac0df9e6485217f63f4021
58b2fb5a05abd029b4b91cfff822ffebeb132c64e771292c59399c2a0a771000
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: application/xml
x-ms-request-id: 92992834-201e-0016-520c-3ce4d5000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 207
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde4d911c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 260806
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.168200 OK 81 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.168:0
File type ASCII text, with very long lines (62112)
Hash 9f2b8f4dcf5990743216946f182981d8
474792c1d9f35f8eb114e11316de34ff5fc28d94
6884412cfbc44bdc8b27ea9101bcb7b4f2535a776f27bbc862a647bb7f22822d
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 22:28:46 GMT
expires: Wed, 08 Feb 2023 22:28:46 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 22:05:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81254
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cc59641f5de3b83a980274968410378e
5a14bc44774fd1225dfb5b89b13665f5aca404b0
86d2b7ed2961d1260633ec8a3cd6707466a6d51ff1b8f85475059848cf319741
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6328
Cache-Control: max-age=134588
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:46 GMT
Etag: "63e37422-117"
Expires: Fri, 10 Feb 2023 11:51:54 GMT
Last-Modified: Wed, 08 Feb 2023 10:06:26 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cc59641f5de3b83a980274968410378e
5a14bc44774fd1225dfb5b89b13665f5aca404b0
86d2b7ed2961d1260633ec8a3cd6707466a6d51ff1b8f85475059848cf319741
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 582
Cache-Control: max-age=128842
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:46 GMT
Etag: "63e37422-117"
Expires: Fri, 10 Feb 2023 10:16:08 GMT
Last-Modified: Wed, 08 Feb 2023 10:06:26 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.147.8410 Gone 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.147.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 410 Gone
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: application/javascript
content-length: 0
last-modified: Wed, 08 Feb 2023 15:00:58 GMT
cache-control: public, max-age=86400, s-maxage=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 26868
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967cce09fd7b527-OSL
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?465526
104.19.147.8410 Gone 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?465526
IP 104.19.147.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js?465526 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 410 Gone
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: application/javascript
content-length: 0
last-modified: Wed, 08 Feb 2023 15:00:58 GMT
cache-control: public, max-age=86400, s-maxage=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 26868
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967cce0afe9b527-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
185.89.210.46307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 185.89.210.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 08 Feb 2023 22:28:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 7d91a4d5-438e-465a-aa5b-3fc5f2dc7279
Set-Cookie: uuid2=7604259682521059099; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 09-May-2023 22:28:46 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.24.188200 OK 2.1 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.24.188:0
File type HTML document, ASCII text
Hash 064923d5409428cf32e6b644555e0333
423089142b22d91eb830d6c13fbb6c7be18d2165
eaf0b95df8b70b05cf7475433cf3ef2b928e2bd651037a3c813ec47fb99d9eaf
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF991898A021"
x-ms-request-id: e9253db8-601e-0075-8081-31792e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554294
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde3d641c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1675895383160
52.50.218.77200 OK 499 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1675895383160
IP 52.50.218.77:0
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash 163775ad9adfcbcc0ee7d937e73abb97
0ea4c919503f82b341b7cbc733d416c17966e324
5c522699826a2a072431b1d2c7ed5a1f46e92e00e53146693586a7b5ce662469
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1675895383160 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-0f3ec1a9a.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=83566567327361449542543498991427496350; Max-Age=15552000; Expires=Mon, 07 Aug 2023 22:28:47 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: TqFxLmzeQv8=
Content-Length: 499
Connection: keep-alive
welcome.unibet.com/custom.js
104.18.24.188200 OK 2.1 kB URL HTTP/2 welcome.unibet.com/custom.js
IP 104.18.24.188:0
Hash 539476ab487e7b4007705004b66966a5
9a10bef78b4f8c31d3f09a113e70c8e454d6e1fa
531032dbae476279d8bcc85b57706f049be8f2a482c141486b057a529d9280c1
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 222969
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde3d6f1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 670c45e5df2cb1a24918eec72ca8a714
b063f1b8ba73de1cf331b3e92c2fc171be629f41
