winiphone254.blogspot.com/2023/02/crypto-tops-bottoms-review-2023.html
301 Moved Permanently 216 B URL HTTP/1.1 winiphone254.blogspot.com/2023/02/crypto-tops-bottoms-review-2023.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 42d7198bb3a776f2b37931430bef6c9d
74fcd9d4138f80f02dccb7a3752847769ad8990e
176396db36936d012a5d5b87253bb3e80903d9a6e1598269f701e60161f6fd7a
GET /2023/02/crypto-tops-bottoms-review-2023.html HTTP/1.1
Host: winiphone254.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://winiphone254.blogspot.com/2023/02/crypto-tops-bottoms-review-2023.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Tue, 14 Feb 2023 08:42:36 GMT
Expires: Tue, 14 Feb 2023 08:42:36 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 216
Server: GSE
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 254178cc40b1a92de9d879bd731aeb9a
bfab58d211f1f823deed8f91de96ddf778b393a3
469d18130ca960ff8efb710d09f4498bfc21df7339a2e7b79ad1f73a8ce3299a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469D18130CA960FF8EFB710D09F4498BFC21DF7339A2E7B79AD1F73A8CE3299A"
Last-Modified: Sat, 11 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9503
Expires: Tue, 14 Feb 2023 11:20:59 GMT
Date: Tue, 14 Feb 2023 08:42:36 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e1e94f036b0e677a492e4238b9443034
862ebeb19164d77b65229976b12338c399ce0bd9
1875033f6e187cdb371b497b6640a3c9625283b6a4b12de5bbc5be326365b6a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1875033F6E187CDB371B497B6640A3C9625283B6A4B12DE5BBC5BE326365B6A9"
Last-Modified: Mon, 13 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14571
Expires: Tue, 14 Feb 2023 12:45:27 GMT
Date: Tue, 14 Feb 2023 08:42:36 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3534c46dafa4e959cb5f4aba0b1d8cd7
f4aa8774355b04bf1f074aeb73c56c52b32568ab
68b7b6679046611b607c073416e818c6d0391e2953ecc8781b02e57a9b5af306
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68B7B6679046611B607C073416E818C6D0391E2953ECC8781B02E57A9B5AF306"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11159
Expires: Tue, 14 Feb 2023 11:48:35 GMT
Date: Tue, 14 Feb 2023 08:42:36 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 14 Feb 2023 08:37:21 GMT
content-type: application/json
age: 315
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: XtUDI1wyYHA5rleYJFFDy33CDHgJ+NegeCjvpdu3vFm7BvfY4eBrKtPL4TPfPF5Mgo14S/QV6DM=
x-amz-request-id: PP068JYJ1S3T5YBV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 14 Feb 2023 07:46:51 GMT
age: 3345
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 14 Feb 2023 08:42:36 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ee4ed4f567dcd71845e82cda6a27dd1f
b85e0a0201de4a90ad9247511584ed45bdb3266a
065c293b1ff1fd764585c40412160ec5439d1330745ce84d6d274dc94cb1d9ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 188e06be43a4f1b02aa98f1762147970
5e6b7e3a172fb7327331fd8c7f74559d079bd4fb
89bd97cff26b8d656f26db21b59b02fbc3f671ac903e1e44735c7472ebd05090
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89BD97CFF26B8D656F26DB21B59B02FBC3F671AC903E1E44735C7472EBD05090"
Last-Modified: Mon, 13 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15168
Expires: Tue, 14 Feb 2023 12:55:25 GMT
Date: Tue, 14 Feb 2023 08:42:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Last-Modified, Alert, Backoff, Content-Type, Pragma, Expires, Cache-Control, Retry-After, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 14 Feb 2023 08:14:53 GMT
age: 1664
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: v834Ba8xP63DoWglDOiibA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cJDXJLccBqxFqmnOvvLbyW9gkUY=
winiphone254.blogspot.com/2023/02/crypto-tops-bottoms-review-2023.html
200 OK 37 kB URL HTTP/2 winiphone254.blogspot.com/2023/02/crypto-tops-bottoms-review-2023.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1361)
Hash b5d29cc9a8fe22d61f98de81de1912e8
bd3cd1bbe6b4e23946de697875aa50576e77e029
819c6398a48402e82b9c82b220132a7f4a3a7cd2dee76ccb235ea136a2b90735
GET /2023/02/crypto-tops-bottoms-review-2023.html HTTP/1.1
Host: winiphone254.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Tue, 14 Feb 2023 08:42:37 GMT
date: Tue, 14 Feb 2023 08:42:37 GMT
cache-control: private, max-age=0
last-modified: Tue, 14 Feb 2023 08:34:04 GMT
etag: W/"17516734a7718fcd2137c6254c3932f71b1e21d3faf4157c86d05f0cb1c4f6c1"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 37227
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 6182fbbdc621829f0f257f98e9808bfa
c1176dd1ea01abc1604700e1018d179ecb02f6f3
2e8fd15b151c5943c3c8e760f8242481da89448af79630953a1b5f80bdfe9153
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3473
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Last-Modified: Tue, 14 Feb 2023 07:44:45 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/fontawesome.min.css
200 OK 10 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/fontawesome.min.css
IP
File type ASCII text, with very long lines (57317)
Hash cb27e13a5b2d90fe0d96a865efc886f8
dfa5d3d9602ceab98080c8be727146d1c4908be3
b0eb3372324c99452ca27a1850c9d9a868090fcc0af0ba1e33392daf1d5304e5
GET /ajax/libs/font-awesome/5.14.0/css/fontawesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:38 GMT
content-type: text/css; charset=utf-8
content-length: 10184
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f0f47d3-e09f"
last-modified: Wed, 15 Jul 2020 18:15:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2257355
expires: Sun, 04 Feb 2024 08:42:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YatGG975Dr4R0uIqLgGJo6qGLMQwapqJiBnPwhgBFY3fId0uHaF3Uc7k99TDdIIbZ9AvkIcS5yhnb3s1wqE2hUf7qnzhk0oEpwBqQQJElc6GIVVlO69AofjAZs8VbuxRN496dA5X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 799482f45bbbb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
winiphone254.blogspot.com/js/cookienotice.js
200 OK 2.0 kB URL HTTP/2 winiphone254.blogspot.com/js/cookienotice.js
IP
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: winiphone254.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/2023/02/crypto-tops-bottoms-review-2023.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Tue, 14 Feb 2023 08:42:38 GMT
expires: Tue, 21 Feb 2023 08:42:38 GMT
cache-control: public, max-age=604800
last-modified: Tue, 14 Feb 2023 06:52:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 6182fbbdc621829f0f257f98e9808bfa
c1176dd1ea01abc1604700e1018d179ecb02f6f3
2e8fd15b151c5943c3c8e760f8242481da89448af79630953a1b5f80bdfe9153
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5022
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Last-Modified: Tue, 14 Feb 2023 07:18:56 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 4b5f47439b640180cc3450f7de05d0d8
5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2210617
expires: Sun, 04 Feb 2024 08:42:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=brBtEtzCxVZsT%2BxjfkQYYNg2%2BHbvmiUWshP0KHhX9NtdpB1A6DtBzNkLrIChhgObGFgqgnfk5kGRBsV%2BxWj3m3iVNbowca%2FTqswpqAuLHCCl4d8aPZE5J4uFwmXg%2BnVuNnhmTSnK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 799482f47c04b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ee4ed4f567dcd71845e82cda6a27dd1f
b85e0a0201de4a90ad9247511584ed45bdb3266a
065c293b1ff1fd764585c40412160ec5439d1330745ce84d6d274dc94cb1d9ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash 6182fbbdc621829f0f257f98e9808bfa
c1176dd1ea01abc1604700e1018d179ecb02f6f3
2e8fd15b151c5943c3c8e760f8242481da89448af79630953a1b5f80bdfe9153
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3473
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Last-Modified: Tue, 14 Feb 2023 07:44:45 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-regular-400.woff2
200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-regular-400.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 13600, version 331.17301\012- data
Hash 3a3398a6ef60fc64eacf45665958342e
5e4d45052f43e55aaad7f14d13280215e39aa45b
245818b22d1ec4892fcb722437e32888e97f63a0316bd22aaf9f44cde01f4c91
GET /ajax/libs/font-awesome/5.14.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://winiphone254.blogspot.com
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:38 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 13600
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5f0f47d3-3520"
last-modified: Wed, 15 Jul 2020 18:15:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7820261
expires: Sun, 04 Feb 2024 08:42:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EmQnAVK%2BaGjoq39mB77Knedrys2n518C4Wka%2BqX3LUHD%2FhvneDOjLbOVYrveXeGwZxtRiK1K2g5TpM4WAwEe1FGcFkS%2BKRgZCmVmmaeAmqN0ztA4TYhD0qFrmFtRNrl48M1L%2FuF7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 799482f4bc65b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 09336dc69b2c86d41ed3794ee4440cd8
e1fd2c1939acd9b5270d18691bcbf11a1a5dc0ea
5d06828ad8f32c2aa34b50c4afe6e58667949a0371ad1143b3edc176ea8b3901
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 09336dc69b2c86d41ed3794ee4440cd8
e1fd2c1939acd9b5270d18691bcbf11a1a5dc0ea
5d06828ad8f32c2aa34b50c4afe6e58667949a0371ad1143b3edc176ea8b3901
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8c6bac9db2171b2063aa85ea730a7d72
b636698fa6971f1c0031e71daa10825addd94d13
e977ba10782e8ca041303e2103688f4781fbfe19b318875d9dda6193dcc95b4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 09336dc69b2c86d41ed3794ee4440cd8
e1fd2c1939acd9b5270d18691bcbf11a1a5dc0ea
5d06828ad8f32c2aa34b50c4afe6e58667949a0371ad1143b3edc176ea8b3901
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8c6bac9db2171b2063aa85ea730a7d72
b636698fa6971f1c0031e71daa10825addd94d13
e977ba10782e8ca041303e2103688f4781fbfe19b318875d9dda6193dcc95b4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8c6bac9db2171b2063aa85ea730a7d72
b636698fa6971f1c0031e71daa10825addd94d13
e977ba10782e8ca041303e2103688f4781fbfe19b318875d9dda6193dcc95b4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 605c0a47169c45b131ccb1ed345cf048
110d17ee2aa9a2cb7128e27554ec8dcbb1f59296
0ac9bb15a9f9edd3750752ddf33d3478bedd369cc5f22b6a0e258f55958b7774
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 605c0a47169c45b131ccb1ed345cf048
110d17ee2aa9a2cb7128e27554ec8dcbb1f59296
0ac9bb15a9f9edd3750752ddf33d3478bedd369cc5f22b6a0e258f55958b7774
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 641470d3314639cefa56fecba232337c
9550574d9d23b39238ececc20ea4353f9c1d4935
ac1dcb97d9cc3b0e09bd862ebdea5d9541fc05561c5cd928fd4309f2ce50aa64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC1DCB97D9CC3B0E09BD862EBDEA5D9541FC05561C5CD928FD4309F2CE50AA64"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4233
Expires: Tue, 14 Feb 2023 09:53:11 GMT
Date: Tue, 14 Feb 2023 08:42:38 GMT
Connection: keep-alive
www.blogger.com/static/v1/widgets/3524332806-widgets.js
200 OK 157 kB URL HTTP/2 www.blogger.com/static/v1/widgets/3524332806-widgets.js
IP
File type ASCII text, with very long lines (2221)
Size 157 kB (156554 bytes)
Hash 451dbcd36d1044b0fd9a4083d994e0f4
038d9e7a8ec14750a1d79ca0a87001d2f8d9c911
6fe77a03894a4a9db87dc139accdb7a8e10c67f174d84a5ee089727b15c2b73f
GET /static/v1/widgets/3524332806-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 156554
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 13 Feb 2023 02:16:35 GMT
expires: Tue, 13 Feb 2024 02:16:35 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 13 Feb 2023 01:50:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 109563
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ed04e32097632acee2c182eb09dd7ae0
409c3278fa97f3a8cc805467ecea6e2b3fe4b561
bb2de5adb94d1ee38d12623c59800919a465a3824bc6afc87937624b73315b9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB2DE5ADB94D1EE38D12623C59800919A465A3824BC6AFC87937624B73315B9B"
Last-Modified: Mon, 13 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6899
Expires: Tue, 14 Feb 2023 10:37:37 GMT
Date: Tue, 14 Feb 2023 08:42:38 GMT
Connection: keep-alive
www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
200 OK 6.6 kB URL HTTP/2 www.blogger.com/static/v1/jsbin/3469866930-comment_from_post_iframe.js
IP
File type ASCII text, with very long lines (1441)
Hash f60e5037324bf7fd2256c16929886f09
aae4b1aea3737e0268e3578dd1d0e7cfe6c6d66b
71846da8d45274b77549b110389ab3dbcb8ce042051b5c39547909c1c343dfde
GET /static/v1/jsbin/3469866930-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6573
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 12 Feb 2023 22:08:46 GMT
expires: Mon, 12 Feb 2024 22:08:46 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 12 Feb 2023 18:50:06 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 124432
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8c6bac9db2171b2063aa85ea730a7d72
b636698fa6971f1c0031e71daa10825addd94d13
e977ba10782e8ca041303e2103688f4781fbfe19b318875d9dda6193dcc95b4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 605c0a47169c45b131ccb1ed345cf048
110d17ee2aa9a2cb7128e27554ec8dcbb1f59296
0ac9bb15a9f9edd3750752ddf33d3478bedd369cc5f22b6a0e258f55958b7774
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 09336dc69b2c86d41ed3794ee4440cd8
e1fd2c1939acd9b5270d18691bcbf11a1a5dc0ea
5d06828ad8f32c2aa34b50c4afe6e58667949a0371ad1143b3edc176ea8b3901
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pl18443706.highcpmrevenuenetwork.com/5d355b91d24f5f451991f2724dd626d9/invoke.js
200 OK 9.3 kB URL HTTP/1.1 pl18443706.highcpmrevenuenetwork.com/5d355b91d24f5f451991f2724dd626d9/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25146), with no line terminators
Hash 16d2aee24dee0590fe8735f0bc68f4f1
847de6567e28721fe9d03dfe9776329829bac032
eb2990d400783930bc13fb40a6499335e3f3069d7b21852b417b352cddea1610
Analyzer Verdict Alert quad9 Sinkholed
GET /5d355b91d24f5f451991f2724dd626d9/invoke.js HTTP/1.1
Host: pl18443706.highcpmrevenuenetwork.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c6c904d33d3b74aed62a27a3a33b8918
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.effectivecreativeformat.com/a7f770405d7946b33cceb7b2cfe9f266/invoke.js
200 OK 9.8 kB URL HTTP/1.1 www.effectivecreativeformat.com/a7f770405d7946b33cceb7b2cfe9f266/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26937), with no line terminators
Hash 20dbd528d5ac6b2019b09607d2501430
71a5d8186c24add406b46f516001875df07033a0
a6534379369059ee1125da337c06933ea1f774c68e3413e52bd7260427f854e9
Analyzer Verdict Alert quad9 Sinkholed
