r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5788
Expires: Mon, 26 Sep 2022 18:51:57 GMT
Date: Mon, 26 Sep 2022 17:15:29 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 17:15:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5WubjIrHN1aHU4_AFOtjXwdQeBOkAxfIr0ZS4uqZiG6r4QLgmoWtRA==
Age: 11
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jtH5lt6qAsE84OC_T78WKDiSEGSJ43Vd-Rf2qmLsgZMlFffZULfYgA==
age: 45614
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 17:15:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
hayriver.net/usps/verification
192.185.158.210301 Moved Permanently 0 B URL HTTP/1.1 hayriver.net/usps/verification
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /usps/verification HTTP/1.1
Host: hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 26 Sep 2022 17:15:29 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://hayriver.net/usps/verification
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 17:10:46 GMT
Expires: Mon, 26 Sep 2022 17:33:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LO51ZCvS2bPlonQSsZ2wVNRKgbR27KkQh2xcP5Ni4dnqHTjdbtpLUA==
Age: 283
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3482
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 17:15:29 GMT
Last-Modified: Mon, 26 Sep 2022 16:17:27 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b95c97562641e48a24c9a9241dce753
2241108c301a37af1ead9fd718f1d9a7d049d8df
06d81233d408e4070066846131252193a89ac466b0bd61514a0f270d29687b6c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06D81233D408E4070066846131252193A89AC466B0BD61514A0F270D29687B6C"
Last-Modified: Sat, 24 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21514
Expires: Mon, 26 Sep 2022 23:14:03 GMT
Date: Mon, 26 Sep 2022 17:15:29 GMT
Connection: keep-alive
push.services.mozilla.com/
34.214.236.46101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.236.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: BCSfnnSPBxDIdzWEdOnyBQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gYOE27F/LRT2MolU5Q4Z40KaqaE=
hayriver.net/usps/verification
192.185.158.210301 Moved Permanently 0 B URL HTTP/2 hayriver.net/usps/verification
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /usps/verification HTTP/1.1
Host: hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://www.hayriver.net/usps/verification
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 17:15:29 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/usps/verification
192.185.158.210404 Not Found 11 kB URL HTTP/2 www.hayriver.net/usps/verification
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (17297)
Hash 7b19c7e8ba4c587d7d47112440e2676e
d1497a3d1d0d81428d751d667110483ca17b688e
c08d3e56fcdd8281fb15ef2d1f4df51188e0a1ff2793bc129d0ea4924641a1ac
Analyzer Verdict Alert fortinet Phishing
GET /usps/verification HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.hayriver.net/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 11335
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 17:15:30 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 87037f1a6953e028975e38476815bc72
e8e44435ba1d4de9ee6f86d3b1d5382fa587fcb7
e847a7f128fa12e570493f9dc8739400c6141792c40c77ed0205028391f870a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1581
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 17:15:30 GMT
Last-Modified: Mon, 26 Sep 2022 16:49:09 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f09a18ffd47757d6303864753f40a57c
6f056a04785c83dae4a4f40eaac5ac34a5a391f2
9969afe37e2b095cd931423fcc9dbfaa9a751d81a055bcd8f77a1aa7a51bd72e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 17:15:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.paypal.com/sdk/js?client-id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&enable-funding=venmo¤cy=USD
151.101.65.21200 OK 95 kB URL HTTP/2 www.paypal.com/sdk/js?client-id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&enable-funding=venmo¤cy=USD
IP 151.101.65.21:0
File type ASCII text, with very long lines (65472)
Hash 569d251b55208168ca713ce068ac7772
5f86848c65215ac89bbd9577f28857b5bca8165a
abbb4b2aac4cfcac8d822cad0ac6b4aa7b9af94e6a9f59433804bdae3568ae34
GET /sdk/js?client-id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&enable-funding=venmo¤cy=USD HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-oW9TnaG8tsMsLNXZI2VpUAxePy5jOwMbYLOEKfXw8hSe8X6G' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-oW9TnaG8tsMsLNXZI2VpUAxePy5jOwMbYLOEKfXw8hSe8X6G' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/javascript; charset=utf-8
etag: W/"1725e-X4aEjGUhWsibvZV38ohXtbyoFlo"
p3p: true
paypal-debug-id: f88150013f3ac
traceparent: 00-0000000000000000000f88150013f3ac-04a31a56ae02a826-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 17:15:30 GMT
age: 1541
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4052-HHN, cache-bma1656-BMA
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1664212531.625248,VS0,VE3
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f88150013f3ac-dd3b707e6c8ccc08-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
content-length: 94814
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lustria%3A400%7CPathway+Gothic+One&ver=3.0.0
142.250.74.10200 OK 877 B URL HTTP/2 fonts.googleapis.com/css?family=Lustria%3A400%7CPathway+Gothic+One&ver=3.0.0
IP 142.250.74.10:0
Hash 32ce901c742b85f509a2e4f2ed183a60
ae2c7d25641b026388724ba81589e2a559f7f523
7095726532fc706769e0c220b9f68171e0a9328cef5387b00f4283e4657d7088
GET /css?family=Lustria%3A400%7CPathway+Gothic+One&ver=3.0.0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hayriver.net
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Sep 2022 17:15:30 GMT
date: Mon, 26 Sep 2022 17:15:30 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_80ff2c59596dfa78ee7d8534f42315f5.css?ver=3.0.0
192.185.158.210200 OK 8.6 kB URL HTTP/2 www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_80ff2c59596dfa78ee7d8534f42315f5.css?ver=3.0.0
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (29083), with no line terminators
Hash a95c143a89e4195156eb9d1a08332e80
ab2a4ff6bab171fa746d0f350e583ecb18f23f63
6fb1b0a7e993205461384da4644d22855068a5dd626ca199e9bbe9ba26b0904a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/cache/autoptimize/css/autoptimize_single_80ff2c59596dfa78ee7d8534f42315f5.css?ver=3.0.0 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:52:40 GMT
accept-ranges: bytes
cache-control: max-age=30672000, public, immutable
