firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 16:01:47 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KcVB7xqGyocpLDvVpthenlU9vu1farbJoZ9RDxu2It6BwLp03XJOJw==
Age: 2880
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12434
Expires: Mon, 26 Sep 2022 20:17:02 GMT
Date: Mon, 26 Sep 2022 16:49:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PejdqfOkjqHn-ioMXBR4qI_ypbH3pWl_ggNopRU7xDacI_Dk_WcgYA==
age: 44073
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 16:49:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.hayriver.net/usps/verification/
192.185.158.210301 Moved Permanently 0 B URL HTTP/1.1 www.hayriver.net/usps/verification/
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /usps/verification/ HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 26 Sep 2022 16:49:48 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://www.hayriver.net/usps/verification/
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 16:10:46 GMT
Expires: Mon, 26 Sep 2022 16:42:05 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sxhcexQ7QFwqPtGtqgE0zi2UkxORd5vBlfsCt-MPgl2yzRTWP32qjA==
Age: 2342
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14c4c37121ee7723399f6d6fbdd79d4d
ab926870b7f7624ab6d3a59c3be9fdf4fa01d34d
f14820b948115f17f1dbc5d8bb98de3e64ad31b04da29ae562939345b9c4cef3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F14820B948115F17F1DBC5D8BB98DE3E64AD31B04DA29AE562939345B9C4CEF3"
Last-Modified: Mon, 26 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21535
Expires: Mon, 26 Sep 2022 22:48:43 GMT
Date: Mon, 26 Sep 2022 16:49:48 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5170
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 16:49:48 GMT
Last-Modified: Mon, 26 Sep 2022 15:23:38 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.236.232.139101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.236.232.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 02tWRTRTHcQw9EyNBLjjig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LuIEmKkqW2hXk8bktY1S6wIr2pU=
www.hayriver.net/usps/verification/
192.185.158.210404 Not Found 11 kB URL HTTP/2 www.hayriver.net/usps/verification/
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (17297)
Hash 7b19c7e8ba4c587d7d47112440e2676e
d1497a3d1d0d81428d751d667110483ca17b688e
c08d3e56fcdd8281fb15ef2d1f4df51188e0a1ff2793bc129d0ea4924641a1ac
Analyzer Verdict Alert fortinet Phishing
GET /usps/verification/ HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.hayriver.net/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 11335
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 16:49:48 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 16:49:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 87037f1a6953e028975e38476815bc72
e8e44435ba1d4de9ee6f86d3b1d5382fa587fcb7
e847a7f128fa12e570493f9dc8739400c6141792c40c77ed0205028391f870a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 464
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 16:49:49 GMT
Last-Modified: Mon, 26 Sep 2022 16:42:05 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_44ed6c911b3fd4b0ba1f33c26bdee941.css?ver=6.0.2
192.185.158.210200 OK 2.3 kB URL HTTP/2 www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_44ed6c911b3fd4b0ba1f33c26bdee941.css?ver=6.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (9429), with no line terminators
Hash 3b6bf19e31bdb3499b297d37a06ebd3b
f1795af4261a970f4e3cb1746c76c183615d0576
3f77e05fb63e8efc53698010dcc82709b983791d9c831aa123f78b55b74bc128
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/cache/autoptimize/css/autoptimize_single_44ed6c911b3fd4b0ba1f33c26bdee941.css?ver=6.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:52:40 GMT
accept-ranges: bytes
cache-control: max-age=30672000, public, immutable
expires: Sat, 16 Sep 2023 16:49:49 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2281
content-type: text/css
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_80ff2c59596dfa78ee7d8534f42315f5.css?ver=3.0.0
192.185.158.210200 OK 8.6 kB URL HTTP/2 www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_80ff2c59596dfa78ee7d8534f42315f5.css?ver=3.0.0
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (29083), with no line terminators
Hash a95c143a89e4195156eb9d1a08332e80
ab2a4ff6bab171fa746d0f350e583ecb18f23f63
6fb1b0a7e993205461384da4644d22855068a5dd626ca199e9bbe9ba26b0904a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/cache/autoptimize/css/autoptimize_single_80ff2c59596dfa78ee7d8534f42315f5.css?ver=3.0.0 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:52:40 GMT
accept-ranges: bytes
cache-control: max-age=30672000, public, immutable
expires: Sat, 16 Sep 2023 16:49:49 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 8559
content-type: text/css
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f09a18ffd47757d6303864753f40a57c
6f056a04785c83dae4a4f40eaac5ac34a5a391f2
9969afe37e2b095cd931423fcc9dbfaa9a751d81a055bcd8f77a1aa7a51bd72e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 16:49:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_81e8538f7aa726a386fd42cbdca9c255.css?ver=3.0.2
192.185.158.210200 OK 424 B URL HTTP/2 www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_81e8538f7aa726a386fd42cbdca9c255.css?ver=3.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1060), with no line terminators
Hash b6a73face70a0862a2e4cacd554af6c2
b7a426919295f21029f285db9cfa60dccde4e1cb
b42d9addca9c9fb19618e46bf559caebf08eb4acef9a182e8202c133a2119c45
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/cache/autoptimize/css/autoptimize_single_81e8538f7aa726a386fd42cbdca9c255.css?ver=3.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:52:40 GMT
accept-ranges: bytes
cache-control: max-age=30672000, public, immutable
expires: Sat, 16 Sep 2023 16:49:49 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 424
content-type: text/css
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
192.185.158.210200 OK 4.6 kB URL HTTP/2 www.hayriver.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 04 Mar 2021 15:36:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4618