GET /a7f770405d7946b33cceb7b2cfe9f266/invoke.js HTTP/1.1
Host: www.effectivecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 14 Feb 2023 08:42:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5539c6a7ca46894cf7a297fc150b028
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d42a01fdf9af7a50d630c42fde100d30
a7568d35657f934220298ca4c2fb102398554196
f215d87cad50e9310bf2a4df263b24e1c87e7cda29e48f93f6b0d76eb218ab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F215D87CAD50E9310BF2A4DF263B24E1C87E7CDA29E48F93F6B0D76EB218AB1D"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19747
Expires: Tue, 14 Feb 2023 14:11:45 GMT
Date: Tue, 14 Feb 2023 08:42:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d42a01fdf9af7a50d630c42fde100d30
a7568d35657f934220298ca4c2fb102398554196
f215d87cad50e9310bf2a4df263b24e1c87e7cda29e48f93f6b0d76eb218ab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F215D87CAD50E9310BF2A4DF263B24E1C87E7CDA29E48F93F6B0D76EB218AB1D"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19747
Expires: Tue, 14 Feb 2023 14:11:45 GMT
Date: Tue, 14 Feb 2023 08:42:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d42a01fdf9af7a50d630c42fde100d30
a7568d35657f934220298ca4c2fb102398554196
f215d87cad50e9310bf2a4df263b24e1c87e7cda29e48f93f6b0d76eb218ab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F215D87CAD50E9310BF2A4DF263B24E1C87E7CDA29E48F93F6B0D76EB218AB1D"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19747
Expires: Tue, 14 Feb 2023 14:11:45 GMT
Date: Tue, 14 Feb 2023 08:42:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d42a01fdf9af7a50d630c42fde100d30
a7568d35657f934220298ca4c2fb102398554196
f215d87cad50e9310bf2a4df263b24e1c87e7cda29e48f93f6b0d76eb218ab1d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F215D87CAD50E9310BF2A4DF263B24E1C87E7CDA29E48F93F6B0D76EB218AB1D"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19747
Expires: Tue, 14 Feb 2023 14:11:45 GMT
Date: Tue, 14 Feb 2023 08:42:38 GMT
Connection: keep-alive
fonts.gstatic.com/s/worksans/v8/QGYqz_wNahGAdqQ43Rh_eZDrv_0.woff2
200 OK 50 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v8/QGYqz_wNahGAdqQ43Rh_eZDrv_0.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 49692, version 1.0\012- data
Hash ac4e17831879244c9b60799cb6448c25
ef0faad9d3b1f97ea7044ba6628d42fdb0c03a96
a63f818229b780be68dcf74c831821318e9decb517286efcdddf1c81b7c0202d
GET /s/worksans/v8/QGYqz_wNahGAdqQ43Rh_eZDrv_0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://winiphone254.blogspot.com
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 49692
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 Feb 2023 06:49:06 GMT
expires: Sat, 10 Feb 2024 06:49:06 GMT
cache-control: public, max-age=31536000
age: 352412
last-modified: Fri, 26 Jun 2020 02:11:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F318ff2b9-f4f9-4c7a-81df-9e4b1f2674dd.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F318ff2b9-f4f9-4c7a-81df-9e4b1f2674dd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f36dc9974ff642bd2d59215b566e9b48
3a8baa33c526c25a0eb42a3a777cf38eeb01b25c
90868802014325116787331c121e74d0a9550d0f2b309801ffa66160fa810cde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F318ff2b9-f4f9-4c7a-81df-9e4b1f2674dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 17e77e17-627f-4070-848a-e2fba60ca596
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ATAtHGmBIAMFdmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaae53-6958c09576c288a3308a3aab;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:40:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Dpp-f-oSw2ecOBy3Nrkb_ijKrd0U55k1Tl_vMDvGC-9EJRRIKl6hHw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:14:56 GMT
age: 37662
etag: "3a8baa33c526c25a0eb42a3a777cf38eeb01b25c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.effectivecreativeformat.com/63f8895ee64d67e1cd2223d232cee5a8/invoke.js
200 OK 9.8 kB URL HTTP/1.1 www.effectivecreativeformat.com/63f8895ee64d67e1cd2223d232cee5a8/invoke.js
IP
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26965), with no line terminators
Hash 7a9294982198fd955139143788fb307c
4256e637547b74f9082b91159ed63bfe33922300
63975ee554fedabbeb9689875929751f778d7e86d341f3cee6b9d8385349c2a5
Analyzer Verdict Alert quad9 Sinkholed
GET /63f8895ee64d67e1cd2223d232cee5a8/invoke.js HTTP/1.1
Host: www.effectivecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 14 Feb 2023 08:42:38 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 07f99e6732df1b9c9c1adc2b99c2a945
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31b064cd-e914-46c4-9261-f5cf1e300786.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31b064cd-e914-46c4-9261-f5cf1e300786.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e24473b3e335f2046f72ea198a1a9ac8
346f3744c1fd32467ac8c1783f7c28c0ffd3cc4b
87fb8a02fb286ccd1d04abe4052fb08617fc68692515aa6daed2895e83827ccd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31b064cd-e914-46c4-9261-f5cf1e300786.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10677
x-amzn-requestid: 7fbf05af-939a-443c-9add-f856b5ab4b1c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_zFH3hoAMFUkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaace0-0676c24e496661ff545249f0;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ASk3lL6xNgUz-lLwE7lpLLh_PK_Iq-PSAz3VSOZrEweutYlfUggXTg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:26:35 GMT
etag: "346f3744c1fd32467ac8c1783f7c28c0ffd3cc4b"
content-type: image/jpeg
age: 36963
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee02a15-8482-4f95-a7be-3d184d8c9d77.jpeg
200 OK 2.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee02a15-8482-4f95-a7be-3d184d8c9d77.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4976933e30a4a44e68d08c00ffae17d1
70a5fda7f3515776a08d7063619eb4a8a61efba0
4adeae7a16af1167e6ffab1beab81feaec2dbdc0c90e5beb081c7bfcea0e5443
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee02a15-8482-4f95-a7be-3d184d8c9d77.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2360
x-amzn-requestid: f2e6dc22-444c-42af-947c-6d9d6f0253de
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_0iFhHIAMFjXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaace9-18f8bade4f2ddbd0018c2117;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KnF84pWgZ03u1BhryzomWqZhN25K5_BjXzKpSRLhbI0T7yp7tQNAzg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:31:29 GMT
etag: "70a5fda7f3515776a08d7063619eb4a8a61efba0"
content-type: image/jpeg
age: 36669
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02747389-fc16-42b4-9ec9-cf0c387a8d9c.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02747389-fc16-42b4-9ec9-cf0c387a8d9c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a368a0f4d91a04ece485fa6939b93ed0
34edb57e9f33babf053565c546089c2ffb80974a
35c141b46fad3913dfae10e1f6406a849bddcd0fb2c86d35561243aefe3bc54b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02747389-fc16-42b4-9ec9-cf0c387a8d9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8676
x-amzn-requestid: 1a72201f-c7b0-4215-81a6-e89ad432444d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_6WEqgIAMFRMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaad0e-322b9c2c03c0f7662edaf161;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:35:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DDwIjAsONLHS0unVWg9E_pGKIFW5qHZFprQ_oOuRD1MHawmwpBQ7wA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:14:48 GMT
etag: "34edb57e9f33babf053565c546089c2ffb80974a"
content-type: image/jpeg
age: 37670
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3b95fd0-70b7-4757-9068-83472c90622c.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3b95fd0-70b7-4757-9068-83472c90622c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd9dfc91c131903f04b22bca2ea07569
8fac706269ae3ec4a9f60a64f6b08066e9eeb22a
d72e6a45a42dd6f6d39bdf2a68837a2fdd73b9df6e01a29dd173725b3d88e97e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3b95fd0-70b7-4757-9068-83472c90622c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12032
x-amzn-requestid: 1be7b95f-1088-4e2a-ba74-bba8a5c3b615
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AMZ_gHE7oAMFfkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e809fc-65057649605a732b64098657;Sampled=0
x-amzn-remapped-date: Sat, 11 Feb 2023 21:34:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3wc9cOb6EBcYrHuQPvVx1h8f0xSef25washUegMtRo7oeLosn4RlYg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:35:18 GMT
age: 36440
etag: "8fac706269ae3ec4a9f60a64f6b08066e9eeb22a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP
Hash 128605039113b966d537089e1f318a5e
44167fdbf28a5272f488b04b7be6d8cb675799dd
19604a21b292cc4b63a541194a3bf4911c87e438395fe1ab913622d5332a4d48
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=132370
Date: Tue, 14 Feb 2023 08:42:39 GMT
Etag: "63ea98de-1d7"
Expires: Wed, 15 Feb 2023 21:28:49 GMT
Last-Modified: Mon, 13 Feb 2023 20:09:02 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: F4ZDxnOxFbewUGHhYZ2zMrfpUbsU0t68JuKBainjxNvHHfridFhbGQ==
Age: 4787
ocsp.r2m01.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP
Hash 128605039113b966d537089e1f318a5e
44167fdbf28a5272f488b04b7be6d8cb675799dd
19604a21b292cc4b63a541194a3bf4911c87e438395fe1ab913622d5332a4d48
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=132343
Date: Tue, 14 Feb 2023 08:42:39 GMT
Etag: "63ea98de-1d7"
Expires: Wed, 15 Feb 2023 21:28:22 GMT
Last-Modified: Mon, 13 Feb 2023 20:09:02 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KCX4_XzNWvGai-rl6CJYhKA5MCRRs8Zhyajl5n6ojHLZBAG6XTraWQ==
Age: 4760
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ba070e2-295e-485b-8bb9-cf35a649e9d1.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ba070e2-295e-485b-8bb9-cf35a649e9d1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8526505043a5b3a1a8a3e86f80dd796
121031f827508bc441ab34387ffdf9bf878c43a9
70e9f640c8339aea888ceea9fd2ef74fa2c3ea210f69fa22442155dca61a799e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ba070e2-295e-485b-8bb9-cf35a649e9d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10635
x-amzn-requestid: 98a6b744-d08f-4e53-a0b0-735b336c8513
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AS_zjG9boAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eaace3-5d86345a4ee7009e61291369;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KJ56reDkEbXg0bE7sE4pB1n7Lkn1nLiKblbKM9aFYCow4tpHrIqGnw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 13 Feb 2023 22:26:43 GMT
etag: "121031f827508bc441ab34387ffdf9bf878c43a9"
content-type: image/jpeg
age: 36955
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.blogger.com/dyn-css/authorization.css?targetBlogID=5473724241612498164&zx=12adea99-103c-4496-abca-2a3170970881
200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=5473724241612498164&zx=12adea99-103c-4496-abca-2a3170970881
IP
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=5473724241612498164&zx=12adea99-103c-4496-abca-2a3170970881 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 14 Feb 2023 08:42:39 GMT
last-modified: Tue, 14 Feb 2023 08:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash eb4383323ac2c31e284d5095f85b375c
fd5b720766b30f7cfcf1a697003ae14170209091
db5a558a87cb3c48f4918ff9d07526542d2ecc8e9cafa00c33ccb17d067ddfa0
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winiphone254.blogspot.com
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://winiphone254.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=c1fe66fd-809d-43e2-a64f-480807a90f28:2:1; expires=Fri, 11 Feb 2033 08:42:39 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 2914cc409260c1c0213d37713a0c485b
5381de249a0828ef7e2ad4a57ad3fbe092256f34
7dcfb09b55cead2a57793d95878b63a5013e41e464829834ad2f1948e6450aec
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winiphone254.blogspot.com
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://winiphone254.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=93314dcd-ac1e-4937-922b-1667c846ba4a:3:1; expires=Fri, 11 Feb 2033 08:42:39 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 4a8c5aef3db107e62a01512bda7e153a
35bcfaee72822f8d21a545aef0788c869accee25
c93ae8193d50fb99461e3b0aea1881c3c7590eb7cbd8388225b3306acbbfb683
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winiphone254.blogspot.com
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://winiphone254.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=ff25cb1b-10be-4d32-acd9-964cda9d58c9:2:1; expires=Fri, 11 Feb 2033 08:42:39 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip_uhl-XhFpO6ynwU76Rzb5dyD6A6RCK1iImQ7uZVwJoxNXKSsnx7WjhIGVy17yMoOg0K_sGsnmhkIvMFN4k747K4dW4O9JVp3oVRaUHjNDOY4XEsMQBPwa4vXVHnyuWam7rr5j0nNKunAiLHLcqq7_JV4lXSiHxdFG2KwpKiCajMOQpvq7hqcaI7b/s1600/Screenshot_21.png
200 OK 1.2 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip_uhl-XhFpO6ynwU76Rzb5dyD6A6RCK1iImQ7uZVwJoxNXKSsnx7WjhIGVy17yMoOg0K_sGsnmhkIvMFN4k747K4dW4O9JVp3oVRaUHjNDOY4XEsMQBPwa4vXVHnyuWam7rr5j0nNKunAiLHLcqq7_JV4lXSiHxdFG2KwpKiCajMOQpvq7hqcaI7b/s1600/Screenshot_21.png
IP
File type PNG image data, 202 x 42, 8-bit/color RGB, non-interlaced\012- data
Hash 031101af46a1ec81ed3dc17214d36650
cb2275a3d756196de7932a7e17d34356dd21e6b7
50ff7fccf4a76052240a6f3e4d8bb30bfa90247e027a29333eb89041d68722ad
GET /img/b/R29vZ2xl/AVvXsEip_uhl-XhFpO6ynwU76Rzb5dyD6A6RCK1iImQ7uZVwJoxNXKSsnx7WjhIGVy17yMoOg0K_sGsnmhkIvMFN4k747K4dW4O9JVp3oVRaUHjNDOY4XEsMQBPwa4vXVHnyuWam7rr5j0nNKunAiLHLcqq7_JV4lXSiHxdFG2KwpKiCajMOQpvq7hqcaI7b/s1600/Screenshot_21.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v476"
expires: Wed, 15 Feb 2023 08:42:39 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Screenshot_21.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 08:42:39 GMT
server: fife
content-length: 1171
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d30896ae0ab9194b1e21ac215c6f5611
4b7ae7b0cf43f9cea152a5fcfa14dea489939c10
2d8ba7b1c9b78625c66ad61e9055f90392b0fb3ceeb2c3d591d43c5be72c250a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D8BA7B1C9B78625C66AD61E9055F90392B0FB3CEEB2C3D591D43C5BE72C250A"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8376
Expires: Tue, 14 Feb 2023 11:02:15 GMT
Date: Tue, 14 Feb 2023 08:42:39 GMT
Connection: keep-alive