b01a01938dbf79206845b3f933789dde6385aa2f27d17fb089f29cd5b771286d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5075
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:47 GMT
Last-Modified: Wed, 08 Feb 2023 21:04:12 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=83558694037350143052540768155969180677&ts=1675895383323
15.236.125.10200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=83558694037350143052540768155969180677&ts=1675895383323
IP 15.236.125.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=83558694037350143052540768155969180677&ts=1675895383323 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Wed, 08 Feb 2023 22:28:47 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 32fb9f1b2f08991ad2b491787e5acf3e
edc633540d172792c7fbd64d63e0225be1fce860
a7c45ecb6ebceb5381a59d3ee81ac9ed84fc3766ebf6fbc4f504307d58df54b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6475
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:47 GMT
Last-Modified: Wed, 08 Feb 2023 20:40:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 32fb9f1b2f08991ad2b491787e5acf3e
edc633540d172792c7fbd64d63e0225be1fce860
a7c45ecb6ebceb5381a59d3ee81ac9ed84fc3766ebf6fbc4f504307d58df54b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3735
Cache-Control: max-age=143545
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:47 GMT
Etag: "63e3a141-117"
Expires: Fri, 10 Feb 2023 14:21:12 GMT
Last-Modified: Wed, 08 Feb 2023 13:18:57 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 32fb9f1b2f08991ad2b491787e5acf3e
edc633540d172792c7fbd64d63e0225be1fce860
a7c45ecb6ebceb5381a59d3ee81ac9ed84fc3766ebf6fbc4f504307d58df54b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6475
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:28:47 GMT
Last-Modified: Wed, 08 Feb 2023 20:40:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
unibet.demdex.net/dest5.html?d_nsid=0
3.248.113.235200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 3.248.113.235:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 8 Feb 2023 22:28:47 GMT
DCS: dcs-prod-irl1-1-v046-0d6a26255.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 8 Feb 2023 11:26:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: QtrprcodShw=
Content-Length: 2791
Connection: keep-alive
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s51506895725807?AQB=1&ndh=1&pf=1&t=8%2F1%2F2023%2022%3A29%3A43%203%200&mid=83558694037350143052540768155969180677&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_C7D1A0EE20D6494B962319B89E36EE84%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&r=https%3A%2F%2Fjennyvisits.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_C7D1A0EE20D6494B962319B89E36EE84%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=10%3A29%20PM%7CWednesday&v6=10%3A29%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1675895383&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A127656177%3A68246908-37950&v122=NONE&v124=2799402&v125=127656177_C7D1A0EE20D6494B962319B89E36EE84&v126=68246908&v127=37950&v134=1675895383&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
15.236.125.10200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s51506895725807?AQB=1&ndh=1&pf=1&t=8%2F1%2F2023%2022%3A29%3A43%203%200&mid=83558694037350143052540768155969180677&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_C7D1A0EE20D6494B962319B89E36EE84%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&r=https%3A%2F%2Fjennyvisits.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_C7D1A0EE20D6494B962319B89E36EE84%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=10%3A29%20PM%7CWednesday&v6=10%3A29%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1675895383&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A127656177%3A68246908-37950&v122=NONE&v124=2799402&v125=127656177_C7D1A0EE20D6494B962319B89E36EE84&v126=68246908&v127=37950&v134=1675895383&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 15.236.125.10:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s51506895725807?AQB=1&ndh=1&pf=1&t=8%2F1%2F2023%2022%3A29%3A43%203%200&mid=83558694037350143052540768155969180677&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_C7D1A0EE20D6494B962319B89E36EE84%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&r=https%3A%2F%2Fjennyvisits.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_C7D1A0EE20D6494B962319B89E36EE84%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=10%3A29%20PM%7CWednesday&v6=10%3A29%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1675895383&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A127656177%3A68246908-37950&v122=NONE&v124=2799402&v125=127656177_C7D1A0EE20D6494B962319B89E36EE84&v126=68246908&v127=37950&v134=1675895383&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Wed, 08 Feb 2023 22:28:47 GMT
expires: Tue, 07 Feb 2023 22:28:47 GMT
last-modified: Thu, 09 Feb 2023 22:28:47 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3598957811714523136-4619765676535822176
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 57e2189e39db1881e2420ddad64a1ca3
4c41ef7ec3b33c2cf4a58420700537c8073c9971
29fa92faf146319bbe2aaacee0a2876045ed5e3d02202db318a500d09fa29534