content-type: application/javascript
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
192.185.158.210200 OK 17 kB URL HTTP/2 www.hayriver.net/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (43771)
Hash 2a67a4888baa44de739f3fe56203ce07
da175eae57f26b655747d79f055477e3fee1abb9
3a4d7627476a0099ca4bcc101685f27de04cb49dd66ef842d72c6cda270599dd
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 22:32:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16594
content-type: text/css
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/cache/autoptimize/js/autoptimize_single_ab2a62f8878fc244db553573d9de2fb6.js?ver=6.0.2
192.185.158.210200 OK 962 B URL HTTP/2 www.hayriver.net/wp-content/cache/autoptimize/js/autoptimize_single_ab2a62f8878fc244db553573d9de2fb6.js?ver=6.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1209)
Hash 7ff21fb78a8674c1b235445218687e10
3d348c2f4878079863285a566369b35a6e0edfeb
b36d2cb8fa3dc75837f78231412fcf71dbc219f113cca486e59bfee9e91af14f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/cache/autoptimize/js/autoptimize_single_ab2a62f8878fc244db553573d9de2fb6.js?ver=6.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:52:40 GMT
accept-ranges: bytes
cache-control: max-age=30672000, public, immutable
expires: Sat, 16 Sep 2023 16:49:49 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 962
content-type: application/javascript
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/uploads/2014/01/markHoffmanBottle.jpg
192.185.158.210200 OK 46 kB URL HTTP/2 www.hayriver.net/wp-content/uploads/2014/01/markHoffmanBottle.jpg
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "Created with GIMP", progressive, precision 8, 218x400, components 3\012- data
Hash d8bcf75ef2b97ff1551ea641b58d448c
c49f062145c2424067b0a96f8e970b4f296bb141
fd782647b403409f3faf1b92b2b4d1b965a7f317318d16f26e5d76619baf4d7a
GET /wp-content/uploads/2014/01/markHoffmanBottle.jpg HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Apr 2015 00:30:42 GMT
accept-ranges: bytes
content-length: 46411
content-type: image/jpeg
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 16:49:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lustria/v13/9oRONYodvDEyjuhOnC8zMw.woff2
142.250.74.163200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/lustria/v13/9oRONYodvDEyjuhOnC8zMw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 11716, version 1.0\012- data
Hash 0f76ba51473a2872823b37ef8cc1023b
79861442645b15d65562f38eaaf9ec4749003cb9
08e0a7e1c290b0d6d3f7c21866d6ddb921ea10afcd18abfbdd63875339e94c77
GET /s/lustria/v13/9oRONYodvDEyjuhOnC8zMw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hayriver.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11716
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 19:40:26 GMT
expires: Wed, 20 Sep 2023 19:40:26 GMT
cache-control: public, max-age=31536000
age: 508163
last-modified: Tue, 26 Apr 2022 15:29:15 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 16:49:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hayriver.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
192.185.158.210200 OK 5.3 kB URL HTTP/2 www.hayriver.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:47:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
content-type: application/javascript
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/uploads/2018/07/logo.png
192.185.158.210200 OK 13 kB URL HTTP/2 www.hayriver.net/wp-content/uploads/2018/07/logo.png
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 260 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash a8b73419c6ca02c5ddfbe118f9643a92
e1a63f6cd0d4355d64b80878b241edb2a9598647
0654bdf4adde932288245356b1a18eb3872e3a512177c04d0a3045c89f453d41
GET /wp-content/uploads/2018/07/logo.png HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 23 Jul 2018 18:39:05 GMT
accept-ranges: bytes
content-length: 13320
content-type: image/png
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/plugins/simple-social-icons/symbol-defs.svg
192.185.158.210200 OK 36 kB URL HTTP/2 www.hayriver.net/wp-content/plugins/simple-social-icons/symbol-defs.svg
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (4826)
Hash 943cab428f398924e18d2b7bbf45c03a
de2ff5159d3513c213da5889feddaf25e436dd08
53ecfb7fb539e851138504ca730068408f677cff5d7ef348a0c7f69dbb31371a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/simple-social-icons/symbol-defs.svg HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 22:44:59 GMT
accept-ranges: bytes
content-length: 35724
content-type: image/svg+xml
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4807
Expires: Mon, 26 Sep 2022 18:09:56 GMT
Date: Mon, 26 Sep 2022 16:49:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4807
Expires: Mon, 26 Sep 2022 18:09:56 GMT
Date: Mon, 26 Sep 2022 16:49:49 GMT
Connection: keep-alive
www.hayriver.net/wp-content/images/header.png
192.185.158.210200 OK 163 kB URL HTTP/2 www.hayriver.net/wp-content/images/header.png
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1140 x 170, 8-bit colormap, non-interlaced\012- data
Size 163 kB (162622 bytes)
Hash 07d20504c6f9b599f09faa7b4438a5db
36e2807fe4d6db2eea7ebaa6b309aa53e3ab4e17
b68c987cfc117ec23606129cd3a3057a1b40a6e66ed37dac198d29a86031e054
GET /wp-content/images/header.png HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_80ff2c59596dfa78ee7d8534f42315f5.css?ver=3.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 03 Mar 2021 21:54:24 GMT
accept-ranges: bytes
content-length: 162622
content-type: image/png
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4807
Expires: Mon, 26 Sep 2022 18:09:56 GMT
Date: Mon, 26 Sep 2022 16:49:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d02ede0c964f3346fd53ae2950bf2a62
e49306a3713cb724be024a4ddb5e90645718a718
c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HCJ483GPdpPhC7oYm1GrA02BqqST9sfqfCBSA93rZqaQYl-jezgP5Q==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:20:40 GMT
age: 66549