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo4xdA13w95MiHzEGdI4FBsLRI-06zg9Tyw3Ah4xRy7uccVD3Q6Rf-WK1fpDwxk063MMRwqkYyvawnaCf5IK7TY3qIqFiyX6-kCR8rfI-PAuO8uPwmKzW3tuNC4w--VwE9leYbyrM-BAtOUWwxTvVzFS_dbcmJ6kgEWNi7cZqPKyNyjSU5f0xbIbGW/w640-h366/Add%20a%20heading.png
200 OK 91 kB URL HTTP/2 blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo4xdA13w95MiHzEGdI4FBsLRI-06zg9Tyw3Ah4xRy7uccVD3Q6Rf-WK1fpDwxk063MMRwqkYyvawnaCf5IK7TY3qIqFiyX6-kCR8rfI-PAuO8uPwmKzW3tuNC4w--VwE9leYbyrM-BAtOUWwxTvVzFS_dbcmJ6kgEWNi7cZqPKyNyjSU5f0xbIbGW/w640-h366/Add%20a%20heading.png
IP
File type PNG image data, 640 x 366, 8-bit/color RGB, non-interlaced\012- data
Hash 90336a69b0887ad5eceeb5676c5f3d53
df87555442ea15a9f13bf9f2fca8434cc0fc6496
8d8f78f098320b99d30c863a86be2e4efd1964466316cc3b6cd882dd5052f923
GET /img/b/R29vZ2xl/AVvXsEgo4xdA13w95MiHzEGdI4FBsLRI-06zg9Tyw3Ah4xRy7uccVD3Q6Rf-WK1fpDwxk063MMRwqkYyvawnaCf5IK7TY3qIqFiyX6-kCR8rfI-PAuO8uPwmKzW3tuNC4w--VwE9leYbyrM-BAtOUWwxTvVzFS_dbcmJ6kgEWNi7cZqPKyNyjSU5f0xbIbGW/w640-h366/Add%20a%20heading.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v474"
expires: Wed, 15 Feb 2023 08:42:39 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Add a heading.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 08:42:39 GMT
server: fife
content-length: 91035
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe8bf190998caca7a0ccc1f2c30a113e
dedea53391f772e16ded15e5b86dcbc75262af3b
507d9fc2d1aca65a9c30437243ce8c98945003f8dfc364183d4ded1e2b373126
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "507D9FC2D1ACA65A9C30437243CE8C98945003F8DFC364183D4DED1E2B373126"
Last-Modified: Mon, 13 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16582
Expires: Tue, 14 Feb 2023 13:19:01 GMT
Date: Tue, 14 Feb 2023 08:42:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac29fde8878fb29a70b8af59eb59aca6
c95cf327f692a7ca39bc02d600eff996ffcded05
0363a561ac419aeef536108f6fb5bc288234f03628080440201646780f8fc4f7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0363A561AC419AEEF536108F6FB5BC288234F03628080440201646780F8FC4F7"
Last-Modified: Mon, 13 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13143
Expires: Tue, 14 Feb 2023 12:21:42 GMT
Date: Tue, 14 Feb 2023 08:42:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe8bf190998caca7a0ccc1f2c30a113e
dedea53391f772e16ded15e5b86dcbc75262af3b
507d9fc2d1aca65a9c30437243ce8c98945003f8dfc364183d4ded1e2b373126
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "507D9FC2D1ACA65A9C30437243CE8C98945003F8DFC364183D4DED1E2B373126"
Last-Modified: Mon, 13 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21580
Expires: Tue, 14 Feb 2023 14:42:19 GMT
Date: Tue, 14 Feb 2023 08:42:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 95adb548ace98e526e49c68c8a58f914
fdee7c1bb44ef047c98c3a2d0feefb79e11c3159
9bbcd07bce95214e930ab4e010c0ea1b56d8f6e39b64643a5ce5ff0cb6ca9864
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BBCD07BCE95214E930AB4E010C0EA1B56D8F6E39B64643A5CE5FF0CB6CA9864"
Last-Modified: Mon, 13 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21564
Expires: Tue, 14 Feb 2023 14:42:03 GMT
Date: Tue, 14 Feb 2023 08:42:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe8bf190998caca7a0ccc1f2c30a113e
dedea53391f772e16ded15e5b86dcbc75262af3b
507d9fc2d1aca65a9c30437243ce8c98945003f8dfc364183d4ded1e2b373126
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "507D9FC2D1ACA65A9C30437243CE8C98945003F8DFC364183D4DED1E2B373126"
Last-Modified: Mon, 13 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 14 Feb 2023 14:42:39 GMT
Date: Tue, 14 Feb 2023 08:42:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fe8bf190998caca7a0ccc1f2c30a113e
dedea53391f772e16ded15e5b86dcbc75262af3b
507d9fc2d1aca65a9c30437243ce8c98945003f8dfc364183d4ded1e2b373126
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "507D9FC2D1ACA65A9C30437243CE8C98945003F8DFC364183D4DED1E2B373126"
Last-Modified: Mon, 13 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16515
Expires: Tue, 14 Feb 2023 13:17:54 GMT
Date: Tue, 14 Feb 2023 08:42:39 GMT
Connection: keep-alive
magazinesfluentlymercury.com/watch.1200091759138.js?key=63f8895ee64d67e1cd2223d232cee5a8&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=ff25cb1b-10be-4d32-acd9-964cda9d58c9%3A2%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 magazinesfluentlymercury.com/watch.1200091759138.js?key=63f8895ee64d67e1cd2223d232cee5a8&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=ff25cb1b-10be-4d32-acd9-964cda9d58c9%3A2%3A1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1200091759138.js?key=63f8895ee64d67e1cd2223d232cee5a8&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=ff25cb1b-10be-4d32-acd9-964cda9d58c9%3A2%3A1 HTTP/1.1
Host: magazinesfluentlymercury.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winiphone254.blogspot.com
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com
Access-Control-Allow-Origin: https://winiphone254.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://magazinesfluentlymercury.com/watch.1200091759138.js?key=63f8895ee64d67e1cd2223d232cee5a8&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=ff25cb1b-10be-4d32-acd9-964cda9d58c9%3A2%3A1&shu=895f3d118e655392800ae0464516e9097e73d70fbd437d3b88a07a3b4964b457425ea5d5fe5d3f5717dcc0ad5f5a624db4841d5393c75dd82af331a43132f69df70a0c993f6eacef941966b27a958a58a79ffe5eacef1a5f7d4afd39695ee610&pst=1676364219&rmtc=t
Set-Cookie: u_pl=18343145; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM0MzE0NSwiayI6IjYzZjg4OTVlZTY0ZDY3ZTFjZDIyMjNkMjMyY2VlNWE4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjIxNDMwLCJwaWQiOjY4NzE0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjI3LCJwdCI6NCwicGsiOiJpMDZxZmZ6aCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3dpbmlwaG9uZTI1NC5ibG9nc3BvdC5jb20vMjAyMy8wMi9jcnlwdG8tdG9wcy1ib3R0b21zLXJldmlldy0yMDIzLmh0bWwifX0.C4QWi2NPAKDv6wwY9ZCpO6Bl6IeXzdc1UhrqWPWfuos; expires=Tue, 14 Feb 2023 08:43:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 85028e2fa6f8f9edf25a3da02513b93a
Strict-Transport-Security: max-age=0; includeSubdomains
feelseveryone.com//watchnew?key=71a2274e9a0cd2c269e9111f99a6003a
200 OK 1.1 kB URL HTTP/1.1 feelseveryone.com//watchnew?key=71a2274e9a0cd2c269e9111f99a6003a
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash f02130f3f20d3ecf627da6839304cdef
558aa1f558cade19f7d9b7aaba15d5d351e9e3bf
6b4c59847f251aa0e74578ae6459ca851456c44c77f20b7cf28ac0ad2625a80b
GET //watchnew?key=71a2274e9a0cd2c269e9111f99a6003a HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=18343155; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM0MzE1NSwiayI6IjcxYTIyNzRlOWEwY2QyYzI2OWU5MTExZjk5YTYwMDNhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjIxNDMwLCJwaWQiOjY4NzE0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InM0bXMwaHUwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3dpbmlwaG9uZTI1NC5ibG9nc3BvdC5jb20vIn19.U57ITIrka4JU3vOO-2wpTy40mnCfybJuPOV8agtrZjU; expires=Tue, 14 Feb 2023 08:43:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 18b2516af86143fb7ce421073ecf1b39
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
feelseveryone.com//watchnew?key=71f8f5be817ca65316c9982dd1b58f66
200 OK 1.1 kB URL HTTP/1.1 feelseveryone.com//watchnew?key=71f8f5be817ca65316c9982dd1b58f66
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ef775c8881001379bc8619eb26f2027e
ad5b2d68163eb47ba3b511b3bfdb3b5593cc4700
d81faf906b9fda25b0e4407f155e1234b3e1c4479f6fb4d34a08e449260d1a56
GET //watchnew?key=71f8f5be817ca65316c9982dd1b58f66 HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=18343196; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM0MzE5NiwiayI6IjcxZjhmNWJlODE3Y2E2NTMxNmM5OTgyZGQxYjU4ZjY2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjIxNDMwLCJwaWQiOjY4NzE0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjI1LCJwdCI6NCwicGsiOiJkdGUzd3B2MyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93aW5pcGhvbmUyNTQuYmxvZ3Nwb3QuY29tLyJ9fQ.tCyKqiQWqKp3LOhnhffYf8D5-NjPWXXJqCqwDdOEvDw; expires=Tue, 14 Feb 2023 08:43:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 21951205a4fe73eee125dba86de5e4ed
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
feelseveryone.com//watchnew?key=a232638528d49fd5283f5465e4f22362
200 OK 1.1 kB URL HTTP/1.1 feelseveryone.com//watchnew?key=a232638528d49fd5283f5465e4f22362
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 4a26aec68a56b15a0d847dd639ef9986
373774995016179fdb6324343b4415672d92cfc3
9c4cf7525506716faae30a1f236e5337dac2627aa7daf66914101df2d4b120c0
GET //watchnew?key=a232638528d49fd5283f5465e4f22362 HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=18343165; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM0MzE2NSwiayI6ImEyMzI2Mzg1MjhkNDlmZDUyODNmNTQ2NWU0ZjIyMzYyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjIxNDMwLCJwaWQiOjY4NzE0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJqZWlicWFmaCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93aW5pcGhvbmUyNTQuYmxvZ3Nwb3QuY29tLyJ9fQ.ieocIxk4Y4lqJXmjU_ZBcaCDyVF8Ox5CD3TDaQE8fbs; expires=Tue, 14 Feb 2023 08:43:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 417a957acc73a1fc471859cb731302ab
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b53c64662a273c18cb65a4effe986acd
3ddb82f8c8cd233391d2e1db3a26a4d745a60d6a
f27276212a4c85ca0bdc5c412ef4fbc9db5fbc441d97c693ceb8510f94cd9a00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27276212A4C85CA0BDC5C412EF4FBC9DB5FBC441D97C693CEB8510F94CD9A00"
Last-Modified: Mon, 13 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8076
Expires: Tue, 14 Feb 2023 10:57:15 GMT
Date: Tue, 14 Feb 2023 08:42:39 GMT
Connection: keep-alive
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 4a8c5aef3db107e62a01512bda7e153a
35bcfaee72822f8d21a545aef0788c869accee25
c93ae8193d50fb99461e3b0aea1881c3c7590eb7cbd8388225b3306acbbfb683
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://feelseveryone.com
Connection: keep-alive
Referer: https://feelseveryone.com/
Cookie: uid_id2=ff25cb1b-10be-4d32-acd9-964cda9d58c9:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://feelseveryone.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 4a8c5aef3db107e62a01512bda7e153a
35bcfaee72822f8d21a545aef0788c869accee25
c93ae8193d50fb99461e3b0aea1881c3c7590eb7cbd8388225b3306acbbfb683
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://feelseveryone.com
Connection: keep-alive
Referer: https://feelseveryone.com/
Cookie: uid_id2=ff25cb1b-10be-4d32-acd9-964cda9d58c9:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://feelseveryone.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 4a8c5aef3db107e62a01512bda7e153a
35bcfaee72822f8d21a545aef0788c869accee25
c93ae8193d50fb99461e3b0aea1881c3c7590eb7cbd8388225b3306acbbfb683
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://feelseveryone.com
Connection: keep-alive
Referer: https://feelseveryone.com/
Cookie: uid_id2=ff25cb1b-10be-4d32-acd9-964cda9d58c9:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:39 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://feelseveryone.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
feelseveryone.com//watchnew?key=71a2274e9a0cd2c269e9111f99a6003a
200 OK 1.1 kB URL HTTP/1.1 feelseveryone.com//watchnew?key=71a2274e9a0cd2c269e9111f99a6003a
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 840a51c5921a3e4ef0959eb093053c21
1c7dd4ea056c09c91049269519b359827c23c5f0
eef274a6778394de530e9f51eadc674959b43737ebfee28c08ea03c043e7da70
GET //watchnew?key=71a2274e9a0cd2c269e9111f99a6003a HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=18343155; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM0MzE1NSwiayI6IjcxYTIyNzRlOWEwY2QyYzI2OWU5MTExZjk5YTYwMDNhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjIxNDMwLCJwaWQiOjY4NzE0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InM0bXMwaHUwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3dpbmlwaG9uZTI1NC5ibG9nc3BvdC5jb20vIn19.U57ITIrka4JU3vOO-2wpTy40mnCfybJuPOV8agtrZjU; expires=Tue, 14 Feb 2023 08:43:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a805cce0dd37e0a8adffb7d95ca4be9f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
feelseveryone.com//watchnew?key=71a2274e9a0cd2c269e9111f99a6003a
200 OK 1.1 kB URL HTTP/1.1 feelseveryone.com//watchnew?key=71a2274e9a0cd2c269e9111f99a6003a
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 7c83e220194198090d8c655a74b518ca
44863ca5d1c4035dec401e1170155de6b1b2003a
b9598bba55d0de16e625dc195763e5cfecb22e69b340487685354ee55045f3f2
GET //watchnew?key=71a2274e9a0cd2c269e9111f99a6003a HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=18343155; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM0MzE1NSwiayI6IjcxYTIyNzRlOWEwY2QyYzI2OWU5MTExZjk5YTYwMDNhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjIxNDMwLCJwaWQiOjY4NzE0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjUsInB0Ijo0LCJwayI6InM0bXMwaHUwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3dpbmlwaG9uZTI1NC5ibG9nc3BvdC5jb20vIn19.U57ITIrka4JU3vOO-2wpTy40mnCfybJuPOV8agtrZjU; expires=Tue, 14 Feb 2023 08:43:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d15f138fccb5e08005ab129ffb459cb7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
magazinesfluentlymercury.com/watch.1200091759138.js?key=63f8895ee64d67e1cd2223d232cee5a8&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=ff25cb1b-10be-4d32-acd9-964cda9d58c9%3A2%3A1&shu=895f3d118e655392800ae0464516e9097e73d70fbd437d3b88a07a3b4964b457425ea5d5fe5d3f5717dcc0ad5f5a624db4841d5393c75dd82af331a43132f69df70a0c993f6eacef941966b27a958a58a79ffe5eacef1a5f7d4afd39695ee610&pst=1676364219&rmtc=t
200 OK 2.5 kB URL HTTP/1.1 magazinesfluentlymercury.com/watch.1200091759138.js?key=63f8895ee64d67e1cd2223d232cee5a8&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=ff25cb1b-10be-4d32-acd9-964cda9d58c9%3A2%3A1&shu=895f3d118e655392800ae0464516e9097e73d70fbd437d3b88a07a3b4964b457425ea5d5fe5d3f5717dcc0ad5f5a624db4841d5393c75dd82af331a43132f69df70a0c993f6eacef941966b27a958a58a79ffe5eacef1a5f7d4afd39695ee610&pst=1676364219&rmtc=t
IP
File type HTML document, ASCII text, with very long lines (3194)
Hash f8337d777898c8fb0c3a8331f3ef6d7f
0c15c6f86660290a553e4681c9f7e93b7f133eed
de52b38d4dcade78f898cb3e6d5d75af63ac5ce40e1f9ab7365876accf597953