expires: Sat, 16 Sep 2023 17:15:30 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 8559
content-type: text/css
date: Mon, 26 Sep 2022 17:15:30 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
192.185.158.210200 OK 17 kB URL HTTP/2 www.hayriver.net/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (43771)
Hash 2a67a4888baa44de739f3fe56203ce07
da175eae57f26b655747d79f055477e3fee1abb9
3a4d7627476a0099ca4bcc101685f27de04cb49dd66ef842d72c6cda270599dd
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 22:32:56 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16594
content-type: text/css
date: Mon, 26 Sep 2022 17:15:30 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/uploads/2014/01/markHoffmanBottle.jpg
192.185.158.210200 OK 46 kB URL HTTP/2 www.hayriver.net/wp-content/uploads/2014/01/markHoffmanBottle.jpg
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "Created with GIMP", progressive, precision 8, 218x400, components 3\012- data
Hash d8bcf75ef2b97ff1551ea641b58d448c
c49f062145c2424067b0a96f8e970b4f296bb141
fd782647b403409f3faf1b92b2b4d1b965a7f317318d16f26e5d76619baf4d7a
GET /wp-content/uploads/2014/01/markHoffmanBottle.jpg HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Apr 2015 00:30:42 GMT
accept-ranges: bytes
content-length: 46411
content-type: image/jpeg
date: Mon, 26 Sep 2022 17:15:30 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_44ed6c911b3fd4b0ba1f33c26bdee941.css?ver=6.0.2
192.185.158.210200 OK 2.3 kB URL HTTP/2 www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_44ed6c911b3fd4b0ba1f33c26bdee941.css?ver=6.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (9429), with no line terminators
Hash 3b6bf19e31bdb3499b297d37a06ebd3b
f1795af4261a970f4e3cb1746c76c183615d0576
3f77e05fb63e8efc53698010dcc82709b983791d9c831aa123f78b55b74bc128
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/cache/autoptimize/css/autoptimize_single_44ed6c911b3fd4b0ba1f33c26bdee941.css?ver=6.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:52:40 GMT
accept-ranges: bytes
cache-control: max-age=30672000, public, immutable
expires: Sat, 16 Sep 2023 17:15:30 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2281
content-type: text/css
date: Mon, 26 Sep 2022 17:15:30 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_81e8538f7aa726a386fd42cbdca9c255.css?ver=3.0.2
192.185.158.210200 OK 424 B URL HTTP/2 www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_81e8538f7aa726a386fd42cbdca9c255.css?ver=3.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1060), with no line terminators
Hash b6a73face70a0862a2e4cacd554af6c2
b7a426919295f21029f285db9cfa60dccde4e1cb
b42d9addca9c9fb19618e46bf559caebf08eb4acef9a182e8202c133a2119c45
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/cache/autoptimize/css/autoptimize_single_81e8538f7aa726a386fd42cbdca9c255.css?ver=3.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:52:40 GMT
accept-ranges: bytes
cache-control: max-age=30672000, public, immutable
expires: Sat, 16 Sep 2023 17:15:30 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 424
content-type: text/css
date: Mon, 26 Sep 2022 17:15:30 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
192.185.158.210200 OK 4.6 kB URL HTTP/2 www.hayriver.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 04 Mar 2021 15:36:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4618
content-type: application/javascript
date: Mon, 26 Sep 2022 17:15:30 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/cache/autoptimize/js/autoptimize_single_ab2a62f8878fc244db553573d9de2fb6.js?ver=6.0.2
192.185.158.210200 OK 962 B URL HTTP/2 www.hayriver.net/wp-content/cache/autoptimize/js/autoptimize_single_ab2a62f8878fc244db553573d9de2fb6.js?ver=6.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1209)
Hash 7ff21fb78a8674c1b235445218687e10
3d348c2f4878079863285a566369b35a6e0edfeb
b36d2cb8fa3dc75837f78231412fcf71dbc219f113cca486e59bfee9e91af14f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/cache/autoptimize/js/autoptimize_single_ab2a62f8878fc244db553573d9de2fb6.js?ver=6.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:52:40 GMT
accept-ranges: bytes
cache-control: max-age=30672000, public, immutable
expires: Sat, 16 Sep 2023 17:15:30 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 962
content-type: application/javascript
date: Mon, 26 Sep 2022 17:15:30 GMT
server: Apache
X-Firefox-Spdy: h2
www.paypal.com/tagmanager/pptm.js?id=www.hayriver.net&t=xo&v=5.0.332&source=payments_sdk&client_id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&vault=false
151.101.65.21200 OK 4.8 kB URL HTTP/2 www.paypal.com/tagmanager/pptm.js?id=www.hayriver.net&t=xo&v=5.0.332&source=payments_sdk&client_id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&vault=false
IP 151.101.65.21:0
File type ASCII text, with very long lines (13584)
Hash 14feccd37b997ef9bd5429af9f3ad2b2
e2dc88fbf6ee084fd200e1e477c9acbd5ee3fd52
0346252a12d390f6b8c78426747fc9181143e0f981a74dec044c48fbc92eb469
GET /tagmanager/pptm.js?id=www.hayriver.net&t=xo&v=5.0.332&source=payments_sdk&client_id=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&vault=false HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-qZQ7MDfyoC9VfzskNpjj6PvZBX7QcmxwwTxMTjQiiX/25Vw0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-type: application/x-javascript; charset=utf-8
etag: W/"353b-3ysmoknPHrSWUDKN12REUTJy09k"
paypal-debug-id: f8557769cd2a3
traceparent: 00-0000000000000000000f8557769cd2a3-817c9821a88c3cd4-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 17:15:31 GMT
age: 54786
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4044-HHN, cache-bma1656-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 2
x-timer: S1664212531.047671,VS0,VE1
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f8557769cd2a3-59e622b601e80724-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
content-length: 4753
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 17:15:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lustria/v13/9oRONYodvDEyjuhOnC8zMw.woff2
142.250.74.163200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/lustria/v13/9oRONYodvDEyjuhOnC8zMw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 11716, version 1.0\012- data
Hash 0f76ba51473a2872823b37ef8cc1023b
79861442645b15d65562f38eaaf9ec4749003cb9
08e0a7e1c290b0d6d3f7c21866d6ddb921ea10afcd18abfbdd63875339e94c77
GET /s/lustria/v13/9oRONYodvDEyjuhOnC8zMw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hayriver.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11716