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fe8c4f0c70fb6c1f4259eabedc7015e
85e378d0fff856832a8dd01743516b9476fed8c6
508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 67173
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4807
Expires: Mon, 26 Sep 2022 18:09:56 GMT
Date: Mon, 26 Sep 2022 16:49:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef17205adb2b478d3bff54b048208d22
12aac1bd22e675f09a220de08b4656e801c2e647
620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5980
x-amzn-requestid: fbf0c390-da24-49e2-8492-43e29e5d4bb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHCGJVoAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc6-1f9b1b7d63467c58702e6d7e;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:38 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Iy0oyFx_T6CEuOQckEzvUQOUo307Jm_OgJzomWlMz9BhgD3eOaysdA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:48:52 GMT
age: 68457
etag: "12aac1bd22e675f09a220de08b4656e801c2e647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qvSIyV7uvUzXFn6Sw3izoZxQoFbmyRzQ9WKl33D7fNTcuV6WXTzD9Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 05:01:28 GMT
age: 42501
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 968b9c138702fb5994d1d9eab1a697fa
9660bb2d38079182efbd11d7a687bfc7f9d30751
5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11728
x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUCGGw7oAMF3wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: H4KXhBaRw3SvzBrbl30mV6R_vJ8bXBkyicb8fQiTp6YSBHjE8iFkNQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:49:56 GMT
etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751"
content-type: image/jpeg
age: 64793
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c11e6fef1be62b971bd9daf378bfc95
ef9d756cbcda72cf7ef5029b7d384cd1fbaed633
b8369f83d6dddcd2355b81d8eb200791788165e56881ce21e1a1e9c8bb1bb2ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13584
x-amzn-requestid: 198bd2b4-d4ae-4f19-a500-463aee52b890
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHgFdNoAMFwEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc9-19a1f7d2102820da4b21f18b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yl8BCwdlIePsc4gIX4IYH0L6NHipn_5fBsa9nyYy14w0m49jPUYXBw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:57:51 GMT
age: 67918
etag: "ef9d756cbcda72cf7ef5029b7d384cd1fbaed633"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.paypal.com/sdk/js?client-id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&enable-funding=venmo¤cy=USD
151.101.193.21200 OK 95 kB URL HTTP/2 www.paypal.com/sdk/js?client-id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&enable-funding=venmo¤cy=USD
IP 151.101.193.21:0
File type ASCII text, with very long lines (65472)
Hash 569d251b55208168ca713ce068ac7772
5f86848c65215ac89bbd9577f28857b5bca8165a
abbb4b2aac4cfcac8d822cad0ac6b4aa7b9af94e6a9f59433804bdae3568ae34
GET /sdk/js?client-id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&enable-funding=venmo¤cy=USD HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-oW9TnaG8tsMsLNXZI2VpUAxePy5jOwMbYLOEKfXw8hSe8X6G' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-oW9TnaG8tsMsLNXZI2VpUAxePy5jOwMbYLOEKfXw8hSe8X6G' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/javascript; charset=utf-8
etag: W/"1725e-X4aEjGUhWsibvZV38ohXtbyoFlo"
p3p: true
paypal-debug-id: f88150013f3ac
traceparent: 00-0000000000000000000f88150013f3ac-04a31a56ae02a826-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 16:49:50 GMT
age: 0
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4052-HHN, cache-bma1641-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210989.352087,VS0,VE712
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f88150013f3ac-dd3b707e6c8ccc08-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
content-length: 94814
X-Firefox-Spdy: h2
www.paypal.com/tagmanager/pptm.js?id=www.hayriver.net&t=xo&v=5.0.332&source=payments_sdk&client_id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&vault=false
151.101.193.21200 OK 4.8 kB URL HTTP/2 www.paypal.com/tagmanager/pptm.js?id=www.hayriver.net&t=xo&v=5.0.332&source=payments_sdk&client_id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&vault=false
IP 151.101.193.21:0
File type ASCII text, with very long lines (13584)
Hash 14feccd37b997ef9bd5429af9f3ad2b2
e2dc88fbf6ee084fd200e1e477c9acbd5ee3fd52
0346252a12d390f6b8c78426747fc9181143e0f981a74dec044c48fbc92eb469
GET /tagmanager/pptm.js?id=www.hayriver.net&t=xo&v=5.0.332&source=payments_sdk&client_id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&vault=false HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-qZQ7MDfyoC9VfzskNpjj6PvZBX7QcmxwwTxMTjQiiX/25Vw0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-type: application/x-javascript; charset=utf-8
etag: W/"353b-3ysmoknPHrSWUDKN12REUTJy09k"
paypal-debug-id: f8557769cd2a3
traceparent: 00-0000000000000000000f8557769cd2a3-817c9821a88c3cd4-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 16:49:50 GMT
age: 53245
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4044-HHN, cache-bma1641-BMA
x-cache: HIT, MISS
x-cache-hits: 2, 0
x-timer: S1664210990.156705,VS0,VE22
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f8557769cd2a3-59e622b601e80724-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
content-length: 4753
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/uploads/2018/12/favicon.png
192.185.158.210200 OK 1.7 kB URL HTTP/2 www.hayriver.net/wp-content/uploads/2018/12/favicon.png
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 9769cd9416db835815f26a478eddc1eb
4be511274d6ae66f3f4eb7f700c3bab5e2859956
6a67782d6c4dd94186c2cb27f35ff1dcb1fcdb43ce3e10b676b33a8f859539d3
GET /wp-content/uploads/2018/12/favicon.png HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 29 Dec 2018 12:38:32 GMT
accept-ranges: bytes
content-length: 1689
content-type: image/png
date: Mon, 26 Sep 2022 16:49:50 GMT
server: Apache
X-Firefox-Spdy: h2
s.pinimg.com/ct/core.js
23.38.200.197200 OK 1.1 kB IP 23.38.200.197:0
File type ASCII text, with very long lines (1146), with no line terminators