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1200091759138.js?key=63f8895ee64d67e1cd2223d232cee5a8&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=ff25cb1b-10be-4d32-acd9-964cda9d58c9%3A2%3A1&shu=895f3d118e655392800ae0464516e9097e73d70fbd437d3b88a07a3b4964b457425ea5d5fe5d3f5717dcc0ad5f5a624db4841d5393c75dd82af331a43132f69df70a0c993f6eacef941966b27a958a58a79ffe5eacef1a5f7d4afd39695ee610&pst=1676364219&rmtc=t HTTP/1.1
Host: magazinesfluentlymercury.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winiphone254.blogspot.com
Referer: https://winiphone254.blogspot.com/
Connection: keep-alive
Cookie: u_pl=18343145
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com
Access-Control-Allow-Origin: https://winiphone254.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ff25cb1b-10be-4d32-acd9-964cda9d58c9:2:1; expires=Tue, 21 Feb 2023 08:42:39 GMT; secure; SameSite=None
iprc645810365c9216cfa2f06c250d9996df=2060119; expires=Tue, 28 Feb 2023 08:42:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
uncs=1; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
pdhtkv27=true; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
uncs27=1; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8d2d514e19e7c54d3017797489710adf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
disabledincomprehensiblecitizens.com/ntv.json?key=5d355b91d24f5f451991f2724dd626d9&vstc=4
200 OK 17 kB URL HTTP/1.1 disabledincomprehensiblecitizens.com/ntv.json?key=5d355b91d24f5f451991f2724dd626d9&vstc=4
IP
File type JSON data\012- , ASCII text, with very long lines (17210), with no line terminators
Hash 2aab8e79d25ad67aa60950e91ade81ef
bdd032bd701a47d31c811e4cb90a788869f41a0e
fe80250c13931f366809818d28580b0f2f84323514cd52f61cc1579fbadcbfbb
Analyzer Verdict Alert quad9 Sinkholed
GET /ntv.json?key=5d355b91d24f5f451991f2724dd626d9&vstc=4 HTTP/1.1
Host: disabledincomprehensiblecitizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winiphone254.blogspot.com
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:39 GMT
Content-Type: application/json
Content-Length: 17210
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com
Access-Control-Allow-Origin: https://winiphone254.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18343207; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
uncs=1; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
pdhtkv49=true; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
uncs49=1; expires=Wed, 15 Feb 2023 08:42:39 GMT; secure; SameSite=None
nlec5d355b91d24f5f451991f2724dd626d9=[2229337,2019380,2229333,2229329]; expires=Tue, 14 Feb 2023 08:42:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c54763d18c1e718bbc22a63db75b65f1
Strict-Transport-Security: max-age=0; includeSubdomains
3.bp.blogspot.com/-rUXH6ABluDE/YjC6x1dxC4I/AAAAAAAAA5Y/GIZK_JUuORwGyAGfFfSoZ-pX07WAu4WOQCK4BGAYYCw/w26-h26-p-k-no-nu/Untitled%2Bdesign%2B%25283%2529.png
200 OK 1.3 kB URL HTTP/2 3.bp.blogspot.com/-rUXH6ABluDE/YjC6x1dxC4I/AAAAAAAAA5Y/GIZK_JUuORwGyAGfFfSoZ-pX07WAu4WOQCK4BGAYYCw/w26-h26-p-k-no-nu/Untitled%2Bdesign%2B%25283%2529.png
IP
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash a4a2ec95131f1c0dd992700b0a3e3252
091ffcd8213cbf66a021f3cf1daad820b0ee292e
1997992e7f182ac04f6736efc9c6bb58d5666be59592a700c774dda06a15d372
GET /-rUXH6ABluDE/YjC6x1dxC4I/AAAAAAAAA5Y/GIZK_JUuORwGyAGfFfSoZ-pX07WAu4WOQCK4BGAYYCw/w26-h26-p-k-no-nu/Untitled%2Bdesign%2B%25283%2529.png HTTP/1.1
Host: 3.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v39d"
expires: Wed, 15 Feb 2023 08:42:39 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Untitled design (3).png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 08:42:39 GMT
server: fife
content-length: 1337
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
radargoats.com/watch.194256806379.js?key=a7f770405d7946b33cceb7b2cfe9f266&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=c1fe66fd-809d-43e2-a64f-480807a90f28%3A2%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 radargoats.com/watch.194256806379.js?key=a7f770405d7946b33cceb7b2cfe9f266&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=c1fe66fd-809d-43e2-a64f-480807a90f28%3A2%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.194256806379.js?key=a7f770405d7946b33cceb7b2cfe9f266&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=c1fe66fd-809d-43e2-a64f-480807a90f28%3A2%3A1 HTTP/1.1
Host: radargoats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winiphone254.blogspot.com
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com
Access-Control-Allow-Origin: https://winiphone254.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://radargoats.com/watch.194256806379.js?key=a7f770405d7946b33cceb7b2cfe9f266&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=c1fe66fd-809d-43e2-a64f-480807a90f28%3A2%3A1&shu=3079aed355061b02aefad01679a00cbb23de64631337e0330fb0985b5fc796df100b0512475f240be91d508c510c29db4ace7c682d6536408dda3a757287eb56a5238c595a0bbca3be9da0ca92be8801aaeaafeb&pst=1676364220&rmtc=t
Set-Cookie: u_pl=18343202; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM0MzIwMiwiayI6ImE3Zjc3MDQwNWQ3OTQ2YjMzY2NlYjdiMmNmZTlmMjY2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjIxNDMwLCJwaWQiOjY4NzE0NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJnajltYmE2Z2UiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93aW5pcGhvbmUyNTQuYmxvZ3Nwb3QuY29tLzIwMjMvMDIvY3J5cHRvLXRvcHMtYm90dG9tcy1yZXZpZXctMjAyMy5odG1sIn19.6yV43WFTg77am2VaQirhV5aIsEFN5brfzwiLfzarp-Q; expires=Tue, 14 Feb 2023 08:43:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f5eb2531bffcae2601eaccd9ba5c34b9
Strict-Transport-Security: max-age=0; includeSubdomains
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 4a8c5aef3db107e62a01512bda7e153a
35bcfaee72822f8d21a545aef0788c869accee25
c93ae8193d50fb99461e3b0aea1881c3c7590eb7cbd8388225b3306acbbfb683
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://feelseveryone.com
Connection: keep-alive
Referer: https://feelseveryone.com/
Cookie: uid_id2=ff25cb1b-10be-4d32-acd9-964cda9d58c9:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://feelseveryone.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 4a8c5aef3db107e62a01512bda7e153a
35bcfaee72822f8d21a545aef0788c869accee25
c93ae8193d50fb99461e3b0aea1881c3c7590eb7cbd8388225b3306acbbfb683
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://feelseveryone.com
Connection: keep-alive
Referer: https://feelseveryone.com/
Cookie: uid_id2=ff25cb1b-10be-4d32-acd9-964cda9d58c9:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://feelseveryone.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
feelseveryone.com/watchnew?shu=689639fb07724d0082124984e2e4a38c4b0aa8a60fec4ef25b6e5cc746895324a55fa160720728371435df42bab1106434773d56c300720a97ad06229092a44631c9e5787fe2ce8581ced5e5d7b9a196dcd50dc244ea7bc30ed707d385ec&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71a2274e9a0cd2c269e9111f99a6003a&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
200 OK 1.8 kB URL HTTP/1.1 feelseveryone.com/watchnew?shu=689639fb07724d0082124984e2e4a38c4b0aa8a60fec4ef25b6e5cc746895324a55fa160720728371435df42bab1106434773d56c300720a97ad06229092a44631c9e5787fe2ce8581ced5e5d7b9a196dcd50dc244ea7bc30ed707d385ec&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71a2274e9a0cd2c269e9111f99a6003a&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2548)
Hash 4f1813f0c9d789b0481399572b8a14a2
57ffcb3d5c98d63940f32c861efd84fda1214777
f23a6441e2593232d45a80bd0b358722467b983ed68073c09bae66811f19a487
GET /watchnew?shu=689639fb07724d0082124984e2e4a38c4b0aa8a60fec4ef25b6e5cc746895324a55fa160720728371435df42bab1106434773d56c300720a97ad06229092a44631c9e5787fe2ce8581ced5e5d7b9a196dcd50dc244ea7bc30ed707d385ec&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71a2274e9a0cd2c269e9111f99a6003a&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://feelseveryone.com//watchnew?key=71a2274e9a0cd2c269e9111f99a6003a
Cookie: u_pl=18343155
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com/
Access-Control-Allow-Origin: https://winiphone254.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: iprc84c2ccabfa6a87e89903538f97c388ee=3569806; expires=Tue, 14 Feb 2023 12:42:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 94941b77cc5786cbf2955160cd002038
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
feelseveryone.com/watchnew?shu=c06c8ff601c67ba37f85129e59e35c313693062b2972b945c90f6d378633056e2c11b381883a5e5e618801004bd0686798b6327c4a6b00e310b13271fe22e12a7bf802b69329f04f7c6f09eb56912712acef2221e139c4e9ab76a6828b3d420d&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=a232638528d49fd5283f5465e4f22362&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
200 OK 1.8 kB URL HTTP/1.1 feelseveryone.com/watchnew?shu=c06c8ff601c67ba37f85129e59e35c313693062b2972b945c90f6d378633056e2c11b381883a5e5e618801004bd0686798b6327c4a6b00e310b13271fe22e12a7bf802b69329f04f7c6f09eb56912712acef2221e139c4e9ab76a6828b3d420d&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=a232638528d49fd5283f5465e4f22362&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2572)
Hash bdca9bd1f6391cabdab3adeff5177af8
89cb570843a2b14041f87372b7c6b62a1c9399ee
71aad9cfb95025184ab87b8308ab5106151075a2329d37bd0a35c61d7f84f0fa
GET /watchnew?shu=c06c8ff601c67ba37f85129e59e35c313693062b2972b945c90f6d378633056e2c11b381883a5e5e618801004bd0686798b6327c4a6b00e310b13271fe22e12a7bf802b69329f04f7c6f09eb56912712acef2221e139c4e9ab76a6828b3d420d&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=a232638528d49fd5283f5465e4f22362&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://feelseveryone.com//watchnew?key=a232638528d49fd5283f5465e4f22362
Cookie: u_pl=18343155
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com/
Access-Control-Allow-Origin: https://winiphone254.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18343155,18343165; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
iprc8b8b1c4c8cd8131df961edb7d9890419=3570421; expires=Tue, 14 Feb 2023 12:42:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
pdhtkv32=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs32=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5247ef72ab84c5a1810ab215b857c67e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1469f955cb6bc704e80bb4868ecc964f
9b7410731c433e400de18e38560d656a2c9bab77
a190871da582c9e5e45e3210986d7899800036c5deb91e72ba2749d230aa24fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A190871DA582C9E5E45E3210986D7899800036C5DEB91E72BA2749D230AA24FA"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11855
Expires: Tue, 14 Feb 2023 12:00:15 GMT
Date: Tue, 14 Feb 2023 08:42:40 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1469f955cb6bc704e80bb4868ecc964f
9b7410731c433e400de18e38560d656a2c9bab77
a190871da582c9e5e45e3210986d7899800036c5deb91e72ba2749d230aa24fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A190871DA582C9E5E45E3210986D7899800036C5DEB91E72BA2749D230AA24FA"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11855
Expires: Tue, 14 Feb 2023 12:00:15 GMT
Date: Tue, 14 Feb 2023 08:42:40 GMT
Connection: keep-alive
disabledincomprehensiblecitizens.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuzm9%2BlwiCf0C8yCiIusiku6c7ybjIYlwjwTXJ%2FiN4rO6qnpSpqWqquqcnQTC4IHucgwf11Pkm2aAu4h49CDIRZMnF9GXJwdz25FEQj9KzA6MF%2Fd73%2BnuH73vvfX6QXxAXOT3f%2FFDvCSnpQthym69vCcV0YZvrt5qe23IvN7eEWgwuNwd1MP23PDdsuW803%2Bfxjl7wXc91PddrrgrDEz1YmLAQ6f2O1%2Bq4rcBveWGAgflvbXMHljpg%2FQvyLASr%2Fr%2F98AFEPIbq%2FXCV251Mp2%2B%2B18slzbRBnx3fVjtKFwq9GUyMg0QdT7uhbUXIl3PQ6njqALp%2FWDtAJCriPPIQqeOpTET9oydKIwmuELGnUPTH4HIMQceI9R0IdkaAmGF9A6p3b12bgu4%2BYWnNVqTx158QRUUavz8P1ft%2BRYpB86aWeSa0shgkJcRgDNEdI81PkO05EMUJ4uwzCEageiUEKyeuhRhDJGNIPgS1DvL6Ew7yxEGeOuix8yYNO4nrLiVR0m4vB3Ect9txHC4vspC1g%2BXERR7XsobI0iFiOURs9pGafeyIIUz%2BM%2Bx2Ccsc2KwizvV99FmJghMUlqCgBIUgKDKCol8eMWl9W95j0uaRN83%2BNLfLkc66B%2FRIZ12uyEF6QZ6p5%2BG88Pg17PDzZsjaYRh1POYHSZgEodfpeIm%2F5AeMLfqLrAMrSgg7N7G6Jyry8uM%2BUlGR%2BU8uIaInsPIEsXBAcw%2B0GC35Luj2KFh2sad%2BLIQS6bZW3A%2BDViR116Y6a8W6B6ZLpFkD2a5zIC%2FIi5MlvfRbAB6fXvl1%2Fu109GgesSmRmhIfi18IuvLu6IYuyOENXVjyYCPNRE%2Fs0XqBNzOa8f99%2BwHfLbRha1ft8Jt34pqo4f1b3GbXqGJCdS35bkUwxs2qNjEnP63ZLR5t5nZ7JTcqT69tvru61ksNt1ZoNQYVZxt%2FIxYVabz63OQ0nz67BGHGMHmJXn5Kpg9CnyBO92HTmXqrCYyc9UTpHIq8HBk%2Fmv2UgkDyWU2jEvZfdTTDB%2FYuuqYBmt2ZHGTflOjLElQOYfP5UZaa0ysPv6rf14hkYxRJ0ziMpJFfVOSVxkeT%2Bdbodh2uw4rzJg8TN%2BGuz6OkEyVL1GWdJOhEtOPxpSikHjJbxX%2BsffoPAAAA%2F%2F8BAAD%2F%2F2%2BY79GBBAAA
200 OK 7 B URL HTTP/1.1 disabledincomprehensiblecitizens.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuzm9%2BlwiCf0C8yCiIusiku6c7ybjIYlwjwTXJ%2FiN4rO6qnpSpqWqquqcnQTC4IHucgwf11Pkm2aAu4h49CDIRZMnF9GXJwdz25FEQj9KzA6MF%2Fd73%2BnuH73vvfX6QXxAXOT3f%2FFDvCSnpQthym69vCcV0YZvrt5qe23IvN7eEWgwuNwd1MP23PDdsuW803%2Bfxjl7wXc91PddrrgrDEz1YmLAQ6f2O1%2Bq4rcBveWGAgflvbXMHljpg%2FQvyLASr%2Fr%2F98AFEPIbq%2FXCV251Mp2%2B%2B18slzbRBnx3fVjtKFwq9GUyMg0QdT7uhbUXIl3PQ6njqALp%2FWDtAJCriPPIQqeOpTET9oydKIwmuELGnUPTH4HIMQceI9R0IdkaAmGF9A6p3b12bgu4%2BYWnNVqTx158QRUUavz8P1ft%2BRYpB86aWeSa0shgkJcRgDNEdI81PkO05EMUJ4uwzCEageiUEKyeuhRhDJGNIPgS1DvL6Ew7yxEGeOuix8yYNO4nrLiVR0m4vB3Ect9txHC4vspC1g%2BXERR7XsobI0iFiOURs9pGafeyIIUz%2BM%2Bx2Ccsc2KwizvV99FmJghMUlqCgBIUgKDKCol8eMWl9W95j0uaRN83%2BNLfLkc66B%2FRIZ12uyEF6QZ6p5%2BG88Pg17PDzZsjaYRh1POYHSZgEodfpeIm%2F5AeMLfqLrAMrSgg7N7G6Jyry8uM%2BUlGR%2BU8uIaInsPIEsXBAcw%2B0GC35Luj2KFh2sad%2BLIQS6bZW3A%2BDViR116Y6a8W6B6ZLpFkD2a5zIC%2FIi5MlvfRbAB6fXvl1%2Fu109GgesSmRmhIfi18IuvLu6IYuyOENXVjyYCPNRE%2Fs0XqBNzOa8f99%2BwHfLbRha1ft8Jt34pqo4f1b3GbXqGJCdS35bkUwxs2qNjEnP63ZLR5t5nZ7JTcqT69tvru61ksNt1ZoNQYVZxt%2FIxYVabz63OQ0nz67BGHGMHmJXn5Kpg9CnyBO92HTmXqrCYyc9UTpHIq8HBk%2Fmv2UgkDyWU2jEvZfdTTDB%2FYuuqYBmt2ZHGTflOjLElQOYfP5UZaa0ysPv6rf14hkYxRJ0ziMpJFfVOSVxkeT%2Bdbodh2uw4rzJg8TN%2BGuz6OkEyVL1GWdJOhEtOPxpSikHjJbxX%2BsffoPAAAA%2F%2F8BAAD%2F%2F2%2BY79GBBAAA