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 19:40:26 GMT
expires: Wed, 20 Sep 2023 19:40:26 GMT
cache-control: public, max-age=31536000
age: 509705
last-modified: Tue, 26 Apr 2022 15:29:15 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hayriver.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
192.185.158.210200 OK 5.3 kB URL HTTP/2 www.hayriver.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:47:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
content-type: application/javascript
date: Mon, 26 Sep 2022 17:15:31 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d1256b6452c58ffb05e1db44d9d37a5f
04538f69abefe1019a0c4c6cc1fd3ffe5a5b2cfd
4bf592b24e41cf58e4ea973378a8559c4011a25ccdc51cc7a31457cc6561d22b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 17:15:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hayriver.net/wp-content/plugins/simple-social-icons/symbol-defs.svg
192.185.158.210200 OK 36 kB URL HTTP/2 www.hayriver.net/wp-content/plugins/simple-social-icons/symbol-defs.svg
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (4826)
Hash 943cab428f398924e18d2b7bbf45c03a
de2ff5159d3513c213da5889feddaf25e436dd08
53ecfb7fb539e851138504ca730068408f677cff5d7ef348a0c7f69dbb31371a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/simple-social-icons/symbol-defs.svg HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 22:44:59 GMT
accept-ranges: bytes
content-length: 35724
content-type: image/svg+xml
date: Mon, 26 Sep 2022 17:15:31 GMT
server: Apache
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/uploads/2018/07/logo.png
192.185.158.210200 OK 13 kB URL HTTP/2 www.hayriver.net/wp-content/uploads/2018/07/logo.png
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 260 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash a8b73419c6ca02c5ddfbe118f9643a92
e1a63f6cd0d4355d64b80878b241edb2a9598647
0654bdf4adde932288245356b1a18eb3872e3a512177c04d0a3045c89f453d41
GET /wp-content/uploads/2018/07/logo.png HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 23 Jul 2018 18:39:05 GMT
accept-ranges: bytes
content-length: 13320
content-type: image/png
date: Mon, 26 Sep 2022 17:15:31 GMT
server: Apache
X-Firefox-Spdy: h2
www.paypalobjects.com/muse/muse.js
151.101.86.133200 OK 16 kB URL HTTP/2 www.paypalobjects.com/muse/muse.js
IP 151.101.86.133:0
File type ASCII text, with very long lines (55891)
Hash 6aebbe482c72000aea20895991f70478
eff1d3370786f9ee4ea539776bc43ab9bece89ba
2acb950bc7678b9e6c265194821fac386bf555db582ee8c0e2d9e68ff3eaa862
GET /muse/muse.js HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-type: application/javascript
etag: W/"6271663d-da91"
last-modified: Tue, 03 May 2022 17:28:29 GMT
paypal-debug-id: 84840867de170
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 17:15:31 GMT
x-served-by: cache-sjc10029-SJC, cache-bma1658-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 69268
x-timer: S1664212531.196114,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 16464
X-Firefox-Spdy: h2
www.paypalobjects.com/muse/analytics/index.html
151.101.86.133200 OK 17 kB URL HTTP/2 www.paypalobjects.com/muse/analytics/index.html
IP 151.101.86.133:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (55410)
Hash 56fc10c2e8100a7e4418dc987c23d7a5
5c11880437f36368f82da60522bfcb0d57b395cf
326df6156907ef357f13bf48a5a3798dd4e692345d04fb4edad8370058d1198a
GET /muse/analytics/index.html HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-type: text/html
etag: W/"6271663d-d994"
last-modified: Tue, 03 May 2022 17:28:29 GMT
paypal-debug-id: 50b39f10d2761
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 26 Sep 2022 17:15:31 GMT
x-served-by: cache-sjc10077-SJC, cache-bma1658-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 74510
x-timer: S1664212531.238547,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 16791
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/images/header.png
192.185.158.210200 OK 163 kB URL HTTP/2 www.hayriver.net/wp-content/images/header.png
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1140 x 170, 8-bit colormap, non-interlaced\012- data
Size 163 kB (162622 bytes)
Hash 07d20504c6f9b599f09faa7b4438a5db
36e2807fe4d6db2eea7ebaa6b309aa53e3ab4e17
b68c987cfc117ec23606129cd3a3057a1b40a6e66ed37dac198d29a86031e054
GET /wp-content/images/header.png HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/wp-content/cache/autoptimize/css/autoptimize_single_80ff2c59596dfa78ee7d8534f42315f5.css?ver=3.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 03 Mar 2021 21:54:24 GMT
accept-ranges: bytes
content-length: 162622
content-type: image/png
date: Mon, 26 Sep 2022 17:15:31 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Mon, 26 Sep 2022 18:09:42 GMT
Date: Mon, 26 Sep 2022 17:15:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Mon, 26 Sep 2022 18:09:42 GMT
Date: Mon, 26 Sep 2022 17:15:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Mon, 26 Sep 2022 18:09:42 GMT
Date: Mon, 26 Sep 2022 17:15:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Mon, 26 Sep 2022 18:09:42 GMT
Date: Mon, 26 Sep 2022 17:15:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Mon, 26 Sep 2022 18:09:42 GMT
Date: Mon, 26 Sep 2022 17:15:31 GMT
Connection: keep-alive
t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&fltp=analytics&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664212529254&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification
151.101.1.35200 OK 42 B URL HTTP/2 t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&fltp=analytics&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664212529254&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification
IP 151.101.1.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4682377ddfbe4e7dabfddb2e543e842
328e472721a93345801ed5533240eac2d1f8498c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
GET /ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ATYKVSAFZ9FCCY-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&fltp=analytics&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664212529254&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification HTTP/1.1
Host: t.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
expires: Mon, 26 Sep 2022 17:15:31 GMT
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: e2a3a584af5b6
pragma: no-cache