Hash cd5f811dc7c19de8566479150bc37ef8
d17e9c54bce997b95bd0b6fceb0ad936077bbbf8
dbcef3b5ce770e8a3e8350473f04fbe627a78fa93a4441a24afec965643733e8
GET /ct/core.js HTTP/1.1
Host: s.pinimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "cd5f811dc7c19de8566479150bc37ef8"
cache-control: max-age=7200
accept-ranges: bytes
content-type: application/javascript
content-length: 1146
vary: Accept-Encoding, Origin
x-cdn: akamai
access-control-max-age: 86400
access-control-expose-headers: X-CDN
access-control-allow-methods: GET
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.paypalobjects.com/muse/muse.js
151.101.86.133200 OK 16 kB URL HTTP/2 www.paypalobjects.com/muse/muse.js
IP 151.101.86.133:0
File type ASCII text, with very long lines (55891)
Hash 6aebbe482c72000aea20895991f70478
eff1d3370786f9ee4ea539776bc43ab9bece89ba
2acb950bc7678b9e6c265194821fac386bf555db582ee8c0e2d9e68ff3eaa862
GET /muse/muse.js HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-type: application/javascript
etag: W/"6271663d-da91"
last-modified: Tue, 03 May 2022 17:28:29 GMT
paypal-debug-id: 84840867de170
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 16:49:50 GMT
x-served-by: cache-sjc10029-SJC, cache-bma1676-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 51868
x-timer: S1664210990.315802,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 16464
X-Firefox-Spdy: h2
www.paypalobjects.com/muse/analytics/index.html
151.101.86.133200 OK 17 kB URL HTTP/2 www.paypalobjects.com/muse/analytics/index.html
IP 151.101.86.133:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (55410)
Hash 56fc10c2e8100a7e4418dc987c23d7a5
5c11880437f36368f82da60522bfcb0d57b395cf
326df6156907ef357f13bf48a5a3798dd4e692345d04fb4edad8370058d1198a
GET /muse/analytics/index.html HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-type: text/html
etag: W/"6271663d-d994"
last-modified: Tue, 03 May 2022 17:28:29 GMT
paypal-debug-id: 50b39f10d2761
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 16:49:50 GMT
x-served-by: cache-sjc10077-SJC, cache-bma1676-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 55836
x-timer: S1664210990.358569,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 16791
X-Firefox-Spdy: h2
t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&fltp=analytics&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664210988354&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification%2F
151.101.129.35200 OK 42 B URL HTTP/2 t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&fltp=analytics&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664210988354&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification%2F
IP 151.101.129.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4682377ddfbe4e7dabfddb2e543e842
328e472721a93345801ed5533240eac2d1f8498c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
GET /ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&fltp=analytics&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664210988354&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification%2F HTTP/1.1
Host: t.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
expires: Mon, 26 Sep 2022 16:49:50 GMT
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 529725e118624
pragma: no-cache
set-cookie: ts=vreXpYrS%3D1758905390%26vteXpYrS%3D1664212790%26vr%3D7ab4752e1830aa5b312208a5ffffffff%26vt%3D7ab4752e1830aa5b312208a5fffffffe; Expires=Fri, 26 Sep 2025 16:49:50 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
ts_c=vr%3D7ab4752e1830aa5b312208a5ffffffff%26vt%3D7ab4752e1830aa5b312208a5fffffffe; Expires=Fri, 26 Sep 2025 16:49:50 GMT; Domain=.paypal.com; Path=/; Secure
traceparent: 00-0000000000000000000529725e118624-3b454c7b477842f6-01
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 26 Sep 2022 16:49:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4045-HHN, cache-bma1633-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210990.292097,VS0,VE168
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
timing-allow-origin: *
content-length: 42
X-Firefox-Spdy: h2
t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&es=visitorInfoFlowStarted&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664210988561&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification%2F
151.101.129.35200 OK 42 B URL HTTP/2 t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&es=visitorInfoFlowStarted&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664210988561&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification%2F
IP 151.101.129.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4682377ddfbe4e7dabfddb2e543e842
328e472721a93345801ed5533240eac2d1f8498c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
GET /ts?pgrp=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&es=visitorInfoFlowStarted&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664210988561&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification%2F HTTP/1.1
Host: t.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
expires: Mon, 26 Sep 2022 16:49:50 GMT
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: f102edfe87622
pragma: no-cache
set-cookie: ts=vreXpYrS%3D1758905390%26vteXpYrS%3D1664212790%26vr%3D7ab475b71830a56c62376317ffffffff%26vt%3D7ab475b71830a56c62376317fffffffe; Expires=Fri, 26 Sep 2025 16:49:50 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
ts_c=vr%3D7ab475b71830a56c62376317ffffffff%26vt%3D7ab475b71830a56c62376317fffffffe; Expires=Fri, 26 Sep 2025 16:49:50 GMT; Domain=.paypal.com; Path=/; Secure
traceparent: 00-0000000000000000000f102edfe87622-759331aa5326bcff-01
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 26 Sep 2022 16:49:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4065-HHN, cache-bma1633-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210990.419244,VS0,VE183
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
timing-allow-origin: *
content-length: 42
X-Firefox-Spdy: h2
www.paypal.com/targeting/graphql
151.101.193.21204 No Content 0 B URL HTTP/2 www.paypal.com/targeting/graphql