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReuzm9%2BlwiCf0C8yCiIusiku6c7ybjIYlwjwTXJ%2FiN4rO6qnpSpqWqquqcnQTC4IHucgwf11Pkm2aAu4h49CDIRZMnF9GXJwdz25FEQj9KzA6MF%2Fd73%2BnuH73vvfX6QXxAXOT3f%2FFDvCSnpQthym69vCcV0YZvrt5qe23IvN7eEWgwuNwd1MP23PDdsuW803%2Bfxjl7wXc91PddrrgrDEz1YmLAQ6f2O1%2Bq4rcBveWGAgflvbXMHljpg%2FQvyLASr%2Fr%2F98AFEPIbq%2FXCV251Mp2%2B%2B18slzbRBnx3fVjtKFwq9GUyMg0QdT7uhbUXIl3PQ6njqALp%2FWDtAJCriPPIQqeOpTET9oydKIwmuELGnUPTH4HIMQceI9R0IdkaAmGF9A6p3b12bgu4%2BYWnNVqTx158QRUUavz8P1ft%2BRYpB86aWeSa0shgkJcRgDNEdI81PkO05EMUJ4uwzCEageiUEKyeuhRhDJGNIPgS1DvL6Ew7yxEGeOuix8yYNO4nrLiVR0m4vB3Ect9txHC4vspC1g%2BXERR7XsobI0iFiOURs9pGafeyIIUz%2BM%2Bx2Ccsc2KwizvV99FmJghMUlqCgBIUgKDKCol8eMWl9W95j0uaRN83%2BNLfLkc66B%2FRIZ12uyEF6QZ6p5%2BG88Pg17PDzZsjaYRh1POYHSZgEodfpeIm%2F5AeMLfqLrAMrSgg7N7G6Jyry8uM%2BUlGR%2BU8uIaInsPIEsXBAcw%2B0GC35Luj2KFh2sad%2BLIQS6bZW3A%2BDViR116Y6a8W6B6ZLpFkD2a5zIC%2FIi5MlvfRbAB6fXvl1%2Fu109GgesSmRmhIfi18IuvLu6IYuyOENXVjyYCPNRE%2Fs0XqBNzOa8f99%2BwHfLbRha1ft8Jt34pqo4f1b3GbXqGJCdS35bkUwxs2qNjEnP63ZLR5t5nZ7JTcqT69tvru61ksNt1ZoNQYVZxt%2FIxYVabz63OQ0nz67BGHGMHmJXn5Kpg9CnyBO92HTmXqrCYyc9UTpHIq8HBk%2Fmv2UgkDyWU2jEvZfdTTDB%2FYuuqYBmt2ZHGTflOjLElQOYfP5UZaa0ysPv6rf14hkYxRJ0ziMpJFfVOSVxkeT%2Bdbodh2uw4rzJg8TN%2BGuz6OkEyVL1GWdJOhEtOPxpSikHjJbxX%2BsffoPAAAA%2F%2F8BAAD%2F%2F2%2BY79GBBAAA HTTP/1.1
Host: disabledincomprehensiblecitizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Cookie: u_pl=18343207; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 14d1a2f9ba88630ea32f347e3c7bc152
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1469f955cb6bc704e80bb4868ecc964f
9b7410731c433e400de18e38560d656a2c9bab77
a190871da582c9e5e45e3210986d7899800036c5deb91e72ba2749d230aa24fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A190871DA582C9E5E45E3210986D7899800036C5DEB91E72BA2749D230AA24FA"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11855
Expires: Tue, 14 Feb 2023 12:00:15 GMT
Date: Tue, 14 Feb 2023 08:42:40 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1469f955cb6bc704e80bb4868ecc964f
9b7410731c433e400de18e38560d656a2c9bab77
a190871da582c9e5e45e3210986d7899800036c5deb91e72ba2749d230aa24fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A190871DA582C9E5E45E3210986D7899800036C5DEB91E72BA2749D230AA24FA"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11855
Expires: Tue, 14 Feb 2023 12:00:15 GMT
Date: Tue, 14 Feb 2023 08:42:40 GMT
Connection: keep-alive
disabledincomprehensiblecitizens.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t%2F8QOLFfyCCyCj4F5nt7ulOMi4SjGskuCbZfwSP1V3VkzI1VU1V9%2FQkCAYXZI9z8KCeOt8kG1yDuEcPgkwEWYLg9mXJwdz2IB48COJRenYg%2BqDe%2B1597%2FC%2B996nu%2FkpcZHTk7X39baQkp4PW27zlXWhmC5sc%2BVa03Nb7oXmulCzwYXmoHam%2F4bnhi331ea7PN7U533Xc13P9ZpLwvBED85PWIj0sOO1Om4r8FteGGBg%2Fpvb3IGlDlj%2FlDwBwar%2Fb9y9AxGPoXrfXuR2M9Pp6%2B%2F0ckkzbdBnB9fVptKFQu8MJsZBog6m1dC2IuTzc9DqYKoAur9XK0AkKuLc9xCpg2mbiPr7DzuNJLhCxB5F0R%2BDyzEEHSPWNyDYPQLEDCurUL1bK9oUdOshS2u2Io2%2F%2FoQoKtL49Smo3jeLUgyaV7XMM6GVxSApIQZjiO4YaX6EbNuBKI4QZ59AMALVKyFYOVEtxBgiGUPyIah1kNdPOMgTB3nqoMdOmjTsJK47l0RJuz0fxHHcbsdxOD%2FLQtYO5hMXeVy3NUSWDhHLIWKzg9TsYFMMYfIfYDdKWObAZhVxLu%2Bgz0oUnKCwBAUlKARBkREU%2FXKfSevb8haTNo%2B8afSnsV2OdNbdpfs663JFdtNT8ng9D%2BfpBy9jk580Q9YOw6jjMT9IwiQIvU7HS%2Fw5P2Bs1p9lHVhRQthzE6nboiLPP%2BgjFRWZ%2Beg1RPQIVh4hFg5o7oEWoznfBd0YBfMuttV3hVAi3dCK%2B2HQiqTu2lRnrVj3wHSJNGsg23J25Sl5ZrKkFxofgMfHCz%2FNvJmO7s8gNiVSU%2BJD8SNBV94cXdEF2buiC0vurKaZ6IltWi%2FwakYz%2Fr%2Fb7%2FGtQhu2fNEOv3orrokaHl7jNrtEFROqa8nXi4Ixbpa0iTn5ftmu82gttxuLuVF5emnt7aXlXmq4tUKrMai4t%2Fo3YlGRxotPTk7zsZ%2F%2FgDBjmLxELz8mU4PQR4jTHdj0eOH2s4ePeC%2F9BqsJjDyriVIHRV6OjB%2BdfUpBIPlZTqMS9l95dIZ37U10TQM0uzE5yL4p0ZclqBzC5jOjLDXHC3e%2FqO1LRLIxiqRp7EXSyM8mo63Ic78ENbpeu8uw4qTJw8RNuOvzKOlEyRx1WScJOhHteHwuCqmHzFbx78sf%2FwMAAP%2F%2FAQAA%2F%2F%2F0aKQggQQAAA%3D%3D
200 OK 7 B URL HTTP/1.1 disabledincomprehensiblecitizens.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t%2F8QOLFfyCCyCj4F5nt7ulOMi4SjGskuCbZfwSP1V3VkzI1VU1V9%2FQkCAYXZI9z8KCeOt8kG1yDuEcPgkwEWYLg9mXJwdz2IB48COJRenYg%2BqDe%2B1597%2FC%2B996nu%2FkpcZHTk7X39baQkp4PW27zlXWhmC5sc%2BVa03Nb7oXmulCzwYXmoHam%2F4bnhi331ea7PN7U533Xc13P9ZpLwvBED85PWIj0sOO1Om4r8FteGGBg%2Fpvb3IGlDlj%2FlDwBwar%2Fb9y9AxGPoXrfXuR2M9Pp6%2B%2F0ckkzbdBnB9fVptKFQu8MJsZBog6m1dC2IuTzc9DqYKoAur9XK0AkKuLc9xCpg2mbiPr7DzuNJLhCxB5F0R%2BDyzEEHSPWNyDYPQLEDCurUL1bK9oUdOshS2u2Io2%2F%2FoQoKtL49Smo3jeLUgyaV7XMM6GVxSApIQZjiO4YaX6EbNuBKI4QZ59AMALVKyFYOVEtxBgiGUPyIah1kNdPOMgTB3nqoMdOmjTsJK47l0RJuz0fxHHcbsdxOD%2FLQtYO5hMXeVy3NUSWDhHLIWKzg9TsYFMMYfIfYDdKWObAZhVxLu%2Bgz0oUnKCwBAUlKARBkREU%2FXKfSevb8haTNo%2B8afSnsV2OdNbdpfs663JFdtNT8ng9D%2BfpBy9jk580Q9YOw6jjMT9IwiQIvU7HS%2Fw5P2Bs1p9lHVhRQthzE6nboiLPP%2BgjFRWZ%2Beg1RPQIVh4hFg5o7oEWoznfBd0YBfMuttV3hVAi3dCK%2B2HQiqTu2lRnrVj3wHSJNGsg23J25Sl5ZrKkFxofgMfHCz%2FNvJmO7s8gNiVSU%2BJD8SNBV94cXdEF2buiC0vurKaZ6IltWi%2FwakYz%2Fr%2Fb7%2FGtQhu2fNEOv3orrokaHl7jNrtEFROqa8nXi4Ixbpa0iTn5ftmu82gttxuLuVF5emnt7aXlXmq4tUKrMai4t%2Fo3YlGRxotPTk7zsZ%2F%2FgDBjmLxELz8mU4PQR4jTHdj0eOH2s4ePeC%2F9BqsJjDyriVIHRV6OjB%2BdfUpBIPlZTqMS9l95dIZ37U10TQM0uzE5yL4p0ZclqBzC5jOjLDXHC3e%2FqO1LRLIxiqRp7EXSyM8mo63Ic78ENbpeu8uw4qTJw8RNuOvzKOlEyRx1WScJOhHteHwuCqmHzFbx78sf%2FwMAAP%2F%2FAQAA%2F%2F%2F0aKQggQQAAA%3D%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3t%2F8QOLFfyCCyCj4F5nt7ulOMi4SjGskuCbZfwSP1V3VkzI1VU1V9%2FQkCAYXZI9z8KCeOt8kG1yDuEcPgkwEWYLg9mXJwdz2IB48COJRenYg%2BqDe%2B1597%2FC%2B996nu%2FkpcZHTk7X39baQkp4PW27zlXWhmC5sc%2BVa03Nb7oXmulCzwYXmoHam%2F4bnhi331ea7PN7U533Xc13P9ZpLwvBED85PWIj0sOO1Om4r8FteGGBg%2Fpvb3IGlDlj%2FlDwBwar%2Fb9y9AxGPoXrfXuR2M9Pp6%2B%2F0ckkzbdBnB9fVptKFQu8MJsZBog6m1dC2IuTzc9DqYKoAur9XK0AkKuLc9xCpg2mbiPr7DzuNJLhCxB5F0R%2BDyzEEHSPWNyDYPQLEDCurUL1bK9oUdOshS2u2Io2%2F%2FoQoKtL49Smo3jeLUgyaV7XMM6GVxSApIQZjiO4YaX6EbNuBKI4QZ59AMALVKyFYOVEtxBgiGUPyIah1kNdPOMgTB3nqoMdOmjTsJK47l0RJuz0fxHHcbsdxOD%2FLQtYO5hMXeVy3NUSWDhHLIWKzg9TsYFMMYfIfYDdKWObAZhVxLu%2Bgz0oUnKCwBAUlKARBkREU%2FXKfSevb8haTNo%2B8afSnsV2OdNbdpfs663JFdtNT8ng9D%2BfpBy9jk580Q9YOw6jjMT9IwiQIvU7HS%2Fw5P2Bs1p9lHVhRQthzE6nboiLPP%2BgjFRWZ%2Beg1RPQIVh4hFg5o7oEWoznfBd0YBfMuttV3hVAi3dCK%2B2HQiqTu2lRnrVj3wHSJNGsg23J25Sl5ZrKkFxofgMfHCz%2FNvJmO7s8gNiVSU%2BJD8SNBV94cXdEF2buiC0vurKaZ6IltWi%2FwakYz%2Fr%2Fb7%2FGtQhu2fNEOv3orrokaHl7jNrtEFROqa8nXi4Ixbpa0iTn5ftmu82gttxuLuVF5emnt7aXlXmq4tUKrMai4t%2Fo3YlGRxotPTk7zsZ%2F%2FgDBjmLxELz8mU4PQR4jTHdj0eOH2s4ePeC%2F9BqsJjDyriVIHRV6OjB%2BdfUpBIPlZTqMS9l95dIZ37U10TQM0uzE5yL4p0ZclqBzC5jOjLDXHC3e%2FqO1LRLIxiqRp7EXSyM8mo63Ic78ENbpeu8uw4qTJw8RNuOvzKOlEyRx1WScJOhHteHwuCqmHzFbx78sf%2FwMAAP%2F%2FAQAA%2F%2F%2F0aKQggQQAAA%3D%3D HTTP/1.1
Host: disabledincomprehensiblecitizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Cookie: u_pl=18343207; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1561cc48e367fb85e910cf1929fbe963
Strict-Transport-Security: max-age=0; includeSubdomains
radargoats.com/watch.194256806379.js?key=a7f770405d7946b33cceb7b2cfe9f266&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=c1fe66fd-809d-43e2-a64f-480807a90f28%3A2%3A1&shu=3079aed355061b02aefad01679a00cbb23de64631337e0330fb0985b5fc796df100b0512475f240be91d508c510c29db4ace7c682d6536408dda3a757287eb56a5238c595a0bbca3be9da0ca92be8801aaeaafeb&pst=1676364220&rmtc=t
200 OK 635 B URL HTTP/1.1 radargoats.com/watch.194256806379.js?key=a7f770405d7946b33cceb7b2cfe9f266&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=c1fe66fd-809d-43e2-a64f-480807a90f28%3A2%3A1&shu=3079aed355061b02aefad01679a00cbb23de64631337e0330fb0985b5fc796df100b0512475f240be91d508c510c29db4ace7c682d6536408dda3a757287eb56a5238c595a0bbca3be9da0ca92be8801aaeaafeb&pst=1676364220&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (581)
Hash 0eb5c57ab71f81de2e9dd6975e6ecf91
992efcb8574e68c55e9adbdd5911a846e892b361
b7b5853157da1576a928f47c583d06c9c3381eac379d3223cc883a6842b48ab1
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.194256806379.js?key=a7f770405d7946b33cceb7b2cfe9f266&kw=%5B%22crypto%22%2C%22tops%22%2C%22bottoms%22%2C%22review%22%2C%22-2023%22%5D&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F2023%2F02%2Fcrypto-tops-bottoms-review-2023.html&tz=0&dev=e&res=12.1055&uuid=c1fe66fd-809d-43e2-a64f-480807a90f28%3A2%3A1&shu=3079aed355061b02aefad01679a00cbb23de64631337e0330fb0985b5fc796df100b0512475f240be91d508c510c29db4ace7c682d6536408dda3a757287eb56a5238c595a0bbca3be9da0ca92be8801aaeaafeb&pst=1676364220&rmtc=t HTTP/1.1
Host: radargoats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winiphone254.blogspot.com
Referer: https://winiphone254.blogspot.com/
Connection: keep-alive
Cookie: u_pl=18343202
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com
Access-Control-Allow-Origin: https://winiphone254.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=c1fe66fd-809d-43e2-a64f-480807a90f28:2:1; expires=Tue, 21 Feb 2023 08:42:40 GMT; secure; SameSite=None
iprc983c2693802c748eceaf93ff443fd459=2717343; expires=Wed, 15 Feb 2023 10:42:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad0d9647f73085b6f019d9019f35debe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
feelseveryone.com/watchnew?shu=f5c63756e9048cd8f201da42d2b8d0c47172c0fc8c0cc614471d22854cbb3e5ee8c63b2aaaf563883468a75fdfecd110c53e1121a578473eb9200f88b952ff4506379e5102e914667e9ccd0d353b916077d1777e0e7ab4dd4e457a2bc2dd1ff7350bc7&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71a2274e9a0cd2c269e9111f99a6003a&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
200 OK 1.8 kB URL HTTP/1.1 feelseveryone.com/watchnew?shu=f5c63756e9048cd8f201da42d2b8d0c47172c0fc8c0cc614471d22854cbb3e5ee8c63b2aaaf563883468a75fdfecd110c53e1121a578473eb9200f88b952ff4506379e5102e914667e9ccd0d353b916077d1777e0e7ab4dd4e457a2bc2dd1ff7350bc7&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71a2274e9a0cd2c269e9111f99a6003a&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2558)
Hash e46a04c87e2bd1d6b72d9e48771812ce
f9e2ac1e374b878999269126f373cd4b12038c1b
f0178fc79b4a32b5c5a7580ab2d61b8197da37f7d5768e11a8e576b5fc26c482
GET /watchnew?shu=f5c63756e9048cd8f201da42d2b8d0c47172c0fc8c0cc614471d22854cbb3e5ee8c63b2aaaf563883468a75fdfecd110c53e1121a578473eb9200f88b952ff4506379e5102e914667e9ccd0d353b916077d1777e0e7ab4dd4e457a2bc2dd1ff7350bc7&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71a2274e9a0cd2c269e9111f99a6003a&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://feelseveryone.com//watchnew?key=71a2274e9a0cd2c269e9111f99a6003a
Cookie: u_pl=18343155
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com/
Access-Control-Allow-Origin: https://winiphone254.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: iprc84c2ccabfa6a87e89903538f97c388ee=3569806; expires=Tue, 14 Feb 2023 12:42:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 597a834cfd790773758fe782feb88640
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
feelseveryone.com/watchnew?shu=100cb3996250002896d452d6f722519b55f8581dad554e300f3a9dfdbb5364948b5740af621e0764ce06431338cf1e5db519922be139ed89d66e45c5c4b4fece9a7edd6e131576f9516781e3175be1b0370bb9282d9bc6a148578cc58e4d08&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71a2274e9a0cd2c269e9111f99a6003a&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
200 OK 2.2 kB URL HTTP/1.1 feelseveryone.com/watchnew?shu=100cb3996250002896d452d6f722519b55f8581dad554e300f3a9dfdbb5364948b5740af621e0764ce06431338cf1e5db519922be139ed89d66e45c5c4b4fece9a7edd6e131576f9516781e3175be1b0370bb9282d9bc6a148578cc58e4d08&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71a2274e9a0cd2c269e9111f99a6003a&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3013)
Hash 6564c1596278a839e0d67802a5a2e99c
6538bc1e8c5f7575fd2183a8c8142b3465b048fb
bcca64f1a8a26f561aacff36b7b93796054b2cb618c991457cb5afb7a4da0507
GET /watchnew?shu=100cb3996250002896d452d6f722519b55f8581dad554e300f3a9dfdbb5364948b5740af621e0764ce06431338cf1e5db519922be139ed89d66e45c5c4b4fece9a7edd6e131576f9516781e3175be1b0370bb9282d9bc6a148578cc58e4d08&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71a2274e9a0cd2c269e9111f99a6003a&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://feelseveryone.com//watchnew?key=71a2274e9a0cd2c269e9111f99a6003a
Cookie: u_pl=18343155
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com/
Access-Control-Allow-Origin: https://winiphone254.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: iprcd9459b57abde6de1a4aef79d4b53d947=2060092; expires=Tue, 28 Feb 2023 08:42:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fba7348b8ede0d012b23935d2efee254
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 704848873afb62f820c1b194e3620519
6b5dc73daf065a51ee2364b34f0e488902663d3d
19c8c76bb1c818f85ff5aafdf3d0bdd9e7ee2a4ec0753954d220eb2f23a234a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
feelseveryone.com/watchnew?shu=22f6fada7641d7359d6aec8c1f98223110ae3edadc3b146d5f5b3967a8748453cdbd0cb1ee5394a321343f1802d382b557275a3762192a1de3e8bdae50038c5bec7a26957475e2f71da94a46327d81d11c76a6ad5a3522bee032cfd9223748a462&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71f8f5be817ca65316c9982dd1b58f66&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
200 OK 1.8 kB URL HTTP/1.1 feelseveryone.com/watchnew?shu=22f6fada7641d7359d6aec8c1f98223110ae3edadc3b146d5f5b3967a8748453cdbd0cb1ee5394a321343f1802d382b557275a3762192a1de3e8bdae50038c5bec7a26957475e2f71da94a46327d81d11c76a6ad5a3522bee032cfd9223748a462&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71f8f5be817ca65316c9982dd1b58f66&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2539)
Hash 33238b8e0310bfe8101fd0ef418931fc
20fffd339154436e4a396a93c83ca6ba42eb5a03
fdca7500e7e26e561bb652803e5714baac45223dd5286520d2ae463b16647f3f
GET /watchnew?shu=22f6fada7641d7359d6aec8c1f98223110ae3edadc3b146d5f5b3967a8748453cdbd0cb1ee5394a321343f1802d382b557275a3762192a1de3e8bdae50038c5bec7a26957475e2f71da94a46327d81d11c76a6ad5a3522bee032cfd9223748a462&pst=1676364219&rmtc=t&uuid=&pii=&in=false&key=71f8f5be817ca65316c9982dd1b58f66&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F HTTP/1.1
Host: feelseveryone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://feelseveryone.com//watchnew?key=71f8f5be817ca65316c9982dd1b58f66
Cookie: u_pl=18343155
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://winiphone254.blogspot.com/
Access-Control-Allow-Origin: https://winiphone254.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18343155,18343196; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
iprc5ce8e1a4cab694dbe591a51a9430464e=3569805; expires=Tue, 14 Feb 2023 12:42:40 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
pdhtkv25=true; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
uncs25=1; expires=Wed, 15 Feb 2023 08:42:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3696fddfeb7b3ba63c2ebfdffd13ddb3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg
200 OK 23 kB URL HTTP/2 cdn.cloudimagesb.com/cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 9a2dc4fe2ebb70df2dfb1566d22970b8
b85a5f4ef7bd68b834d03d8b9a552e2e546e8701