set-cookie: ts=vreXpYrS%3D1758906931%26vteXpYrS%3D1664214331%26vr%3D7acbf8451830a46037b295e3ffffffff%26vt%3D7acbf8451830a46037b295e3fffffffe; Expires=Fri, 26 Sep 2025 17:15:31 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
ts_c=vr%3D7acbf8451830a46037b295e3ffffffff%26vt%3D7acbf8451830a46037b295e3fffffffe; Expires=Fri, 26 Sep 2025 17:15:31 GMT; Domain=.paypal.com; Path=/; Secure
traceparent: 00-0000000000000000000e2a3a584af5b6-72646b2a0fa957c6-01
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 26 Sep 2022 17:15:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4050-HHN, cache-bma1652-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212531.168355,VS0,VE185
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
timing-allow-origin: *
content-length: 42
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef17205adb2b478d3bff54b048208d22
12aac1bd22e675f09a220de08b4656e801c2e647
620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5980
x-amzn-requestid: fbf0c390-da24-49e2-8492-43e29e5d4bb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHCGJVoAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc6-1f9b1b7d63467c58702e6d7e;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:38 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Iy0oyFx_T6CEuOQckEzvUQOUo307Jm_OgJzomWlMz9BhgD3eOaysdA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:48:52 GMT
age: 69999
etag: "12aac1bd22e675f09a220de08b4656e801c2e647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fe8c4f0c70fb6c1f4259eabedc7015e
85e378d0fff856832a8dd01743516b9476fed8c6
508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 68715
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c11e6fef1be62b971bd9daf378bfc95
ef9d756cbcda72cf7ef5029b7d384cd1fbaed633
b8369f83d6dddcd2355b81d8eb200791788165e56881ce21e1a1e9c8bb1bb2ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13584
x-amzn-requestid: 198bd2b4-d4ae-4f19-a500-463aee52b890
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHgFdNoAMFwEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc9-19a1f7d2102820da4b21f18b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yl8BCwdlIePsc4gIX4IYH0L6NHipn_5fBsa9nyYy14w0m49jPUYXBw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:57:51 GMT
age: 69460
etag: "ef9d756cbcda72cf7ef5029b7d384cd1fbaed633"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 968b9c138702fb5994d1d9eab1a697fa
9660bb2d38079182efbd11d7a687bfc7f9d30751
5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11728
x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUCGGw7oAMF3wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: H4KXhBaRw3SvzBrbl30mV6R_vJ8bXBkyicb8fQiTp6YSBHjE8iFkNQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:49:56 GMT
etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751"
content-type: image/jpeg
age: 66335
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d02ede0c964f3346fd53ae2950bf2a62
e49306a3713cb724be024a4ddb5e90645718a718
c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HCJ483GPdpPhC7oYm1GrA02BqqST9sfqfCBSA93rZqaQYl-jezgP5Q==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:20:40 GMT
age: 68091
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qvSIyV7uvUzXFn6Sw3izoZxQoFbmyRzQ9WKl33D7fNTcuV6WXTzD9Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 05:01:28 GMT
age: 44043
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&es=visitorInfoFlowStarted&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664212529450&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification
151.101.1.35200 OK 42 B URL HTTP/2 t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&es=visitorInfoFlowStarted&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664212529450&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification
IP 151.101.1.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4682377ddfbe4e7dabfddb2e543e842
328e472721a93345801ed5533240eac2d1f8498c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
GET /ts?pgrp=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1&page=muse%3Aoffer%3A%3A%3ATYKVSAFZ9FCCY-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=01f7c750-5bb5-42d7-b338-269feabeef66&es=visitorInfoFlowStarted&mrid=TYKVSAFZ9FCCY&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Page%20not%20found%20-%20HAY%20RIVER%E2%84%A2%20Pumpkin%20Seed%20Oil&dh=1024&dw=1280&bh=939&bw=1280&cd=24&sh=1024&sw=1280&v=NA&rosetta_language=en-US%2Cen&e=im&t=1664212529450&g=0&completeurl=https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification HTTP/1.1
Host: t.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
expires: Mon, 26 Sep 2022 17:15:31 GMT
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: e940a9e9154da
pragma: no-cache
set-cookie: ts=vreXpYrS%3D1758906931%26vteXpYrS%3D1664214331%26vr%3D7acbf8de1830aa5a7117d8eeffffffff%26vt%3D7acbf8de1830aa5a7117d8eefffffffe; Expires=Fri, 26 Sep 2025 17:15:31 GMT; Domain=.paypal.com; Path=/; Secure; HttpOnly
ts_c=vr%3D7acbf8de1830aa5a7117d8eeffffffff%26vt%3D7acbf8de1830aa5a7117d8eefffffffe; Expires=Fri, 26 Sep 2025 17:15:31 GMT; Domain=.paypal.com; Path=/; Secure
traceparent: 00-0000000000000000000e940a9e9154da-a830675fdb9d39e9-01
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 26 Sep 2022 17:15:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11573-HHN, cache-bma1652-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212531.331339,VS0,VE170
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
timing-allow-origin: *
content-length: 42
X-Firefox-Spdy: h2
www.paypal.com/targeting/graphql
151.101.65.21204 No Content 0 B URL HTTP/2 www.paypal.com/targeting/graphql
IP 151.101.65.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /targeting/graphql HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.paypalobjects.com/
Origin: https://www.paypalobjects.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f5749952f69a5
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 02:01:27 GMT; HttpOnly; Secure
enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 17:15:31 GMT; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMjUzMTQ0MCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
nsid=s%3AlVSb0Q2twf-EE6wHQ834ilwU7GnhVCxt.9dwbkvbfkpYP8JF7rT4wx2L3PqjR6dObtmfpCmnDl%2BQ; Path=/; HttpOnly; Secure
l7_az=dcg02.phx; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:45:31 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758906931%26vteXpYrS%3D1664214331%26vr%3D7acbf8da1830a7a0a651bab6fff914bf%26vt%3D7acbf8da1830a7a0a651bab6fff914be%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; HttpOnly; Secure