IP 151.101.193.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /targeting/graphql HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.paypalobjects.com/
Origin: https://www.paypalobjects.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f78066181f92d
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 01:35:46 GMT; HttpOnly; Secure
enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 16:49:50 GMT; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMDk5MDUyNiIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
nsid=s%3AIr7cv9qZM5-baxbVyBhe9xYqgtskqU4M.ZcrEOQlvJOQFnM%2BLiqCzURKy1aVd9PX3WoYc0A3a0s8; Path=/; HttpOnly; Secure
l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:19:50 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758905390%26vteXpYrS%3D1664212790%26vr%3D7ab475b01830a7a094079913fff930b6%26vt%3D7ab475b01830a7a094079913fff930b5%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:50 GMT; HttpOnly; Secure
ts_c=vr%3D7ab475b01830a7a094079913fff930b6%26vt%3D7ab475b01830a7a094079913fff930b5; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:50 GMT; Secure
traceparent: 00-0000000000000000000f78066181f92d-2ca66002c711829e-01
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 26 Sep 2022 16:49:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11558-HHN, cache-bma1641-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210990.428418,VS0,VE180
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
s.pinimg.com/ct/lib/main.8f82d377.js
23.38.200.197200 OK 19 kB URL HTTP/2 s.pinimg.com/ct/lib/main.8f82d377.js
IP 23.38.200.197:0
File type Unicode text, UTF-8 text, with very long lines (53772), with no line terminators
Hash a6d88dfc00c49311bf8bfb0c93dd49d4
97a94818112f70a0798f8e308a9b32ff50d27c0c
3a98f5a50898a72647cef7362731acb3cec5648a9057c836f683970955ed991d
GET /ct/lib/main.8f82d377.js HTTP/1.1
Host: s.pinimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "a6d88dfc00c49311bf8bfb0c93dd49d4"
content-encoding: gzip
accept-ranges: bytes
content-type: application/javascript
content-length: 18620
cache-control: max-age=1209600
vary: Accept-Encoding, Origin
x-cdn: akamai
access-control-max-age: 86400
access-control-expose-headers: X-CDN
access-control-allow-methods: GET
access-control-allow-origin: *
X-Firefox-Spdy: h2
ct.pinterest.com/user/?tid=2612863225035&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&cb=1664210989005
23.38.200.197200 OK 378 B URL HTTP/2 ct.pinterest.com/user/?tid=2612863225035&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&cb=1664210989005
IP 23.38.200.197:0
File type JSON data\012- , ASCII text, with very long lines (540), with no line terminators
Hash 3552f5f146470ca7ebc456b2595776c5
a4baaddc1ef324c9e169da6b1e21f33210cdf86b
3c8d06b1f641094d99da191134bcff7e255ef67f45967db4a1ec4a9c2f381068
GET /user/?tid=2612863225035&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&cb=1664210989005 HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hayriver.net
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-expose-headers: Epik,Pin-Unauth
pin-unauth: dWlkPU9EZzVPV1F6WVdVdE1UUXhOQzAwWmpka0xUZ3hZemN0WVdZMU5URmhNMlV5TldFdw
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin: https://www.hayriver.net
content-type: application/json; charset=utf-8
content-encoding: gzip
content-length: 378
x-envoy-upstream-service-time: 12
referrer-policy: origin
x-pinterest-rid: 4900216300760759
date: Mon, 26 Sep 2022 16:49:50 GMT
vary: Accept-Encoding
akamai-grn: 0.274f2417.1664210990.2e1c9068
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
www.paypal.com/targeting/graphql
151.101.193.21200 OK 350 B URL HTTP/2 www.paypal.com/targeting/graphql
IP 151.101.193.21:0
File type JSON data\012- , ASCII text, with very long lines (434)
Hash b55c0a540b34a16785c32c6951ba10e4
0b72ad24f4814fd3b2da63e4ac8a63aaa34c0eb8
3c87217351a394ef64adc98943386561097851497d70cad7f3d9bbb91ad85880
POST /targeting/graphql HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.paypalobjects.com/
Content-Type: application/json
Origin: https://www.paypalobjects.com
Content-Length: 319
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-zDH6t1oyaJA08zfo9hJrekOZSjxTp4nD1P5buu5J6joHpKm0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-type: application/json; charset=utf-8
etag: W/W/"1b3-GUXs8eL7IUfIlSJJDFqOW+qN8gA"
paypal-debug-id: f703661c81b95
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 01:35:46 GMT; HttpOnly; Secure
enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 16:49:50 GMT; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMDk5MDgyNCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
tsrce=targetingnodeweb; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 16:49:50 GMT; HttpOnly; Secure; SameSite=None
nsid=s%3AiVtBvbdnLgx-EbsMznruDOP5RqT17G6K.0K9RieAc52izHJU52FDKibBLpmGdxvLMVY3qjWXAvgw; Path=/; HttpOnly; Secure
l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:19:50 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758905390%26vteXpYrS%3D1664212790%26vr%3D7ab476811830a1d2d49ff1d2fff8d1fa%26vt%3D7ab476811830a1d2d49ff1d2fff8d1f9%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:50 GMT; HttpOnly; Secure
ts_c=vr%3D7ab476811830a1d2d49ff1d2fff8d1fa%26vt%3D7ab476811830a1d2d49ff1d2fff8d1f9; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:50 GMT; Secure
traceparent: 00-0000000000000000000f703661c81b95-0c476d77da5157c7-01
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 16:49:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11552-HHN, cache-bma1641-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210991.624119,VS0,VE298
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
c.paypal.com/da/r/fb.js
192.229.221.25200 OK 20 kB IP 192.229.221.25:0
File type C source, ASCII text, with very long lines (58758), with no line terminators
Hash 234b5a0a6ae679e24e1e800c5ee27041
89cd42971e9dfcdc302ac360bce7f8e5034bbc75
b341cef0a6a711b115a65b4ff5c1b4357ac9689eca58f4c88dfcf0481a2b75d6
GET /da/r/fb.js HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.paypal.com/