1983c705f5f4315c8cd002183eb9ed3c846abed8fc2a6f0a073185c249552efd
GET /cti/d7/14/ea/d714ea0356c58a2679ce4074962c0e16/1588233398.jpeg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: image/jpeg
content-length: 22757
server: nginx/1.17.6
last-modified: Thu, 30 Apr 2020 07:56:41 GMT
etag: "5eaa84b9-58e5"
expires: Thu, 16 Feb 2023 08:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/bi/10/22/85/1022851f8588320f84450c791299737b/1596641253.jpg
200 OK 11 kB URL HTTP/2 cdn.cloudimagesb.com/bi/10/22/85/1022851f8588320f84450c791299737b/1596641253.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 468x60, components 3\012- data
Hash 54ae9ac1dd44fbc3e88664bd01578f42
c5794fadc819a0a28f4926f8804796b6a5a96017
b830843acc45486dae1fff67881e2c60115774064fa01ebdeb73982b5e0e39b5
GET /bi/10/22/85/1022851f8588320f84450c791299737b/1596641253.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: image/jpeg
content-length: 10601
server: nginx/1.17.6
last-modified: Wed, 05 Aug 2020 15:27:36 GMT
etag: "5f2acfe8-2969"
expires: Thu, 16 Feb 2023 08:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg
200 OK 32 kB URL HTTP/2 cdn.cloudimagesb.com/cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3\012- data
Hash 3528385dd0c31dbd2e5bfc4af7a6bec5
832c580ffd7711115d6c036ab4232f5bd88480a4
bfbfeebfcb679ca578055235614cc679b0757bad272996ef89b7fd5615a2db75
GET /cti/f7/13/0e/f7130e7f47db248dc886c97a1e4c3e2b/1588233482.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: image/jpeg
content-length: 32471
server: nginx/1.17.6
last-modified: Thu, 30 Apr 2020 07:58:05 GMT
etag: "5eaa850d-7ed7"
expires: Thu, 16 Feb 2023 08:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
disabledincomprehensiblecitizens.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3h0v8eIfiBcZBfEHmXT3dCcZF1mMayS4Jtk%2FgsfqrupJmZqqpqp7ehIEgwuyxzl4UE%2Bdb5IN6iLu0YMgE0GWILh9WXIwtz0JXgTxKD07MO6Dej%2F1vcP3vfc%2B38%2FPiIucnm58qHeFlHQ%2BbLnN1zaFYrqwzbXrTc9tuReam0ItBBeag9qZ%2FlueG7bc15vv83hbz%2Fuu57qe6zVXhOGJHsxPUIj0TsdrddxW4Le8MMDAPF7b3IGlDlj%2FjDwDwaontu7dhYjHUL0fLnG7nen0zfd6uaSZNuizoxtqW%2BlCoTdLE%2BMgUUfTbmhbEfLlOWh1NFUA3T%2BoFSASFXEeeIjU0ZQmov7hI6aRBFeI2JMo%2BmNwOYagY8T6JgS7T4CYYW0dqnd7TZuC7jxCaY1WpPHP3xBFRRp%2FPAfV%2B35ZikHzmpZ5JrSyGCQlxGAM0R0jzY%2BR7ToQxTHi7DMIRqB6JQQrJ6qFGEMkY0g%2BBLUO8voJB3niIE8d9Nhpk4adxHUXkyhpt5eCOI7b7TgOlxZYyNrBUuIij2taQ2TpELEcIjZ7SM0etsUQJv8ZdquEZQ5sVhHnyh76rETBCQpLUFCCQhAUGUHRLw%2BZtL4tbzNp88ibRn8a2%2BVIZ919eqizLldkPz0jT9fzcJ5%2F%2BCq2%2BWkzZO0wjDoe84MkTILQ63S8xF%2F0A8YW%2FAXWgRUlhD03kborKvLSwz5SUZG5T95ARI9h5TFi4YDmHmgxWvRd0K1RsORiV%2F1YCCXSLa24HwatSOquTXXWinUPTJdIswayHWdfnpEXJkt6uXEDPD65%2BOvc2%2BnowRxiUyI1JT4WvxB05a3RVV2Qg6u6sOTuepqJntil9QKvZTTj57%2F9gO8U2rDVS3b4zTtxDdTpnevcZpepYkJ1LfluWTDGzYo2MSc%2FrdpNHm3kdms5NypPL2%2B8u7LaSw23Vmg1BhX31%2F9FLCrSeOXZyWk%2B9dtfEGYMk5fo5SdkahD6GHG6B5vO2FtNYOSsJ0rPo8jLkfGj2acUBJLPahqVsP%2Bro1m%2Bb2%2Bhaxqg2c3JQfZNib4sQeUQNp8bZak5uXjvq9q%2BRiQbo0iaxkEkjfyiHu1HFXnx92Ay5NpdgRWnTR4mbsJdn0dJJ0oWqcs6SdCJaMfji1FIPWS2iv9c%2FfQ%2FAAAA%2F%2F8BAAD%2F%2F4hbaeCBBAAA
200 OK 7 B URL HTTP/1.1 disabledincomprehensiblecitizens.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3h0v8eIfiBcZBfEHmXT3dCcZF1mMayS4Jtk%2FgsfqrupJmZqqpqp7ehIEgwuyxzl4UE%2Bdb5IN6iLu0YMgE0GWILh9WXIwtz0JXgTxKD07MO6Dej%2F1vcP3vfc%2B38%2FPiIucnm58qHeFlHQ%2BbLnN1zaFYrqwzbXrTc9tuReam0ItBBeag9qZ%2FlueG7bc15vv83hbz%2Fuu57qe6zVXhOGJHsxPUIj0TsdrddxW4Le8MMDAPF7b3IGlDlj%2FjDwDwaontu7dhYjHUL0fLnG7nen0zfd6uaSZNuizoxtqW%2BlCoTdLE%2BMgUUfTbmhbEfLlOWh1NFUA3T%2BoFSASFXEeeIjU0ZQmov7hI6aRBFeI2JMo%2BmNwOYagY8T6JgS7T4CYYW0dqnd7TZuC7jxCaY1WpPHP3xBFRRp%2FPAfV%2B35ZikHzmpZ5JrSyGCQlxGAM0R0jzY%2BR7ToQxTHi7DMIRqB6JQQrJ6qFGEMkY0g%2BBLUO8voJB3niIE8d9Nhpk4adxHUXkyhpt5eCOI7b7TgOlxZYyNrBUuIij2taQ2TpELEcIjZ7SM0etsUQJv8ZdquEZQ5sVhHnyh76rETBCQpLUFCCQhAUGUHRLw%2BZtL4tbzNp88ibRn8a2%2BVIZ919eqizLldkPz0jT9fzcJ5%2F%2BCq2%2BWkzZO0wjDoe84MkTILQ63S8xF%2F0A8YW%2FAXWgRUlhD03kborKvLSwz5SUZG5T95ARI9h5TFi4YDmHmgxWvRd0K1RsORiV%2F1YCCXSLa24HwatSOquTXXWinUPTJdIswayHWdfnpEXJkt6uXEDPD65%2BOvc2%2BnowRxiUyI1JT4WvxB05a3RVV2Qg6u6sOTuepqJntil9QKvZTTj57%2F9gO8U2rDVS3b4zTtxDdTpnevcZpepYkJ1LfluWTDGzYo2MSc%2FrdpNHm3kdms5NypPL2%2B8u7LaSw23Vmg1BhX31%2F9FLCrSeOXZyWk%2B9dtfEGYMk5fo5SdkahD6GHG6B5vO2FtNYOSsJ0rPo8jLkfGj2acUBJLPahqVsP%2Bro1m%2Bb2%2Bhaxqg2c3JQfZNib4sQeUQNp8bZak5uXjvq9q%2BRiQbo0iaxkEkjfyiHu1HFXnx92Ay5NpdgRWnTR4mbsJdn0dJJ0oWqcs6SdCJaMfji1FIPWS2iv9c%2FfQ%2FAAAA%2F%2F8BAAD%2F%2F4hbaeCBBAAA
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSu3h0v8eIfiBcZBfEHmXT3dCcZF1mMayS4Jtk%2FgsfqrupJmZqqpqp7ehIEgwuyxzl4UE%2Bdb5IN6iLu0YMgE0GWILh9WXIwtz0JXgTxKD07MO6Dej%2F1vcP3vfc%2B38%2FPiIucnm58qHeFlHQ%2BbLnN1zaFYrqwzbXrTc9tuReam0ItBBeag9qZ%2FlueG7bc15vv83hbz%2Fuu57qe6zVXhOGJHsxPUIj0TsdrddxW4Le8MMDAPF7b3IGlDlj%2FjDwDwaontu7dhYjHUL0fLnG7nen0zfd6uaSZNuizoxtqW%2BlCoTdLE%2BMgUUfTbmhbEfLlOWh1NFUA3T%2BoFSASFXEeeIjU0ZQmov7hI6aRBFeI2JMo%2BmNwOYagY8T6JgS7T4CYYW0dqnd7TZuC7jxCaY1WpPHP3xBFRRp%2FPAfV%2B35ZikHzmpZ5JrSyGCQlxGAM0R0jzY%2BR7ToQxTHi7DMIRqB6JQQrJ6qFGEMkY0g%2BBLUO8voJB3niIE8d9Nhpk4adxHUXkyhpt5eCOI7b7TgOlxZYyNrBUuIij2taQ2TpELEcIjZ7SM0etsUQJv8ZdquEZQ5sVhHnyh76rETBCQpLUFCCQhAUGUHRLw%2BZtL4tbzNp88ibRn8a2%2BVIZ919eqizLldkPz0jT9fzcJ5%2F%2BCq2%2BWkzZO0wjDoe84MkTILQ63S8xF%2F0A8YW%2FAXWgRUlhD03kborKvLSwz5SUZG5T95ARI9h5TFi4YDmHmgxWvRd0K1RsORiV%2F1YCCXSLa24HwatSOquTXXWinUPTJdIswayHWdfnpEXJkt6uXEDPD65%2BOvc2%2BnowRxiUyI1JT4WvxB05a3RVV2Qg6u6sOTuepqJntil9QKvZTTj57%2F9gO8U2rDVS3b4zTtxDdTpnevcZpepYkJ1LfluWTDGzYo2MSc%2FrdpNHm3kdms5NypPL2%2B8u7LaSw23Vmg1BhX31%2F9FLCrSeOXZyWk%2B9dtfEGYMk5fo5SdkahD6GHG6B5vO2FtNYOSsJ0rPo8jLkfGj2acUBJLPahqVsP%2Bro1m%2Bb2%2Bhaxqg2c3JQfZNib4sQeUQNp8bZak5uXjvq9q%2BRiQbo0iaxkEkjfyiHu1HFXnx92Ay5NpdgRWnTR4mbsJdn0dJJ0oWqcs6SdCJaMfji1FIPWS2iv9c%2FfQ%2FAAAA%2F%2F8BAAD%2F%2F4hbaeCBBAAA HTTP/1.1
Host: disabledincomprehensiblecitizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Cookie: u_pl=18343207; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8def2f7a442a4c57b6da1b7e92cb05f
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg
200 OK 24 kB URL HTTP/2 cdn.cloudimagesb.com/cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash d71c872fb9f50bd9383abc0721d1d51e
1f69b40ef2f95798b4e0fd738d630ad4319cd739
6b4a622b9de1ffab8fe905fc8c4633994c732476664b5190ceedd62a3795ab08
GET /cti/5e/78/a9/5e78a94057ff65f06ec19e727c7be04f/1588233511.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: image/jpeg
content-length: 24518
server: nginx/1.17.6
last-modified: Thu, 30 Apr 2020 07:58:34 GMT
etag: "5eaa852a-5fc6"
expires: Thu, 16 Feb 2023 08:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg
200 OK 28 kB URL HTTP/2 cdn.cloudimagesb.com/cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 1dcde64d47d24d151a1433ecf4403dd7
443d6704b5a294e000084d7a8ac823e526093928
d11bcd65a82589c2c31d6fd87cb16ec673dd5640462ad3d20ff53e014a435376
GET /cti/d6/e8/37/d6e83777d7311d26f1ac5b2b62a81218/1588233535.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: image/jpeg
content-length: 27832
server: nginx/1.17.6
last-modified: Thu, 30 Apr 2020 07:58:58 GMT
etag: "5eaa8542-6cb8"
expires: Thu, 16 Feb 2023 08:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
200 OK 25 kB URL HTTP/2 cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Hash d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd
GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://feelseveryone.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Thu, 16 Feb 2023 08:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
200 OK 144 kB URL HTTP/2 cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 144 kB (144379 bytes)
Hash 33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://feelseveryone.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: image/png
content-length: 144379
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Thu, 16 Feb 2023 08:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/bi/a4/f6/99/a4f69921940c762ce3548d3eb36e0953/1596640955.jpg
200 OK 87 kB URL HTTP/2 cdn.cloudimagesb.com/bi/a4/f6/99/a4f69921940c762ce3548d3eb36e0953/1596640955.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, baseline, precision 8, 300x250, components 3\012- data
Hash 2062a7b8153d5c6b61e3c878fb0db0c7
9ce704e722b8cdba404fddcf390f9ef19a13a784
a066cf3ede5d2042d13485f33a1cf7108f27b0d619066837b08ddca34129d232
GET /bi/a4/f6/99/a4f69921940c762ce3548d3eb36e0953/1596640955.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://feelseveryone.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: image/jpeg
content-length: 87252
server: nginx/1.17.6
last-modified: Wed, 05 Aug 2020 15:22:38 GMT
etag: "5f2acebe-154d4"
expires: Thu, 16 Feb 2023 08:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
200 OK 664 B URL HTTP/2 www.google.com/recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu
IP
File type ASCII text, with very long lines (1034), with no line terminators
Hash 512d7bae162bc922ea4f0ff0a3fcac45
6693c65487673b7fc51b7b373e7177d9da3c5797
1ccd1fbcf6b9c525f60e258c66de9fb49e2f446bdd6a9b590e4a75801e3cc95f
GET /recaptcha/api.js?trustedtypes=true&render=6LcdyMoZAAAAAFYwZAM4wZySTWVzr15BuInOVasu HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.blogger.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 14 Feb 2023 08:42:40 GMT
date: Tue, 14 Feb 2023 08:42:40 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 664
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/de/3f/62/de3f624c0734dbfc05348cda21b5c98d/1658920011.png
200 OK 214 kB URL HTTP/2 cdn.cloudimagesb.com/cti/de/3f/62/de3f624c0734dbfc05348cda21b5c98d/1658920011.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 160 x 600, 8-bit/color RGBA, non-interlaced\012- data
Size 214 kB (213839 bytes)
Hash 1d5c0c87729ad8b2ac5175c523b4968f
a56f93542e7ee8728fc8334d7cc5f4b53c080278
01c52194020d1ab2c4ada1c8fde8fe082ea4d3e80e03b3562e0d4a21c0616ab5
GET /cti/de/3f/62/de3f624c0734dbfc05348cda21b5c98d/1658920011.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://feelseveryone.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:40 GMT
content-type: image/png
content-length: 213839
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:06:58 GMT
etag: "62e11c52-3434f"
expires: Thu, 16 Feb 2023 08:42:40 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
disabledincomprehensiblecitizens.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXsdLvPgH4kVGQfxBJt093UnGRRbjGgmuSfaP4LG6q3pSpqaqqeqengTB4ILscQ4e1FPnm2SDuoh79CDIRJAlCG5flhzMbU%2FiSRCP0pOB0Qfd73v1vcP3vfc%2B28%2FPiIucnm58oHeFlHQ%2BbLnNVzeFYrqwzbUbTc9tuRebm0ItBBebg%2Fpn%2Bm96bthyX2u%2Bx%2BNtPe%2B7nut6rtdcEYYnejA%2FYSHSux2v1XFbgd%2FywgAD8%2F%2Fa5g4sdcD6Z%2BRpCFY9vnX%2FHkQ8hup9f5nb7Uynb7zbyyXNtEGfHd1U20oXCr0ZTIyDRB1Nu6FtRcgXF6DV0dQBdP%2BgdoBIVMR56CFSR1OZiPqH50ojCa4QsSdQ9MfgcgxBx4j1LQj2gAAxw9o6VO%2FOmjYF3Tlnac1WpPH3XxBFRRq%2FPwvV%2B25ZikHzupZ5JrSyGCQlxGAM0R0jzY%2BR7ToQxTHi7FMIRqB6JQQrJ66FGEMkY0g%2BBLUO8voTDvLEQZ466LHTJg07iesuJlHSbi8FcRy323EcLi2wkLWDpcRFHteyhsjSIWI5RGz2kJo9bIshTP4T7FYJyxzYrCLO1T30WYmCExSWoKAEhSAoMoKiXx4yaX1b3mHS5pE3zf40t8uRzrr79FBnXa7IfnpGnqrn4Tz36BVs89NmyNphGHU85gdJmASh1%2Bl4ib%2FoB4wt%2BAusAytKCHthYnVXVOTFR32koiJzH7%2BOiB7DymPEwgHNPdBitOi7oFujYMnFrvqhEEqkW1pxPwxakdRdm%2BqsFesemC6RZg1kO86%2BPCPPT5b0UuMqeHxy6Ze5t9LRwznEpkRqSnwkfiboytuja7ogB9d0Ycm99TQTPbFL6wVez2jGH%2Fvmfb5TaMNWL9vh12%2FHNVHDuze4za5QxYTqWvLtsmCMmxVtYk5%2BXLWbPNrI7dZyblSeXtl4Z2W1lxpurdBqDCoerP%2BDWFSk8fIzk9N88tc%2FIcwYJi%2FRy0%2FINCD0MeJ0DzadqbeawMhZT5Q2UOTlyPjR7FEKAslnNY1K2P%2FU0Qzv29vomgZodmtykH1Toi9LUDmEzedGWWpOLt3%2Fso6vEMnGKJKmcRBJIz%2BvR%2FthRV74LajRzfNJW3Ha5GHiJtz1eZR0omSRuqyTBJ2Idjy%2BGIXUQ2ar%2BI%2FVT%2F4FAAD%2F%2FwEAAP%2F%2F1cDHMIEEAAA%3D
200 OK 7 B URL HTTP/1.1 disabledincomprehensiblecitizens.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXsdLvPgH4kVGQfxBJt093UnGRRbjGgmuSfaP4LG6q3pSpqaqqeqengTB4ILscQ4e1FPnm2SDuoh79CDIRJAlCG5flhzMbU%2FiSRCP0pOB0Qfd73v1vcP3vfc%2B28%2FPiIucnm58oHeFlHQ%2BbLnNVzeFYrqwzbUbTc9tuRebm0ItBBebg%2Fpn%2Bm96bthyX2u%2Bx%2BNtPe%2B7nut6rtdcEYYnejA%2FYSHSux2v1XFbgd%2FywgAD8%2F%2Fa5g4sdcD6Z%2BRpCFY9vnX%2FHkQ8hup9f5nb7Uynb7zbyyXNtEGfHd1U20oXCr0ZTIyDRB1Nu6FtRcgXF6DV0dQBdP%2BgdoBIVMR56CFSR1OZiPqH50ojCa4QsSdQ9MfgcgxBx4j1LQj2gAAxw9o6VO%2FOmjYF3Tlnac1WpPH3XxBFRRq%2FPwvV%2B25ZikHzupZ5JrSyGCQlxGAM0R0jzY%2BR7ToQxTHi7FMIRqB6JQQrJ66FGEMkY0g%2BBLUO8voTDvLEQZ466LHTJg07iesuJlHSbi8FcRy323EcLi2wkLWDpcRFHteyhsjSIWI5RGz2kJo9bIshTP4T7FYJyxzYrCLO1T30WYmCExSWoKAEhSAoMoKiXx4yaX1b3mHS5pE3zf40t8uRzrr79FBnXa7IfnpGnqrn4Tz36BVs89NmyNphGHU85gdJmASh1%2Bl4ib%2FoB4wt%2BAusAytKCHthYnVXVOTFR32koiJzH7%2BOiB7DymPEwgHNPdBitOi7oFujYMnFrvqhEEqkW1pxPwxakdRdm%2BqsFesemC6RZg1kO86%2BPCPPT5b0UuMqeHxy6Ze5t9LRwznEpkRqSnwkfiboytuja7ogB9d0Ycm99TQTPbFL6wVez2jGH%2Fvmfb5TaMNWL9vh12%2FHNVHDuze4za5QxYTqWvLtsmCMmxVtYk5%2BXLWbPNrI7dZyblSeXtl4Z2W1lxpurdBqDCoerP%2BDWFSk8fIzk9N88tc%2FIcwYJi%2FRy0%2FINCD0MeJ0DzadqbeawMhZT5Q2UOTlyPjR7FEKAslnNY1K2P%2FU0Qzv29vomgZodmtykH1Toi9LUDmEzedGWWpOLt3%2Fso6vEMnGKJKmcRBJIz%2BvR%2FthRV74LajRzfNJW3Ha5GHiJtz1eZR0omSRuqyTBJ2Idjy%2BGIXUQ2ar%2BI%2FVT%2F4FAAD%2F%2FwEAAP%2F%2F1cDHMIEEAAA%3D
IP
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRSuXsdLvPgH4kVGQfxBJt093UnGRRbjGgmuSfaP4LG6q3pSpqaqqeqengTB4ILscQ4e1FPnm2SDuoh79CDIRJAlCG5flhzMbU%2FiSRCP0pOB0Qfd73v1vcP3vfc%2B28%2FPiIucnm58oHeFlHQ%2BbLnNVzeFYrqwzbUbTc9tuRebm0ItBBebg%2Fpn%2Bm96bthyX2u%2Bx%2BNtPe%2B7nut6rtdcEYYnejA%2FYSHSux2v1XFbgd%2FywgAD8%2F%2Fa5g4sdcD6Z%2BRpCFY9vnX%2FHkQ8hup9f5nb7Uynb7zbyyXNtEGfHd1U20oXCr0ZTIyDRB1Nu6FtRcgXF6DV0dQBdP%2BgdoBIVMR56CFSR1OZiPqH50ojCa4QsSdQ9MfgcgxBx4j1LQj2gAAxw9o6VO%2FOmjYF3Tlnac1WpPH3XxBFRRq%2FPwvV%2B25ZikHzupZ5JrSyGCQlxGAM0R0jzY%2BR7ToQxTHi7FMIRqB6JQQrJ66FGEMkY0g%2BBLUO8voTDvLEQZ466LHTJg07iesuJlHSbi8FcRy323EcLi2wkLWDpcRFHteyhsjSIWI5RGz2kJo9bIshTP4T7FYJyxzYrCLO1T30WYmCExSWoKAEhSAoMoKiXx4yaX1b3mHS5pE3zf40t8uRzrr79FBnXa7IfnpGnqrn4Tz36BVs89NmyNphGHU85gdJmASh1%2Bl4ib%2FoB4wt%2BAusAytKCHthYnVXVOTFR32koiJzH7%2BOiB7DymPEwgHNPdBitOi7oFujYMnFrvqhEEqkW1pxPwxakdRdm%2BqsFesemC6RZg1kO86%2BPCPPT5b0UuMqeHxy6Ze5t9LRwznEpkRqSnwkfiboytuja7ogB9d0Ycm99TQTPbFL6wVez2jGH%2Fvmfb5TaMNWL9vh12%2FHNVHDuze4za5QxYTqWvLtsmCMmxVtYk5%2BXLWbPNrI7dZyblSeXtl4Z2W1lxpurdBqDCoerP%2BDWFSk8fIzk9N88tc%2FIcwYJi%2FRy0%2FINCD0MeJ0DzadqbeawMhZT5Q2UOTlyPjR7FEKAslnNY1K2P%2FU0Qzv29vomgZodmtykH1Toi9LUDmEzedGWWpOLt3%2Fso6vEMnGKJKmcRBJIz%2BvR%2FthRV74LajRzfNJW3Ha5GHiJtz1eZR0omSRuqyTBJ2Idjy%2BGIXUQ2ar%2BI%2FVT%2F4FAAD%2F%2FwEAAP%2F%2F1cDHMIEEAAA%3D HTTP/1.1