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 22:28:47 GMT
Last-Modified: Wed, 08 Feb 2023 20:45:52 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DmnEGpLZ7nokAK_RHkX2VhIxV0T1Cxo7phPL9WzBoNq2GfbPYpplng==
Age: 6175
cm.everesttech.net/cm/dd?d_uuid=83566567327361449542543498991427496350
18.203.152.154302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=83566567327361449542543498991427496350
IP 18.203.152.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=83566567327361449542543498991427496350 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Wed, 08 Feb 2023 22:28:47 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y_QiHwAAAIMYcgOV; Domain=.everesttech.net; Expires=Thu, 08-Feb-2024 22:28:47 GMT; Path=/
everest_session_v2="Y@QiHwAAAIMYcwOV"; Version=1; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y_QiHwAAAIMYcgOV
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y_QiHwAAAIMYcgOV
52.50.218.77302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y_QiHwAAAIMYcgOV
IP 52.50.218.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y_QiHwAAAIMYcgOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v046-0040bba41.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_QiHwAAAIMYcgOV
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=11529878771537191090468899261283642172; Max-Age=15552000; Expires=Mon, 07 Aug 2023 22:28:47 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: rqZqrIS1T70=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_QiHwAAAIMYcgOV
52.50.218.77200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_QiHwAAAIMYcgOV
IP 52.50.218.77:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_QiHwAAAIMYcgOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v046-04e0e9a66.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: WPppywnyTpg=
Content-Length: 59
Connection: keep-alive
geniusdexchange.com/a/display.php?r=6068994
35.227.202.173200 OK 0 B URL HTTP/2 geniusdexchange.com/a/display.php?r=6068994
IP 35.227.202.173:0
GET /a/display.php?r=6068994 HTTP/1.1
Host: geniusdexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ui.cleverwebserver.com/
104.18.25.246200 OK 0 B IP 104.18.25.246:0
GET / HTTP/1.1
Host: ui.cleverwebserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: application/javascript
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7967ccc70d6db4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.16.173.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.16.173.188:0
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:47 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 435
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967cce30a43b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
157.240.205.11200 OK 0 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.205.11:0
GET /rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 31 Jan 2024 06:01:16 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: GtFa/ANPMQQnyBsHWWA6Kw==
x-fb-debug: DNp4HLoo5qFXDFXv6nhmUc1faBUTKjQsYrdr151EegnG850QGHK21N3VcaVIkS/eV4VhMBbq4U0HQ0ebYFsRzQ==
priority: u=3,i
content-length: 12334
x-fb-trip-id: 1679558926
date: Wed, 08 Feb 2023 22:28:44 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF99188E686E"
x-ms-request-id: fae4441f-101e-0040-4d81-31153a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554300
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde3d5d1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 0 B URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Wed, 08 Feb 2023 22:28:47 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=b834706014e0312bbd5ac92e619aa9e536e81381d39f99045f3680752b2c0199;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=b834706014e0312bbd5ac92e619aa9e536e81381d39f99045f3680752b2c0199;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.24.188404 Not Found 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: application/xml
x-ms-request-id: 92992834-201e-0016-520c-3ce4d5000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 207
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccdf7eb91c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
etag: W/"0x8DAFF9914F4D898"
x-ms-request-id: e6735b96-c01e-0021-0381-313679000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554291
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967cce05fae1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.16.173.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.16.173.188:0
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:47 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 435
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967cce30a49b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF991835F51F"
x-ms-request-id: 1328b90b-701e-0024-5c81-31e4a2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554300
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde4d771c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915A7459F"
x-ms-request-id: e677fb13-901e-0061-5581-313141000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554300
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde4d701c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF99184AD9A4"