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
age: 341418
cache-control: max-age=86400
content-type: application/javascript
date: Mon, 26 Sep 2022 16:49:51 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "62f2c748-e586"
expires: Tue, 27 Sep 2022 16:49:51 GMT
last-modified: Tue, 09 Aug 2022 20:44:56 GMT
paypal-debug-id: 9aef47e8b50de
server: ECAcc (ska/F6AA)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=2
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000009aef47e8b50de-c4f59dada6a07ccc-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 20053
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cc6384589982fb29b488efe5b4972942
15a18e74095c5e1ef2459827e36c37ee3ee4b493
4ac9988c1240ad0e3ccef6abd16c6513dc7cfd7cac4fa53b3c25e33e1bb29151
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1851
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 16:49:51 GMT
Last-Modified: Mon, 26 Sep 2022 16:19:00 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
b.stats.paypal.com/v2/counter.cgi?p=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS
64.4.245.84302 Found 0 B URL HTTP/1.1 b.stats.paypal.com/v2/counter.cgi?p=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS
IP 64.4.245.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/counter.cgi?p=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS HTTP/1.1
Host: b.stats.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.paypal.com/
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302 Found
Connection: close
Server: PayPal-B.Stats/1.0
Location: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS
Content-Length: 0
Set-Cookie: c=569bbc1917717a3b88f4; Domain=stats.paypal.com; expires=Sun, 21 Sep 2042 16:49:51 GMT; Path=/
Content-Type: application/octet-stream
Date: Mon, 26 Sep 2022 16:49:51 GMT
c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
192.229.221.25200 OK 141 B URL HTTP/2 c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
IP 192.229.221.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f8f705741fe0f162a2dfebba38370665
df8c09ce52d3a5cbda8819e1f2352dd3bc739012
26cb10aeec63b613002b3a7598dac0085b14796111a45dd6d9e78d6169338c3e
GET /v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.paypal.com/
Cookie: tsrce=targetingnodeweb
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: 7312d3d0e4174
date: Mon, 26 Sep 2022 16:49:51 GMT
paypal-debug-id: 7312d3d0e4174
server: ECAcc (frc/4CE4)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=196
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000007312d3d0e4174-fc0b17e483463f0c-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 141
X-Firefox-Spdy: h2
c.paypal.com/da/r/fb.js
192.229.221.25304 Not Modified 0 B IP 192.229.221.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /da/r/fb.js HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 09 Aug 2022 20:44:56 GMT
If-None-Match: "62f2c748-e586"
TE: trailers
HTTP/2 304 Not Modified
accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
age: 341418
cache-control: max-age=86400
date: Mon, 26 Sep 2022 16:49:51 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "62f2c748-e586"
expires: Tue, 27 Sep 2022 16:49:51 GMT
last-modified: Tue, 09 Aug 2022 20:44:56 GMT
paypal-debug-id: 9aef47e8b50de
server: ECAcc (ska/F6AA)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=4
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000009aef47e8b50de-c4f59dada6a07ccc-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dub.stats.paypal.com/v2/counter2.cgi?p=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS
64.4.245.84200 OK 42 B URL HTTP/1.1 dub.stats.paypal.com/v2/counter2.cgi?p=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS
IP 64.4.245.84:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash accba0b69f352b4c9440f05891b015c5
9d01cc5dc8e042c0d4ad6cfb8b3ac38e84a5ef9f
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
GET /v2/counter2.cgi?p=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS HTTP/1.1
Host: dub.stats.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.paypal.com/
Connection: keep-alive
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Connection: close
Server: PayPal-B.Stats/1.0
Content-Type: image/jpeg
Content-Length: 42
Set-Cookie: c=470ea0a8f7d59e3571bb; Domain=stats.paypal.com; expires=Sun, 21 Sep 2042 16:49:51 GMT; Path=/
Date: Mon, 26 Sep 2022 16:49:51 GMT
ct.pinterest.com/ct.html
23.38.200.197200 OK 323 B IP 23.38.200.197:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (565), with no line terminators
Hash b49b45b63051915a8c657060651eb07f
acaddf8021f220d0e4d30e7c8b3d8330ff781af9
4b00fbca5db49c6e4b29a0c873c43671880bcea1b7b3007655183382a318c2dc
GET /ct.html HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=86400
content-type: text/html; charset=utf-8
content-encoding: gzip
content-length: 323
x-envoy-upstream-service-time: 0
referrer-policy: origin
x-pinterest-rid: 1050671822356284
date: Mon, 26 Sep 2022 16:49:51 GMT
vary: Accept-Encoding
akamai-grn: 0.274f2417.1664210991.2e1cb1eb
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
c.paypal.com/v1/r/d/b/p2
192.229.221.25200 OK 125 B IP 192.229.221.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ab761bc4843d53fad33e5ef06bb5f3a5
bbe5ad0f9b0695ad2ef03dd52e47b88f44560a71
611adc899d292e8d1410704b4a8aa0925fa070e538e5e7fdc00e3fa9453897bb
POST /v1/r/d/b/p2 HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1447
Origin: https://c.paypal.com
Connection: keep-alive
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json
correlation-id: ef35e6a0d9e88
date: Mon, 26 Sep 2022 16:49:51 GMT
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: ef35e6a0d9e88
server: ECAcc (frc/4D03)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=199
set-cookie: sc_f=M0Dmx-hgY97H9Ht-NLnhIBFkmdWDy3NPLdtWllyjqXP68r2rc22cdTI8KjToWbH91lwABqENJPUbmNEL6Ux0BLxqhhfOs8BNRuU74m;Domain=c.paypal.com;Max-Age=157680000;Path=/;Secure;Version=1;Expires=Sat, 25-Sep-2027 09:49:51 GMT; HttpOnly
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000ef35e6a0d9e88-7e1e600783aaaa21-01