Host: disabledincomprehensiblecitizens.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Cookie: u_pl=18343207; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 14 Feb 2023 08:42:40 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 089b6ea2affe0540d32e23ed83ee0fd0
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 29a7a34fc894553ff324f97441fdaaeb
00357179dbfc4b0608c7d972e203007687378b7e
dc8608bacd61ca8f8eb8c315b7ea3ccb3e1e988177b8a22026e96b100019431b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 09b1e7b4ff0f2a6b91a867b8f2283d6e
f0172126191c43c3e3c22e3f52e2bab0c8d7332f
d7f7fcbe3a25c6ac8e1ff3db0b2a3d17940655aefa24f64f2dea031627c824a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7F7FCBE3A25C6AC8E1FF3DB0B2A3D17940655AEFA24F64F2DEA031627C824A9"
Last-Modified: Mon, 13 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9761
Expires: Tue, 14 Feb 2023 11:25:22 GMT
Date: Tue, 14 Feb 2023 08:42:41 GMT
Connection: keep-alive
jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18343202
200 OK 1.3 kB URL HTTP/1.1 jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18343202
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8b4c64776198b5cdb579efc419e94af0
e04c892f8d62681c4743bd8c544ce34fbdff6104
2be885fcc9f8bcbda1ab78cca9f9a6d0e7cb743560fba7f0839fbe9ecc7c4a71
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18343202 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 14 Feb 2023 08:42:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Wed, 15 Feb 2023 08:42:41 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTgzNDMyMDIiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93aW5pcGhvbmUyNTQuYmxvZ3Nwb3QuY29tLyJ9fQ.ESyoHWkP2S3e0e5SEdlcN6q-Xwpn1NiDNdhZBGxaVU8; expires=Tue, 14 Feb 2023 08:43:41 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: db6f235100e7efef3944e986f1982eda
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
jennyvisits.com/dyfc1k09?shu=ab410b5aafe9539d380cdc6115d6b4e324f0ade6c385e07bca42f44b0beefd32d01d27e3ac0eeec2764e7ce17d89aa6f49f5e6afc66857f9733bda761a411bd364f53472359c22da93c547aa7972527690ebf4509563c08bdbdb5d35d8c69b&pst=1676364221&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F&psid=18343202
302 Found 0 B URL HTTP/1.1 jennyvisits.com/dyfc1k09?shu=ab410b5aafe9539d380cdc6115d6b4e324f0ade6c385e07bca42f44b0beefd32d01d27e3ac0eeec2764e7ce17d89aa6f49f5e6afc66857f9733bda761a411bd364f53472359c22da93c547aa7972527690ebf4509563c08bdbdb5d35d8c69b&pst=1676364221&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F&psid=18343202
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?shu=ab410b5aafe9539d380cdc6115d6b4e324f0ade6c385e07bca42f44b0beefd32d01d27e3ac0eeec2764e7ce17d89aa6f49f5e6afc66857f9733bda761a411bd364f53472359c22da93c547aa7972527690ebf4509563c08bdbdb5d35d8c69b&pst=1676364221&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fwiniphone254.blogspot.com%2F&psid=18343202 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jennyvisits.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.17.6
Date: Tue, 14 Feb 2023 08:42:41 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://xml-v4.trafficmoose.com/click?seat=1705924&i=80svTmFX5ZE_0
Set-Cookie: pdhtkv=true; expires=Wed, 15 Feb 2023 08:42:41 GMT
uncs=1; expires=Wed, 15 Feb 2023 08:42:41 GMT
pdhtkv28=true; expires=Wed, 15 Feb 2023 08:42:41 GMT
uncs28=1; expires=Wed, 15 Feb 2023 08:42:41 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 959f9c99a56b96b8efabbf191a20535e
Strict-Transport-Security: max-age=0; includeSubdomains
xml-v4.trafficmoose.com/click?seat=1705924&i=80svTmFX5ZE_0
302 Found 0 B URL HTTP/1.1 xml-v4.trafficmoose.com/click?seat=1705924&i=80svTmFX5ZE_0
IP
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?seat=1705924&i=80svTmFX5ZE_0 HTTP/1.1
Host: xml-v4.trafficmoose.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_114896.16122660
Pragma: no-cache
adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_114896.16122660
307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_114896.16122660
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_114896.16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Tue, 14 Feb 2023 08:42:42 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 14 Feb 2023 08:42:42 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; domain=.unibet.com; expires=Thu, 14-Feb-3022 08:42:42 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=61
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950
301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950
IP
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Tue, 14 Feb 2023 08:42:43 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950
set-cookie: JSESSIONID=node01dyc0ales9x6i1dixpwvz2xpi9283354.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01dyc0ales9x6i1dixpwvz2xpi; Path=/; Domain=.unibet.nu; Expires=Thu, 13-Feb-2025 08:42:42 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Thu, 13-Feb-2025 08:42:42 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Thu, 13-Feb-2025 08:42:42 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320665405_25592553322944D1A7DB6A7A5043FDAD; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=68248853; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_25592553322944D1A7DB6A7A5043FDAD%26sref%3DTRM%26TRM%3Dd_114896.16122660%26affiliateId%3D1%26pid%3D68248853%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Tue, 14 Feb 2023 08:42:42 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950
301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950
IP
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&sref=TRM&TRM=d_114896.16122660&affiliateId=1&pid=68248853&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01dyc0ales9x6i1dixpwvz2xpi; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320665405_25592553322944D1A7DB6A7A5043FDAD; BID=37950; PID=68248853; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_25592553322944D1A7DB6A7A5043FDAD%26sref%3DTRM%26TRM%3Dd_114896.16122660%26affiliateId%3D1%26pid%3D68248853%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Tue, 14 Feb 2023 08:42:43 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Tue, 14 Feb 2023 08:42:43 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7d2561de3d7b5c81101e4f2acf9599f8
7aa42abc735aa5e6e7279e6b211a5a63d6a0373d
5dc0d440e6d3bfd7b6c02d987e5d6c371d9a13e3c6d9f658e8c767607259befe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DC0D440E6D3BFD7B6C02D987E5D6C371D9A13E3C6D9F658E8C767607259BEFE"
Last-Modified: Mon, 13 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13519
Expires: Tue, 14 Feb 2023 12:28:02 GMT
Date: Tue, 14 Feb 2023 08:42:43 GMT
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
200 OK 5.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
Hash a7f9395c4a527561200ca3c859cd3ae3
4c92475b24784536d802df7b9327888198dfb54a
0576c4c97bd4d3b6d74377996fd77e1a9cfef2a3fa6e676d2527251dbb3daaa5
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
etag: W/"0x8DAFF9914DE94BB"
x-ms-request-id: 580bcb77-701e-0034-8081-3121ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418330
vary: Accept-Encoding
server: cloudflare
cf-ray: 79948315187f0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
200 OK 2.0 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
File type HTML document, Unicode text, UTF-8 text
Hash cd9c70c2f7105bf0e6b6145fe5a4fd7a
c7c0a0b85f1e158e1483c088f62cabbcf3776b3c
b28ed4dbdffa4628eb67f527f2e86c379411492416ae30aaddc571de7802aa03
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF99188E686E"
x-ms-request-id: fae4441f-101e-0040-4d81-31153a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418335
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831518820b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
200 OK 2.1 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
File type HTML document, ASCII text
Hash e251689e8baa2f7bca110ed48854efa5
357a57ad1c2efdc422e2698f29a2c5bc07dfccd9
7b6a12991e02d757b8c9273c2a676019b9490142c4aabdbb8122c5e428c6ae59
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF991898A021"
x-ms-request-id: e9253db8-601e-0075-8081-31792e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418330
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831518830b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
200 OK 957 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
ASN #47171 Unibet Services Limited
Hash e19225e3eb562a3b6a86f7b8b47c38fb
ce3eb55448afd8fc9dfa4ac82f8743a009d5e142
c152526a02cb050650847e999ae141eae985472fbf73c5a843160b3b6bb06f79
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: application/javascript
content-length: 957
last-modified: Mon, 25 Apr 2022 12:18:31 GMT
etag: "3bd-5dd799309c310"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
200 OK 16 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2392)
Hash 46f3564a8590809f41e0b7e18b676406
926d3a380f69076e4a7dc2e464f6ac2f3892782d
9761574fc9bdb3ca6a8bae5abcb9ecf7d3c04fedad75c64b9dec52204eae7793
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: djoKeCzytkLU3NSdQsOPbQ==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
x-ms-request-id: b4f2b33d-d01e-003d-0850-406419000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=320665405_25592553322944D1A7DB6A7A5043FDAD;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 799483142fa60b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 14 Feb 2023 05:10:44 GMT
expires: Wed, 14 Feb 2024 05:10:44 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 12719
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f5067af0270e15c7a9474f4164857326
32b475f2e62e41425bed727d9879ebcbbb60aa3a
60d910b309744465e215e9a977ad16146387dcc6c1160ae1192d5c26e71c02b5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f5067af0270e15c7a9474f4164857326
32b475f2e62e41425bed727d9879ebcbbb60aa3a
60d910b309744465e215e9a977ad16146387dcc6c1160ae1192d5c26e71c02b5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
200 OK 98 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Hash 8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407
GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/jpeg
content-length: 98453
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: jm2a9e8brf6Slbj8lnk8KA==
etag: "0x8DAFF991565B252"
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 3cf155d6-101e-000d-3081-31dad6000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 418334
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 799483179b550b06-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
200 OK 11 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Hash 3cddc82c5afd69cb5ef9e59aa76a555a
9389f8abbd4b7dd63f750a9d5d4edbd7afc2014d
be65161786e42fbf8780178e8d6d936278cd902d3e410d4e0432af672e6c1b51
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF99157C1D3C"
x-ms-request-id: ec6073d8-501e-0051-6881-318f8e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418334
vary: Accept-Encoding
server: cloudflare
cf-ray: 79948315188c0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
200 OK 79 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Hash b41a58b0726dbb6e14b687dbec69e11e
3383d74658e50cbb1074177587ef9636aac00095
da49045564c80d29ef234959b18c10282ed8a0f78224cbde7ece1ec6624d3909
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF99183CF8FA"
x-ms-request-id: d4160c8c-201e-0016-7481-31e4d5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418334
vary: Accept-Encoding
server: cloudflare
cf-ray: 79948315188f0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2dea84b056fe03cf91ce514618731475
5eaa44bbf7d4864cb50950e90c5832027fb8a18f
5f05224b4c2683bf0d1eca2b00cb5ace1f985e8dbc9f4b5461b0a21c2d8e2398
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
200 OK 1.1 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Hash 13c2ef26543191a131310f67b86e7858
df370bbddf5b866049190ef3049f8b7b49b06e16
189b4e8c0df88837306a1b4ca29cce3f7acfc40a75e421f074e9f75c4366bcdc
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF99173FAB3F"
x-ms-request-id: af16bb2e-701e-0046-1c81-312685000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418334
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831528930b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
200 OK 997 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Hash 47e6e3ac67e1ea829d415c2a52d122f4
789ee24357379ec016908b8c71866d189ebc1dd2
0b4c3b81fe957de1d0c55df944f37f6c99352fa819e0ca90d53d4d4032125ffd
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF99174612EA"
x-ms-request-id: 82c2bcc2-201e-0029-1081-312c76000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418334
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831528960b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 605c0a47169c45b131ccb1ed345cf048
110d17ee2aa9a2cb7128e27554ec8dcbb1f59296
0ac9bb15a9f9edd3750752ddf33d3478bedd369cc5f22b6a0e258f55958b7774
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
200 OK 17 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3207), with no line terminators
Hash e798b3490657eb91a24e4f9b58cda227
3227b4de781387dd8c68fec06da8be684ffce7b5
92f2a504d4374d060204244e8453837e3875c9085665ec9bdc0e57cd7d937135
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915A7459F"
x-ms-request-id: e677fb13-901e-0061-5581-313141000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418334
vary: Accept-Encoding
server: cloudflare
cf-ray: 79948315188a0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 11 Feb 2023 10:26:49 GMT
expires: Sun, 11 Feb 2024 10:26:49 GMT
cache-control: public, max-age=31536000
age: 252955
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/widget/betslip/betslip.js
200 OK 20 kB URL HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP
File type ASCII text, with very long lines (693)
Hash 2137c2d4a00918765376f57231425323
f09964ed2eb1e63875974af26587a86a57b30f45
f728ed87a68692f9d399a056e729438874afa103e34808be07df5283f829a4e0
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: 556a432d-701e-0079-3f03-03ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 87004
vary: Accept-Encoding
server: cloudflare
cf-ray: 799483175b130b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
200 OK 81 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
File type ASCII text, with very long lines (62112)
Hash eac4606c3b7b54668b7873026a0465bf