ts_c=vr%3D7acbf8da1830a7a0a651bab6fff914bf%26vt%3D7acbf8da1830a7a0a651bab6fff914be; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; Secure
traceparent: 00-0000000000000000000f5749952f69a5-24847b431f39ac57-01
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 26 Sep 2022 17:15:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4025-HHN, cache-bma1656-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212531.335910,VS0,VE192
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
s.pinimg.com/ct/core.js
151.101.84.84200 OK 1.1 kB IP 151.101.84.84:0
File type ASCII text, with very long lines (1146), with no line terminators
Hash cd5f811dc7c19de8566479150bc37ef8
d17e9c54bce997b95bd0b6fceb0ad936077bbbf8
dbcef3b5ce770e8a3e8350473f04fbe627a78fa93a4441a24afec965643733e8
GET /ct/core.js HTTP/1.1
Host: s.pinimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "cd5f811dc7c19de8566479150bc37ef8"
content-type: application/javascript
fastly-restarts: 1
x-cdn: fastly
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 86400
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=7200
date: Mon, 26 Sep 2022 17:15:31 GMT
content-length: 1146
X-Firefox-Spdy: h2
www.hayriver.net/wp-content/uploads/2018/12/favicon.png
192.185.158.210200 OK 1.7 kB URL HTTP/2 www.hayriver.net/wp-content/uploads/2018/12/favicon.png
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 9769cd9416db835815f26a478eddc1eb
4be511274d6ae66f3f4eb7f700c3bab5e2859956
6a67782d6c4dd94186c2cb27f35ff1dcb1fcdb43ce3e10b676b33a8f859539d3
GET /wp-content/uploads/2018/12/favicon.png HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 29 Dec 2018 12:38:32 GMT
accept-ranges: bytes
content-length: 1689
content-type: image/png
date: Mon, 26 Sep 2022 17:15:31 GMT
server: Apache
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.65.21200 OK 19 kB URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.65.21:0
File type JSON data\012- , ASCII text, with very long lines (1015), with no line terminators
Hash b54221115166dbc8dc3727cb7a3f2eeb
8d8961c218fb5e34fb3e2074b793a03a18a69ccf
3d4682e3a7b3e7c83111a7eaf3d2eb5d3dcb685a2f5b692062338c1d0a78c9aa
POST /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 9417
Origin: https://www.hayriver.net
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.hayriver.net
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
etag: W/W/"3f7-gn8wASDL9SnHGNC9EaGEopDu62U"
paypal-debug-id: f150027e0307f
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 17:15:31 GMT; Secure
LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 02:01:27 GMT; HttpOnly; Secure
tsrce=loggernodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 17:15:30 GMT; HttpOnly; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMjUzMTY2NyIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:45:31 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758906931%26vteXpYrS%3D1664214331%26vr%3D7acbf9bc1830ad04c54c0145fffbcaf7%26vt%3D7acbf9bc1830ad04c54c0145fffbcaf6%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; HttpOnly; Secure
ts_c=vr%3D7acbf9bc1830ad04c54c0145fffbcaf7%26vt%3D7acbf9bc1830ad04c54c0145fffbcaf6; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; Secure
traceparent: 00-0000000000000000000f150027e0307f-305d859d590a2782-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 17:15:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11521-HHN, cache-bma1656-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212532.550254,VS0,VE202
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
ct.pinterest.com/v3/?tid=2612863225035&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1024%2C%22sw%22%3A1280%2C%22mh%22%3A%228f82d377%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1664212529951
23.38.200.197200 OK 35 B URL HTTP/2 ct.pinterest.com/v3/?tid=2612863225035&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1024%2C%22sw%22%3A1280%2C%22mh%22%3A%228f82d377%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1664212529951
IP 23.38.200.197:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9b8d19f4310c758344e40bf17fbc7e85
2290ef058812d5f5e398736e2316cba8cf8093cf
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
GET /v3/?tid=2612863225035&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.hayriver.net%2Fusps%2Fverification%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1024%2C%22sw%22%3A1280%2C%22mh%22%3A%228f82d377%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1664212529951 HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: image/gif
content-length: 35
access-control-allow-origin: *
x-envoy-upstream-service-time: 2
referrer-policy: origin
x-pinterest-rid: 1046294945303285
date: Mon, 26 Sep 2022 17:15:31 GMT
akamai-grn: 0.274f2417.1664212531.2ecfbc86
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
ct.pinterest.com/user/?tid=2612863225035&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&cb=1664212529949
23.38.200.197200 OK 378 B URL HTTP/2 ct.pinterest.com/user/?tid=2612863225035&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&cb=1664212529949
IP 23.38.200.197:0
File type JSON data\012- , ASCII text, with very long lines (540), with no line terminators
Hash 3552f5f146470ca7ebc456b2595776c5
a4baaddc1ef324c9e169da6b1e21f33210cdf86b
3c8d06b1f641094d99da191134bcff7e255ef67f45967db4a1ec4a9c2f381068
GET /user/?tid=2612863225035&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&cb=1664212529949 HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hayriver.net
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-expose-headers: Epik,Pin-Unauth
pin-unauth: dWlkPU56SXlZV1E0TTJZdE1ERXpOQzAwWm1FeExXRTJNall0TWpNMk1EWmxPRGt5WVdZNA
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin: https://www.hayriver.net
content-type: application/json; charset=utf-8
content-encoding: gzip
content-length: 378
x-envoy-upstream-service-time: 4
referrer-policy: origin
x-pinterest-rid: 1465711645446246
date: Mon, 26 Sep 2022 17:15:31 GMT
vary: Accept-Encoding
akamai-grn: 0.274f2417.1664212531.2ecfbc69
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
www.paypal.com/targeting/graphql
151.101.65.21200 OK 20 kB URL HTTP/2 www.paypal.com/targeting/graphql
IP 151.101.65.21:0
File type JSON data\012- , ASCII text, with very long lines (434)
Hash fe3c340fc9cfa16f7efd1819853bbe13
7ac974e8936f0e2ffa745809ccfe81235f067fa4
086e6e26c078da6ba86c9976591fbc8dbbacb4813ad97809493f71ef6eda252d