content-length: 125
X-Firefox-Spdy: h2
c6.paypal.com/v1/r/d/b/p3?f=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS
192.229.221.25200 OK 20 B URL HTTP/2 c6.paypal.com/v1/r/d/b/p3?f=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS
IP 192.229.221.25:0
Hash 163be0a88c70ca629fd516dbaadad96a
c8830ccf3a863e489ca37f4da572bad0e05d077b
ac73670af3abed54ac6fb4695131f4099be9fbe39d6076c5d0264a6bbdae9d83
GET /v1/r/d/b/p3?f=uid_49e3af9f1c_mty6ndk6ndg&s=SMART_PAYMENT_BUTTONS HTTP/1.1
Host: c6.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c.paypal.com/
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
cache-control: max-age=0, no-cache, no-store, must-revalidate
correlation-id: a42e464f9dda0
date: Mon, 26 Sep 2022 16:49:51 GMT
paypal-debug-id: a42e464f9dda0
server: ECAcc (frc/4CBA)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=194
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000a42e464f9dda0-1413d8a6380e28b0-01
vary: Accept-Encoding
content-length: 20
X-Firefox-Spdy: h2
c.paypal.com/v1/r/d/b/p1
192.229.221.25200 OK 125 B IP 192.229.221.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash a62d04f7a989e30ef9ba77ee187d8241
a4c385aad1d93257cec136dce00b3c7acc93f127
ea70de899b255640f8875a5f7197768e20d9d21eb733e2a5f6ecd0e2be33f37e
POST /v1/r/d/b/p1 HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 4108
Origin: https://c.paypal.com
Connection: keep-alive
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json
correlation-id: b7c0da128bcde
date: Mon, 26 Sep 2022 16:49:51 GMT
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: b7c0da128bcde
server: ECAcc (frc/4CC9)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=366
set-cookie: sc_f=qAVz954B5xHmcDvtZYcyiaVw4NUUAgyyYfnJLpOnGbT-PKDTh7RCMth4KQzmLSf7ur0BYYNGJx43q4mmc4YrEnqwopXEsDuoJeqQg0;Domain=c.paypal.com;Max-Age=157680000;Path=/;Secure;Version=1;Expires=Sat, 25-Sep-2027 09:49:52 GMT; HttpOnly
KHcl0EuY7AKSMgfvHl7J5E7hPtK=qsMnzj3h8kWFDMbVZbIpkkXSXjd0mWjrOg1WrCH4ExQUIKlyHM3vcEzfjOqRXeZ11XXNMfiFrZuoQhXf;Domain=.paypal.com;Max-Age=630720000;Path=/;Secure;Version=1;Expires=Sun, 21-Sep-2042 09:49:52 GMT; HttpOnly
l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:19:52 GMT; HttpOnly; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000b7c0da128bcde-f028ddce7d9c7507-01
content-length: 125
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a75be68e82e6a0ba74932fbe74c7b30
36310320605833289e78cd248c45915363a0a0c3
56d709b77802037254b7922e3f85d1b1652b70dfc4b6c65b03e4149d3b1f22ca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e46522-27ca-4a21-a138-a7bdaf6c55b5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6443
x-amzn-requestid: b6f3be01-6086-4fc1-8bec-c4caa1fe806c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSKMG04IAMFRxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330ca41-5452d1805d3f4d71303142c9;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tx-lL61dT3iakJd8VZw31hzMklubUDBQxE6LBhxsJUqyMM0bqCk73g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:28:23 GMT
age: 66093
etag: "36310320605833289e78cd248c45915363a0a0c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.193.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.193.21:0
OPTIONS /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.hayriver.net/
Origin: https://www.hayriver.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.hayriver.net
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f780661ae9e63
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 01:35:46 GMT; HttpOnly; Secure
enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 16:49:50 GMT; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMDk5MDM5MSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
tsrce=loggernodeweb; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 16:49:50 GMT; HttpOnly; Secure; SameSite=None
l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:19:50 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758905390%26vteXpYrS%3D1664212790%26vr%3D7ab475121830a1d51622f2e2fff82076%26vt%3D7ab475121830a1d51622f2e2fff82075%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:50 GMT; HttpOnly; Secure
ts_c=vr%3D7ab475121830a1d51622f2e2fff82076%26vt%3D7ab475121830a1d51622f2e2fff82075; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:50 GMT; Secure
traceparent: 00-0000000000000000000f780661ae9e63-d14a8b96de744d10-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 26 Sep 2022 16:49:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4046-HHN, cache-bma1641-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210990.258793,VS0,VE243
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.hayriver.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
192.185.158.210200 OK 0 B URL HTTP/2 www.hayriver.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:47:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 26 Sep 2022 16:49:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.paypal.com/smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_42d4423d76_mty6ndk6ndg&sessionID=uid_49e3af9f1c_mty6ndk6ndg&buttonSessionID=uid_5dcd5a9201_mty6ndk6ndg&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
151.101.193.21200 OK 0 B URL HTTP/2 www.paypal.com/smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_42d4423d76_mty6ndk6ndg&sessionID=uid_49e3af9f1c_mty6ndk6ndg&buttonSessionID=uid_5dcd5a9201_mty6ndk6ndg&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
IP 151.101.193.21:0
GET /smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_42d4423d76_mty6ndk6ndg&sessionID=uid_49e3af9f1c_mty6ndk6ndg&buttonSessionID=uid_5dcd5a9201_mty6ndk6ndg&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
etag: W/W/"6585a-kZSn9cbG2gvjx8WCOUmmCSZbU9A"
p3p: true
paypal-debug-id: f780661ed570d
set-cookie: tsrce=smartcomponentnodeweb; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 16:49:50 GMT; HttpOnly; Secure; SameSite=None