7697098181941c36b146530efccb06cb0081f2e6
998b2728bd9dc3b79d60a1f79323dffa72314e52184de70a4a9343af52b439b9
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 14 Feb 2023 08:42:44 GMT
expires: Tue, 14 Feb 2023 08:42:44 GMT
cache-control: private, max-age=900
last-modified: Tue, 14 Feb 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81275
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2dea84b056fe03cf91ce514618731475
5eaa44bbf7d4864cb50950e90c5832027fb8a18f
5f05224b4c2683bf0d1eca2b00cb5ace1f985e8dbc9f4b5461b0a21c2d8e2398
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash aba7dc8c0bab7dcfb0610c0ca00cb633
c9f053efefde2a6b4b9697304fa39cdfb4b40695
b30b735cbcaee8096a265329716e90967215ad99eb84d59c7e5575ac7b193f13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3152
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:44 GMT
Last-Modified: Tue, 14 Feb 2023 07:50:12 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
200 OK 2.4 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5740), with no line terminators
Hash 2742415184d8c58a62160318de5a6463
7e15946af7777440e5ff0cbee484313830ae8170
9e2f17542c10e94077cce4b851419958260fd5eac73bb5054792871c65a480e0
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF99184AD9A4"
x-ms-request-id: fa9ed380-a01e-0027-7f81-3105c6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418334
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831528920b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?465656
410 Gone 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?465656
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js?465656 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 410 Gone
date: Tue, 14 Feb 2023 08:42:44 GMT
content-type: application/javascript
content-length: 0
last-modified: Mon, 13 Feb 2023 18:03:03 GMT
cache-control: public, max-age=86400, s-maxage=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 52781
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831b4de3b4f7-OSL
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
410 Gone 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 410 Gone
date: Tue, 14 Feb 2023 08:42:44 GMT
content-type: application/javascript
content-length: 0
last-modified: Mon, 13 Feb 2023 18:03:03 GMT
cache-control: public, max-age=86400, s-maxage=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 52781
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831b6e16b4f7-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 14 Feb 2023 08:42:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 0bef0338-4452-4b41-b037-ed1f74f84991
Set-Cookie: uuid2=8240846061634695210; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 15-May-2023 08:42:44 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 14 Feb 2023 08:42:44 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 407da782-0e07-4cf2-a81a-5e19e65b4370
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Hb7r..CE!@wnf-Te9(>wL5L!!'>v$_Pi*; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 15-May-2023 08:42:44 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.digicert.com/
200 OK 471 B IP
Hash 3df9c1c5f06dff6c84d5f4800050caf5
363de8e1d6a8ed9c30af98411b0c7a9da86a0dee
7d33075681d6685ba9b125804c9188716595a05cb646488712f09ea268dcc013
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6342
Cache-Control: max-age=169796
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:44 GMT
Etag: "63eb2502-1d7"
Expires: Thu, 16 Feb 2023 07:52:40 GMT
Last-Modified: Tue, 14 Feb 2023 06:06:58 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1676364246164
200 OK 498 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1676364246164
IP
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash 1588005b64f1179d1668e9956ceda265
c28ecaff3d8d321f3d00e88937dad2ecb97c3ae9
6a5ef735ea54409ac0ab1058068079c2ff6b28d146cc8b11e71d4d5af61bebfd
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1676364246164 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-0674a406d.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=26782005062081763201132725103038128678; Max-Age=15552000; Expires=Sun, 13 Aug 2023 08:42:44 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: IJBe14MBSqE=
Content-Length: 498
Connection: keep-alive
ocsp.digicert.com/
200 OK 278 B IP
Hash d37b6eede99fbc58da7dde17784dfe7e
e31d513c06cab18b0f9f8379ef20f7a1f005a6c7
e7f3d4c7b70455f101ac2af27ce62d64a022d7bcd1bd0cc20a72b46e9a381d65
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4944
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:44 GMT
Last-Modified: Tue, 14 Feb 2023 07:20:20 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash d37b6eede99fbc58da7dde17784dfe7e
e31d513c06cab18b0f9f8379ef20f7a1f005a6c7
e7f3d4c7b70455f101ac2af27ce62d64a022d7bcd1bd0cc20a72b46e9a381d65
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6304
Cache-Control: max-age=109269
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:44 GMT
Etag: "63ea38ba-116"
Expires: Wed, 15 Feb 2023 15:03:53 GMT
Last-Modified: Mon, 13 Feb 2023 13:18:50 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash d37b6eede99fbc58da7dde17784dfe7e
e31d513c06cab18b0f9f8379ef20f7a1f005a6c7
e7f3d4c7b70455f101ac2af27ce62d64a022d7bcd1bd0cc20a72b46e9a381d65
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4944
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:44 GMT
Last-Modified: Tue, 14 Feb 2023 07:20:20 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 471 B IP
Hash 13b45252e769f73b7a62dbf47ced9419
b2582e981ccd3d3925c74c479e2920b93ef798f4
445a5724687e91a3510e81116606da1824b4db5453ee9462d07f712f09fdd464
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4601
Cache-Control: max-age=87051
Content-Type: application/ocsp-response
Date: Tue, 14 Feb 2023 08:42:44 GMT
Etag: "63e9e896-1d7"
Expires: Wed, 15 Feb 2023 08:53:35 GMT
Last-Modified: Mon, 13 Feb 2023 07:36:54 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=26763134099969938831132359042617974717&ts=1676364246607
200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=26763134099969938831132359042617974717&ts=1676364246607
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=26763134099969938831132359042617974717&ts=1676364246607 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Tue, 14 Feb 2023 08:42:44 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unibet.demdex.net/dest5.html?d_nsid=0
200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Tue, 14 Feb 2023 08:42:45 GMT
DCS: dcs-prod-irl1-2-v046-0ebef7d37.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 8 Feb 2023 11:53:45 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: FrCQaxhFRBc=
Content-Length: 2791
Connection: keep-alive
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s81007466994080?AQB=1&ndh=1&pf=1&t=14%2F1%2F2023%208%3A44%3A6%202%200&mid=26763134099969938831132359042617974717&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_25592553322944D1A7DB6A7A5043FDAD%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_25592553322944D1A7DB6A7A5043FDAD%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=8%3A44%20AM%7CTuesday&v6=8%3A44%20AM%7CTuesday&v11=GBP&c14=New&v14=New&c16=1676364246&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A68248853-37950&v122=NONE&v124=2799402&v125=320665405_25592553322944D1A7DB6A7A5043FDAD&v126=68248853&v127=37950&v134=1676364246&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s81007466994080?AQB=1&ndh=1&pf=1&t=14%2F1%2F2023%208%3A44%3A6%202%200&mid=26763134099969938831132359042617974717&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_25592553322944D1A7DB6A7A5043FDAD%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_25592553322944D1A7DB6A7A5043FDAD%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=8%3A44%20AM%7CTuesday&v6=8%3A44%20AM%7CTuesday&v11=GBP&c14=New&v14=New&c16=1676364246&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A68248853-37950&v122=NONE&v124=2799402&v125=320665405_25592553322944D1A7DB6A7A5043FDAD&v126=68248853&v127=37950&v134=1676364246&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s81007466994080?AQB=1&ndh=1&pf=1&t=14%2F1%2F2023%208%3A44%3A6%202%200&mid=26763134099969938831132359042617974717&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_25592553322944D1A7DB6A7A5043FDAD%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A68248853-37950%26btag%3D320665405_25592553322944D1A7DB6A7A5043FDAD%26bid%3D37950%26campaignId%3D2799402%26pid%3D68248853&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=8%3A44%20AM%7CTuesday&v6=8%3A44%20AM%7CTuesday&v11=GBP&c14=New&v14=New&c16=1676364246&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A68248853-37950&v122=NONE&v124=2799402&v125=320665405_25592553322944D1A7DB6A7A5043FDAD&v126=68248853&v127=37950&v134=1676364246&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Tue, 14 Feb 2023 08:42:45 GMT
expires: Mon, 13 Feb 2023 08:42:45 GMT
last-modified: Wed, 15 Feb 2023 08:42:45 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3599964633853231104-4619665302290846866
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP
Hash aa69472132fe353efad91371d7facd2a
a481d87da8c21b597ffc441edd23892d4350a857
f1ab06d34f6935aaf292b63a7478161ccb94fe180805229555664e4698546e5e
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 14 Feb 2023 08:42:45 GMT
Last-Modified: Tue, 14 Feb 2023 07:28:34 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HVwSOmRyoi6N6JGcgg7w5iIa-3eogdladmKwNMMHOtABlMPvh5yRSA==
Age: 4451
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
200 OK 0 B URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Tue, 14 Feb 2023 08:42:43 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=918a28837d469cda54fea86f65a3d5a5f06872944f26694d3e52a68732d0d39c;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=918a28837d469cda54fea86f65a3d5a5f06872944f26694d3e52a68732d0d39c;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 14 Feb 2023 08:42:43 GMT
date: Tue, 14 Feb 2023 08:42:43 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEgBd3E_SjvR3Gas2LDh7dwvWHDUES5dRLjGW3TDNEpUTHQoQUJMHLrErGJyHg89uy71MyuHJerISXB-lner596QdxCdxVLn_VwQ91wKDAZC_qtLpA-qLz6FxPXVDmsyQ_GXfa5n6GaWxQezDcTDNEpUTHQoQUJMHLrErGJyHg89uy71MyuHcfp1bZhs=s324
404 Not Found 0 B URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEgBd3E_SjvR3Gas2LDh7dwvWHDUES5dRLjGW3TDNEpUTHQoQUJMHLrErGJyHg89uy71MyuHJerISXB-lner596QdxCdxVLn_VwQ91wKDAZC_qtLpA-qLz6FxPXVDmsyQ_GXfa5n6GaWxQezDcTDNEpUTHQoQUJMHLrErGJyHg89uy71MyuHcfp1bZhs=s324
IP
GET /img/a/AVvXsEgBd3E_SjvR3Gas2LDh7dwvWHDUES5dRLjGW3TDNEpUTHQoQUJMHLrErGJyHg89uy71MyuHJerISXB-lner596QdxCdxVLn_VwQ91wKDAZC_qtLpA-qLz6FxPXVDmsyQ_GXfa5n6GaWxQezDcTDNEpUTHQoQUJMHLrErGJyHg89uy71MyuHcfp1bZhs=s324 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 14 Feb 2023 08:42:38 GMT
content-security-policy: script-src 'nonce-8qpVqcgZumD42ofLs526AA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/BloggerImageHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/BloggerImageHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/BloggerImageHttp/cspreport
report-to: {"group":"BloggerImageHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/BloggerImageHttp/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin; report-to="BloggerImageHttp"
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/worksans/v8/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
200 OK 0 B URL HTTP/2 fonts.gstatic.com/s/worksans/v8/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
IP
GET /s/worksans/v8/QGYsz_wNahGAdqQ43Rh_fKDp.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://winiphone254.blogspot.com
Connection: keep-alive
Referer: https://winiphone254.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 52404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 10 Feb 2023 02:20:58 GMT
expires: Sat, 10 Feb 2024 02:20:58 GMT
cache-control: public, max-age=31536000
age: 368500
last-modified: Fri, 26 Jun 2020 02:46:21 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF991835F51F"
x-ms-request-id: 1328b90b-701e-0024-5c81-31e4a2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418334
vary: Accept-Encoding
server: cloudflare
cf-ray: 79948315188d0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
404 Not Found 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: application/xml
x-ms-request-id: 5067e54a-d01e-0012-5550-4069d2000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 34
vary: Accept-Encoding
server: cloudflare
cf-ray: 79948315289d0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915D02464"
x-ms-request-id: 9ee27f41-c01e-000e-3881-313bb2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418334
vary: Accept-Encoding
server: cloudflare
cf-ray: 79948315289f0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 87004
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831518890b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:68248853-37950&btag=320665405_25592553322944D1A7DB6A7A5043FDAD&bid=37950&campaignId=2799402&pid=68248853
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF9917716257"
x-ms-request-id: 78c0b78e-401e-0000-7881-311202000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 418334
vary: Accept-Encoding
server: cloudflare
cf-ray: 79948315289a0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
200 OK 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP
ASN #47171 Unibet Services Limited
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68248853%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1676364162447)%5c%2f%22%2c%22CookieTag%22%3a%223795068248853451240919C2023214842%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228824124865%7c1%22%7d%5d; btag=320665405_25592553322944D1A7DB6A7A5043FDAD
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:43 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:44 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 381
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831e8ddab512-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 14 Feb 2023 08:42:44 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 381
vary: Accept-Encoding
server: cloudflare
cf-ray: 7994831eae20b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
172.217.21.161
104.40.147.180
23.36.77.32
104.18.24.188
54.72.143.161
85.184.96.5
3.124.100.190
93.184.220.29
15.236.117.205