POST /targeting/graphql HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.paypalobjects.com/
Content-Type: application/json
Origin: https://www.paypalobjects.com
Content-Length: 319
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-u/BrOz2/IXb6gNLU5/z5b8AmtCoEmvnG+LMDYRXsbXPAPIgS' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-type: application/json; charset=utf-8
etag: W/W/"1b3-YE/k1bTPNeOcPdsPg0OTzG02TC8"
paypal-debug-id: f1500276f00e7
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 02:01:27 GMT; HttpOnly; Secure
enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 17:15:31 GMT; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMjUzMTc1NSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
tsrce=targetingnodeweb; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 17:15:31 GMT; HttpOnly; Secure; SameSite=None
nsid=s%3A7qwFeQJHw4-aNG3g9AcIdqAyQjxj7acq.uJxtj4XYhLJ3bSIvpXnaK0dysc9Id5Z62VG8rzHIbos; Path=/; HttpOnly; Secure
l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:45:31 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758906931%26vteXpYrS%3D1664214331%26vr%3D7acbf9c21830a7a07ff08478fff9129d%26vt%3D7acbf9c21830a7a07ff08478fff9129c%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; HttpOnly; Secure
ts_c=vr%3D7acbf9c21830a7a07ff08478fff9129d%26vt%3D7acbf9c21830a7a07ff08478fff9129c; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; Secure
traceparent: 00-0000000000000000000f1500276f00e7-4d963b58c97b4c46-01
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 17:15:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4046-HHN, cache-bma1656-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212532.550271,VS0,VE294
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cc6384589982fb29b488efe5b4972942
15a18e74095c5e1ef2459827e36c37ee3ee4b493
4ac9988c1240ad0e3ccef6abd16c6513dc7cfd7cac4fa53b3c25e33e1bb29151
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4569
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 17:15:32 GMT
Last-Modified: Mon, 26 Sep 2022 15:59:24 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
b.stats.paypal.com/v2/counter.cgi?p=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS
64.4.245.84302 Found 0 B URL HTTP/1.1 b.stats.paypal.com/v2/counter.cgi?p=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS
IP 64.4.245.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/counter.cgi?p=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS HTTP/1.1
Host: b.stats.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.paypal.com/
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302 Found
Connection: close
Server: PayPal-B.Stats/1.0
Location: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS
Content-Length: 0
Set-Cookie: c=5e5f376f5f6e6c63d8f0; Domain=stats.paypal.com; expires=Sun, 21 Sep 2042 17:15:32 GMT; Path=/
Content-Type: application/octet-stream
Date: Mon, 26 Sep 2022 17:15:32 GMT
c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
192.229.221.25200 OK 141 B URL HTTP/2 c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
IP 192.229.221.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f8f705741fe0f162a2dfebba38370665
df8c09ce52d3a5cbda8819e1f2352dd3bc739012
26cb10aeec63b613002b3a7598dac0085b14796111a45dd6d9e78d6169338c3e
GET /v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.paypal.com/
Cookie: tsrce=targetingnodeweb
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: 6eab080f96608
date: Mon, 26 Sep 2022 17:15:32 GMT
paypal-debug-id: 6eab080f96608
server: ECAcc (frc/4CAE)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=199
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000006eab080f96608-41d2269c162ed1c9-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 141
X-Firefox-Spdy: h2
c.paypal.com/da/r/fb.js
192.229.221.25304 Not Modified 0 B IP 192.229.221.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /da/r/fb.js HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-Modified-Since: Tue, 09 Aug 2022 20:44:56 GMT
If-None-Match: "62f2c748-e586"
TE: trailers
HTTP/2 304 Not Modified
accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
age: 342959
cache-control: max-age=86400
date: Mon, 26 Sep 2022 17:15:32 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "62f2c748-e586"
expires: Tue, 27 Sep 2022 17:15:32 GMT
last-modified: Tue, 09 Aug 2022 20:44:56 GMT
paypal-debug-id: 9aef47e8b50de
server: ECAcc (ska/F6AA)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=2
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000009aef47e8b50de-c4f59dada6a07ccc-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dub.stats.paypal.com/v2/counter2.cgi?p=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS
64.4.245.84200 OK 42 B URL HTTP/1.1 dub.stats.paypal.com/v2/counter2.cgi?p=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS
IP 64.4.245.84:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash accba0b69f352b4c9440f05891b015c5
9d01cc5dc8e042c0d4ad6cfb8b3ac38e84a5ef9f
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
GET /v2/counter2.cgi?p=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS HTTP/1.1
Host: dub.stats.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.paypal.com/
Connection: keep-alive
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Connection: close
Server: PayPal-B.Stats/1.0
Content-Type: image/jpeg
Content-Length: 42
Set-Cookie: c=6ed243670f9d44b65c39; Domain=stats.paypal.com; expires=Sun, 21 Sep 2042 17:15:32 GMT; Path=/
Date: Mon, 26 Sep 2022 17:15:32 GMT
ct.pinterest.com/ct.html
23.38.200.197200 OK 323 B IP 23.38.200.197:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (565), with no line terminators
Hash b49b45b63051915a8c657060651eb07f
acaddf8021f220d0e4d30e7c8b3d8330ff781af9
4b00fbca5db49c6e4b29a0c873c43671880bcea1b7b3007655183382a318c2dc
GET /ct.html HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: max-age=86400
content-type: text/html; charset=utf-8
content-encoding: gzip
content-length: 323
x-envoy-upstream-service-time: 0
referrer-policy: origin
x-pinterest-rid: 1671744428441508
date: Mon, 26 Sep 2022 17:15:32 GMT
vary: Accept-Encoding
akamai-grn: 0.274f2417.1664212532.2ecfd7cb
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
c.paypal.com/v1/r/d/b/p2
192.229.221.25200 OK 125 B IP 192.229.221.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 810b28fa582e90c96eafce1671e3233e
0f6412a24d4007d454ea1d3e2fa0e63514405c02
49063fd70a3d352b4e96b3874b5e592b29d2521cee284c234c5b58af6b506520