l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:19:50 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758905390%26vteXpYrS%3D1664212790%26vr%3D7ab475141830a7a09828ed1ffff9beab%26vt%3D7ab475141830a7a09828ed1ffff9beaa%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:50 GMT; HttpOnly; Secure
ts_c=vr%3D7ab475141830a7a09828ed1ffff9beab%26vt%3D7ab475141830a7a09828ed1ffff9beaa; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:50 GMT; Secure
traceparent: 00-0000000000000000000f780661ed570d-bafbab3fbb91ee97-01
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 16:49:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11538-HHN, cache-bma1641-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210990.249474,VS0,VE346
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f780661ed570d-20140e617d56af16-01"";content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.193.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.193.21:0
POST /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 8128
Origin: https://www.paypal.com
Connection: keep-alive
Referer: https://www.paypal.com/smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_42d4423d76_mty6ndk6ndg&sessionID=uid_49e3af9f1c_mty6ndk6ndg&buttonSessionID=uid_5dcd5a9201_mty6ndk6ndg&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
etag: W/W/"3ef-illb/EyHCmq0tLzHaz00y+zi87U"
paypal-debug-id: f465524dbb083
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 16:49:51 GMT; Secure
LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 01:35:47 GMT; HttpOnly; Secure
tsrce=loggernodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 16:49:50 GMT; HttpOnly; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMDk5MTcwNyIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
l7_az=dcg02.phx; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:19:51 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758905391%26vteXpYrS%3D1664212791%26vr%3D7ab47a221830ad00992a979bfffabd6c%26vt%3D7ab47a221830ad00992a979bfffabd6b%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:51 GMT; HttpOnly; Secure
ts_c=vr%3D7ab47a221830ad00992a979bfffabd6c%26vt%3D7ab47a221830ad00992a979bfffabd6b; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:51 GMT; Secure
traceparent: 00-0000000000000000000f465524dbb083-4720f72cee6aeeb9-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 16:49:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11564-HHN, cache-bma1641-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210992.550447,VS0,VE258
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.193.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.193.21:0
POST /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1483
Origin: https://www.hayriver.net
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.hayriver.net
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
etag: W/W/"3f9-I8R4eFIn2Qh5SSVPpN9DlKgdruk"
paypal-debug-id: f46552490ebb0
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 16:49:51 GMT; Secure
LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 01:35:47 GMT; HttpOnly; Secure
tsrce=loggernodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 16:49:50 GMT; HttpOnly; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMDk5MTk4MSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
l7_az=dcg02.phx; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:19:51 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758905391%26vteXpYrS%3D1664212791%26vr%3D7ab47b531830ad0466d32d13fffcdd70%26vt%3D7ab47b531830ad0466d32d13fffcdd6f%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:51 GMT; HttpOnly; Secure
ts_c=vr%3D7ab47b531830ad0466d32d13fffcdd70%26vt%3D7ab47b531830ad0466d32d13fffcdd6f; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:51 GMT; Secure
traceparent: 00-0000000000000000000f46552490ebb0-f68ce0b042772611-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 16:49:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11548-HHN, cache-bma1641-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210992.873145,VS0,VE198
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.193.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.193.21:0
POST /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1467
Origin: https://www.paypal.com
Connection: keep-alive
Referer: https://www.paypal.com/smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_42d4423d76_mty6ndk6ndg&sessionID=uid_49e3af9f1c_mty6ndk6ndg&buttonSessionID=uid_5dcd5a9201_mty6ndk6ndg&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
etag: W/W/"3fc-mddhkByKWQXEoyVwDB3NQN/ag6U"
paypal-debug-id: f4655244e7ad4
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 16:49:51 GMT; Secure
LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 01:35:47 GMT; HttpOnly; Secure
tsrce=loggernodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 16:49:50 GMT; HttpOnly; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMDk5MTk5NiIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:19:51 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758905391%26vteXpYrS%3D1664212791%26vr%3D7ab47b571830ad009cd33d85fffce117%26vt%3D7ab47b571830ad009cd33d85fffce116%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:51 GMT; HttpOnly; Secure
ts_c=vr%3D7ab47b571830ad009cd33d85fffce117%26vt%3D7ab47b571830ad009cd33d85fffce116; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 16:49:51 GMT; Secure
traceparent: 00-0000000000000000000f4655244e7ad4-bfe46cde91b1a518-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 16:49:52 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11551-HHN, cache-bma1641-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664210992.872847,VS0,VE201
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lustria%3A400%7CPathway+Gothic+One&ver=3.0.0
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lustria%3A400%7CPathway+Gothic+One&ver=3.0.0
IP 142.250.74.10:0
GET /css?family=Lustria%3A400%7CPathway+Gothic+One&ver=3.0.0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hayriver.net
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Sep 2022 16:49:49 GMT
date: Mon, 26 Sep 2022 16:49:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2