x-ms-request-id: fa9ed380-a01e-0027-7f81-3105c6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554299
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde4d7e1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/widget/betslip/betslip.js
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP 104.18.24.188:0
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: 556a432d-701e-0079-3f03-03ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 222970
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccdf1e5d1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915D02464"
x-ms-request-id: 9ee27f41-c01e-000e-3881-313bb2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554298
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde5d981c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/emularom&width=550&height=550&colorscheme=light&show_faces=true&show_border=false&stream=false&header=false
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/emularom&width=550&height=550&colorscheme=light&show_faces=true&show_border=false&stream=false&header=false
IP 157.240.205.35:0
GET /plugins/likebox.php?href=https://www.facebook.com/emularom&width=550&height=550&colorscheme=light&show_faces=true&show_border=false&stream=false&header=false HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: MkO0jPd4J9dygfFDeolYbpq+bHkjqsV1vab9LxMLh2IyQYFYUi5FYMuBZbSLG9IUxpZjYJv6SZ8bm9yC7J2bzg==
date: Wed, 08 Feb 2023 22:28:44 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scripts.cleverwebserver.com/49ecdefc6bc4a0afbe59cbf51212146c.js
104.18.25.246200 OK 0 B URL HTTP/2 scripts.cleverwebserver.com/49ecdefc6bc4a0afbe59cbf51212146c.js
IP 104.18.25.246:0
GET /49ecdefc6bc4a0afbe59cbf51212146c.js HTTP/1.1
Host: scripts.cleverwebserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.emularoms.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:42 GMT
content-type: application/javascript
x-amz-id-2: evL5XqRjo/MqxLQUavAts0SsSSSIkuWzocR6u1wKysycuv4qkbE5qyAB6xq/Bnd4GmJ/AbhFdyc=
x-amz-request-id: Y4S2GKC5A1FD2GZ8
last-modified: Sat, 01 Oct 2022 09:41:33 GMT
x-amz-version-id: ONgpBjcERH.jbBteYWQVjcI_WNhtPWYN
etag: W/"e5b91362cd06cad6a97e868cd410f7e8"
cf-cache-status: REVALIDATED
expires: Wed, 08 Feb 2023 22:58:42 GMT
cache-control: public, max-age=1800
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccc5bbf6b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
crrepo.com/extban/278371020/creatives/23426592/a2c04e05ae6eb7cce360b2af1bf43a70_4529.jpg
104.21.235.113200 OK 0 B URL HTTP/2 crrepo.com/extban/278371020/creatives/23426592/a2c04e05ae6eb7cce360b2af1bf43a70_4529.jpg
IP 104.21.235.113:0
GET /extban/278371020/creatives/23426592/a2c04e05ae6eb7cce360b2af1bf43a70_4529.jpg HTTP/1.1
Host: crrepo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://geniusdexchange.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:44 GMT
content-type: image/jpeg
last-modified: Thu, 03 Mar 2022 16:56:37 GMT
etag: W/"6220f345-1ee01"
via: 1.1 google
cache-control: max-age=14400
cf-cache-status: HIT
age: 6670
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eck1jHhxF3z73A5SLBIk%2BeLnj52PdVDaGHq4ROtLs175yWrPehqCg5iCMYlgG0DdaJQURRGSr6hPqCd%2BeibUsl3V6ePwRtPD1hRuYanuFPpacs5xqt3X%2FR%2Bx%2Fb9j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccd52a4a23f3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.74:0
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 Feb 2023 22:28:45 GMT
date: Wed, 08 Feb 2023 22:28:45 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF99173FAB3F"
x-ms-request-id: af16bb2e-701e-0046-1c81-312685000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554299
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde4d7f1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_C7D1A0EE20D6494B962319B89E36EE84&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675895326038)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023282228%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228799812557%7c1%22%7d%5d; btag=127656177_C7D1A0EE20D6494B962319B89E36EE84
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF9917716257"
x-ms-request-id: 78c0b78e-401e-0000-7881-311202000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 554299
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967ccde4d8e1c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.74:0
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 Feb 2023 22:28:46 GMT
date: Wed, 08 Feb 2023 22:28:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.133.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.133.15:0
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:28:46 GMT
content-type: text/css
x-amz-id-2: bDlIamUY1QfJPc4QlUBnXFv1f1qQDGvTvEH6wm5EFeK9XBcJboUVX25kNqwZs6Ih/vyIsNf6eIM=
x-amz-request-id: 39MR148XF08XCMJM
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1070120
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFcDSlKQ60Y8gV3XHHUUx0ialhB5mLKscudXEcKNGPN6Z0wkLg1R93OXSvgIYdgiG%2FxiLYb6YAKI4sQ96LbRFkEcCo2QE%2Bt2loydPTfteVE9WZjdhHQjjSkyZVc7oyjsQHh%2BcuRh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967ccdedb327300-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2