POST /v1/r/d/b/p2 HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1447
Origin: https://c.paypal.com
Connection: keep-alive
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json
correlation-id: f0fb59c4f62a2
date: Mon, 26 Sep 2022 17:15:33 GMT
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: f0fb59c4f62a2
server: ECAcc (frc/4D04)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=215
set-cookie: sc_f=N6kVdQVA72cpR6TIihwCufc3Rje72jnomDkQHPQCxYU4JPtQMMLH2NwBg1nODN8uQTUEcIbLhth4tAH5cssY1cvHxenj9X997GrGUW;Domain=c.paypal.com;Max-Age=157680000;Path=/;Secure;Version=1;Expires=Sat, 25-Sep-2027 10:15:33 GMT; HttpOnly
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000f0fb59c4f62a2-cc73e20adeea799c-01
content-length: 125
X-Firefox-Spdy: h2
c6.paypal.com/v1/r/d/b/p3?f=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS
151.101.85.35200 OK 0 B URL HTTP/2 c6.paypal.com/v1/r/d/b/p3?f=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS
IP 151.101.85.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/r/d/b/p3?f=uid_8385149ddf_mtc6mtu6mjk&s=SMART_PAYMENT_BUTTONS HTTP/1.1
Host: c6.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c.paypal.com/
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
correlation-id: fe9fc0046c295
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: fe9fc0046c295
traceparent: 00-0000000000000000000fe9fc0046c295-bee4ed1da6cbca9f-01
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 26 Sep 2022 17:15:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11564-HHN, cache-bma1674-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212533.919091,VS0,VE207
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
timing-allow-origin: *
content-length: 0
X-Firefox-Spdy: h2
c.paypal.com/v1/r/d/b/p1
192.229.221.25200 OK 125 B IP 192.229.221.25:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 0fb3a1f110efda3eab4f22b4157aff3c
5836f40fc38b1f15b1d8b3db52bb87fe72a2514b
ad324ddf07a4475f21c8878092ec2b220fed50a0d0644cfdb4d4b3d66cb336d7
POST /v1/r/d/b/p1 HTTP/1.1
Host: c.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 4108
Origin: https://c.paypal.com
Connection: keep-alive
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json
correlation-id: 799cd2fa2589d
date: Mon, 26 Sep 2022 17:15:32 GMT
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: 799cd2fa2589d
server: ECAcc (frc/4C99)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=289
set-cookie: sc_f=95j6VcSc7h1QrajLDyprmadIVJi2Qp5bjgTLeqXpukRrGuJjyokgHgOYBSywGDU8nO8jERb135sCK49Ij1wiWm5BAKxvNXQYPTeLQW;Domain=c.paypal.com;Max-Age=157680000;Path=/;Secure;Version=1;Expires=Sat, 25-Sep-2027 10:15:33 GMT; HttpOnly
KHcl0EuY7AKSMgfvHl7J5E7hPtK=yux0N3wh64Sj-iEEQFZSlU3_Anl-CqfAekaZ9juWsMDyMvNZygwp5KcEcl2ar1ZTlGuiJ1Rx4zUz9fEp;Domain=.paypal.com;Max-Age=630720000;Path=/;Secure;Version=1;Expires=Sun, 21-Sep-2042 10:15:33 GMT; HttpOnly
l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:45:33 GMT; HttpOnly; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000799cd2fa2589d-860fb355a1e2bb7d-01
content-length: 125
X-Firefox-Spdy: h2
www.paypal.com/smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_e868eca46d_mtc6mtu6mjk&sessionID=uid_8385149ddf_mtc6mtu6mjk&buttonSessionID=uid_f5dba90264_mtc6mtu6mjk&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
151.101.65.21200 OK 0 B URL HTTP/2 www.paypal.com/smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_e868eca46d_mtc6mtu6mjk&sessionID=uid_8385149ddf_mtc6mtu6mjk&buttonSessionID=uid_f5dba90264_mtc6mtu6mjk&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
IP 151.101.65.21:0
GET /smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_e868eca46d_mtc6mtu6mjk&sessionID=uid_8385149ddf_mtc6mtu6mjk&buttonSessionID=uid_f5dba90264_mtc6mtu6mjk&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
etag: W/W/"6585a-DRGTj8dp0PUuV7ZhHz65RwgdbhY"
p3p: true
paypal-debug-id: f574995903a6a
set-cookie: tsrce=smartcomponentnodeweb; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 17:15:31 GMT; HttpOnly; Secure; SameSite=None
l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:45:31 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758906931%26vteXpYrS%3D1664214331%26vr%3D7acbf8911830a1d2d49ff1d2fff7c49a%26vt%3D7acbf8911830a1d2d49ff1d2fff7c499%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; HttpOnly; Secure
ts_c=vr%3D7acbf8911830a1d2d49ff1d2fff7c49a%26vt%3D7acbf8911830a1d2d49ff1d2fff7c499; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; Secure
traceparent: 00-0000000000000000000f574995903a6a-a1d5bbed9909d587-01
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 17:15:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11579-HHN, cache-bma1656-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212531.206740,VS0,VE388
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f574995903a6a-f79685df909c148c-01"";content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.65.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.65.21:0
POST /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 8128
Origin: https://www.paypal.com
Connection: keep-alive
Referer: https://www.paypal.com/smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_e868eca46d_mtc6mtu6mjk&sessionID=uid_8385149ddf_mtc6mtu6mjk&buttonSessionID=uid_f5dba90264_mtc6mtu6mjk&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
etag: W/W/"3fc-FJWrCKEVIrBpjAksaecbOZt6PFw"
paypal-debug-id: f241045228efb
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 17:15:32 GMT; Secure
LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 02:01:28 GMT; HttpOnly; Secure
tsrce=loggernodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 17:15:31 GMT; HttpOnly; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMjUzMjc0OCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:45:32 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758906932%26vteXpYrS%3D1664214332%26vr%3D7acbfde81830a1d309cf6e29fff710f7%26vt%3D7acbfde81830a1d309cf6e29fff710f6%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:32 GMT; HttpOnly; Secure
ts_c=vr%3D7acbfde81830a1d309cf6e29fff710f7%26vt%3D7acbfde81830a1d309cf6e29fff710f6; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:32 GMT; Secure
traceparent: 00-0000000000000000000f241045228efb-1ba77764eaf34a26-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 17:15:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4052-HHN, cache-bma1656-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212533.601984,VS0,VE245
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.65.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.65.21:0
POST /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1483
Origin: https://www.hayriver.net
Connection: keep-alive
Referer: https://www.hayriver.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.hayriver.net
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
etag: W/W/"3f9-3z3XbzS9eRMdum9vx9hcTeBtvMw"
paypal-debug-id: f241045a59d61
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 17:15:33 GMT; Secure
LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 02:01:29 GMT; HttpOnly; Secure
tsrce=loggernodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 17:15:32 GMT; HttpOnly; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMjUzMzAyMSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:45:33 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758906932%26vteXpYrS%3D1664214332%26vr%3D7acbfef81830ad00991d0e43fffbcad3%26vt%3D7acbfef81830ad00991d0e43fffbcad2%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:33 GMT; HttpOnly; Secure
ts_c=vr%3D7acbfef81830ad00991d0e43fffbcad3%26vt%3D7acbfef81830ad00991d0e43fffbcad2; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:33 GMT; Secure
traceparent: 00-0000000000000000000f241045a59d61-9c4eefbe78b19c30-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 17:15:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4060-HHN, cache-bma1656-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212533.900720,VS0,VE208
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.65.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.65.21:0
POST /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1467
Origin: https://www.paypal.com
Connection: keep-alive
Referer: https://www.paypal.com/smart/buttons?style.label=buynow&style.layout=vertical&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.332&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVVuSXh6OEtSRDFwZ0xTRGF0SWZvNkI3a3o2Nk11RUM2Xy1fd0RmdFZhVUFuUThLdG44YVcyMENBT1E5R2U1QnRFMi1OMDd6ZjRYenlkNXYmZW5hYmxlLWZ1bmRpbmc9dmVubW8mY3VycmVuY3k9VVNEIiwiYXR0cnMiOnsiZGF0YS1zZGstaW50ZWdyYXRpb24tc291cmNlIjoiYnV0dG9uLWZhY3RvcnkiLCJkYXRhLXVpZCI6InVpZF96aHV1bGxtaWxmaXVtY3djamhsZHpyb215bW91eHIifX0&clientID=AUnIxz8KRD1pgLSDatIfo6B7kz66MuEC6_-_wDftVaUAnQ8Ktn8aW20CAOQ9Ge5BtE2-N07zf4Xzyd5v&sdkCorrelationID=05748a29a1a4b&storageID=uid_e868eca46d_mtc6mtu6mjk&sessionID=uid_8385149ddf_mtc6mtu6mjk&buttonSessionID=uid_f5dba90264_mtc6mtu6mjk&env=production&buttonSize=medium&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjpmYWxzZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJvbGV0b2JhbmNhcmlvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm11bHRpYmFuY28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=purchase¤cy=USD&intent=capture&commit=true&vault=false&enableFunding.0=venmo&renderedButtons.0=paypal&renderedButtons.1=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
Cookie: tsrce=targetingnodeweb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
etag: W/W/"3fc-Rjy5pbRAMXkzhYjZU0vjMETrXes"
paypal-debug-id: f241045b4a0ca
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 17:15:33 GMT; Secure
LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 02:01:29 GMT; HttpOnly; Secure
tsrce=loggernodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 17:15:32 GMT; HttpOnly; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMjUzMzAzOSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:45:33 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758906932%26vteXpYrS%3D1664214332%26vr%3D7acbfefa1830ad009db99b5cfff9a9e2%26vt%3D7acbfefa1830ad009db99b5cfff9a9e1%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:33 GMT; HttpOnly; Secure
ts_c=vr%3D7acbfefa1830ad009db99b5cfff9a9e2%26vt%3D7acbfefa1830ad009db99b5cfff9a9e1; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:33 GMT; Secure
traceparent: 00-0000000000000000000f241045b4a0ca-c2f93d93c70e7581-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Mon, 26 Sep 2022 17:15:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn11581-HHN, cache-bma1656-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212533.899722,VS0,VE222
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
X-Firefox-Spdy: h2
www.hayriver.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
192.185.158.210200 OK 0 B URL HTTP/2 www.hayriver.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 192.185.158.210:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.hayriver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hayriver.net/usps/verification
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 11 Jul 2022 22:47:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 26 Sep 2022 17:15:30 GMT
server: Apache
X-Firefox-Spdy: h2
www.paypal.com/xoplatform/logger/api/logger
151.101.65.21200 OK 0 B URL HTTP/2 www.paypal.com/xoplatform/logger/api/logger
IP 151.101.65.21:0
OPTIONS /xoplatform/logger/api/logger HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.hayriver.net/
Origin: https://www.hayriver.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.hayriver.net
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f574995496a5d
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Tue, 27 Sep 2022 02:01:27 GMT; HttpOnly; Secure
enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 26 Sep 2023 17:15:31 GMT; Secure
x-pp-s=eyJ0IjoiMTY2NDIxMjUzMTQ0MCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
tsrce=loggernodeweb; Domain=.paypal.com; Path=/; Expires=Thu, 29 Sep 2022 17:15:31 GMT; HttpOnly; Secure; SameSite=None
l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Mon, 26 Sep 2022 17:45:31 GMT; HttpOnly; Secure
ts=vreXpYrS%3D1758906931%26vteXpYrS%3D1664214331%26vr%3D7acbf8dc1830a1f1df6dc659fff71afc%26vt%3D7acbf8dc1830a1f1df6dc659fff71afb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; HttpOnly; Secure
ts_c=vr%3D7acbf8dc1830a1f1df6dc659fff71afc%26vt%3D7acbf8dc1830a1f1df6dc659fff71afb; Path=/; Domain=paypal.com; Expires=Thu, 25 Sep 2025 17:15:31 GMT; Secure
traceparent: 00-0000000000000000000f574995496a5d-de4161d05627fa53-01
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Mon, 26 Sep 2022 17:15:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4063-HHN, cache-bma1656-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1664212531.329827,VS0,VE202
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
X-Firefox-Spdy: h2