r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8659
Expires: Sun, 27 Nov 2022 14:27:17 GMT
Date: Sun, 27 Nov 2022 12:02:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2972
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:58 GMT
Last-Modified: Sun, 27 Nov 2022 11:13:26 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
dorothyfigueroa5.blogspot.com/2022/05/is-gold-better-than-steel-in-muck.html
142.250.74.161301 Moved Permanently 222 B URL HTTP/1.1 dorothyfigueroa5.blogspot.com/2022/05/is-gold-better-than-steel-in-muck.html
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 1fb44a0277e0f835b2e20309fa9106ff
ca4e6bd7089f2027744e7d9f0bde01ede5be0774
e615fb6ce8704231cf8ed9a421213ecf7bd8d61b6c66cf844463855d761da20e
GET /2022/05/is-gold-better-than-steel-in-muck.html HTTP/1.1
Host: dorothyfigueroa5.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://dorothyfigueroa5.blogspot.com/2022/05/is-gold-better-than-steel-in-muck.html
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sun, 27 Nov 2022 12:02:58 GMT
Expires: Sun, 27 Nov 2022 12:02:58 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 222
Server: GSE
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8551
Expires: Sun, 27 Nov 2022 14:25:29 GMT
Date: Sun, 27 Nov 2022 12:02:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 11:19:21 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2617
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: p8kDTHkUpUZvNsY3YCDKkdQQLM487LarxkSfKncCPRY5I5vrb6ft9stbylez5iXY8oF81grPph8=
x-amz-request-id: VFYQ4F9R1D91QDBN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 11:41:37 GMT
age: 1281
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1070f987d04f66ed32c3055c234c9912
106e630271a81d058e7cb3c2b659feb17c611388
cdf1aa8aa5ab6b1a46108e12c388d75fa72a4089dd979c2ccb8003d536567d07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 12:02:59 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 11:08:54 GMT
cache-control: public,max-age=3600
age: 3245
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
dorothyfigueroa5.blogspot.com/2022/05/is-gold-better-than-steel-in-muck.html
142.250.74.161200 OK 26 kB URL HTTP/2 dorothyfigueroa5.blogspot.com/2022/05/is-gold-better-than-steel-in-muck.html
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (13567)
Hash 502fb386c5cc809e4db4766bc596c0dc
32da17d478830925b72b65401c929f462ba2bdb5
264748495149ed216cd078696873d9b281af17767de69b73430be78b6c75a329
GET /2022/05/is-gold-better-than-steel-in-muck.html HTTP/1.1
Host: dorothyfigueroa5.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sun, 27 Nov 2022 12:02:59 GMT
date: Sun, 27 Nov 2022 12:02:59 GMT
cache-control: private, max-age=0
last-modified: Thu, 22 Sep 2022 15:23:22 GMT
etag: W/"cbae64e2c0eca460b12e488f1256d8e84533d8c1f5d9dae88047756301908a58"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 25526
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1070f987d04f66ed32c3055c234c9912
106e630271a81d058e7cb3c2b659feb17c611388
cdf1aa8aa5ab6b1a46108e12c388d75fa72a4089dd979c2ccb8003d536567d07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2620cb440711056d80ec6ee6a4101116
0de0450475dd899906c36956881f9db5ecad90fd
9a84a21b1cb5e13c925b144beef55b87669a02836087e1a9cf74fa4964ef43f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3734
Cache-Control: max-age=158440
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Etag: "63830b45-117"
Expires: Tue, 29 Nov 2022 08:03:39 GMT
Last-Modified: Sun, 27 Nov 2022 07:01:25 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2269
Cache-Control: max-age=164502
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 09:44:41 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.10200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 13:47:02 GMT
expires: Sat, 25 Nov 2023 13:47:02 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 166557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7e65495f0c98d64cbc0196892977d042
29c99e4f1b7c4281134c3d7f64b48275a5d97938
6e218801ebe404288d2343ec61ed1f38489da0074762492186ebc0825e0b5c80
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6280
Cache-Control: max-age=164910
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Etag: "63831a99-117"
Expires: Tue, 29 Nov 2022 09:51:29 GMT
Last-Modified: Sun, 27 Nov 2022 08:06:49 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8f17aad502c2d2f8bfd1222410c94947
afcf3e8e7bc2c85e304c1f97bdf648ab58a7337a
4d5c610cbf445fb91df96f6a9c1b7bf7450d41b22723991b7564cd3b2e73e5fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1875
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Etag: "6382fe89-117"
Last-Modified: Sun, 27 Nov 2022 11:31:44 GMT
Server: ECS (amb/6B7C)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3c15a6fb5937c9f6cd9de0f275497af4
d6d9a3aaeb9ec1952ceb26dd4b32fa8aca4cdb67
9e74b7c39628bf60aa3b6d3fe54346b227116f42195fa49b01828493a77b55c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2875
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Etag: "6381a8b3-116"
Last-Modified: Sun, 27 Nov 2022 11:15:04 GMT
Server: ECS (amb/6BC7)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8265519a9ad7f0ba3f4cae81a69a3fab
5b441b1c43eaed8b670ad1e3ad91d18a7668c664
e4ea958bdb87b40f7e34aa8b40e0d6aea1e84b7b51da1a81e1193afd38a0c898
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=113971
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Etag: "63826c26-117"
Expires: Mon, 28 Nov 2022 19:42:30 GMT
Last-Modified: Sat, 26 Nov 2022 19:42:30 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8265519a9ad7f0ba3f4cae81a69a3fab
5b441b1c43eaed8b670ad1e3ad91d18a7668c664
e4ea958bdb87b40f7e34aa8b40e0d6aea1e84b7b51da1a81e1193afd38a0c898
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Etag: "637fc956-116"
Server: ECS (amb/6BA4)
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 84f667bbe3508732781e8c937ed464d2
f81866fdfdc422b4be834b1001187124d8059633
a110ffb5c4b7fba68f87ecccade6f85a01125986bba767f3b5036309eb852652
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=116502
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Etag: "63827609-117"
Expires: Mon, 28 Nov 2022 20:24:41 GMT
Last-Modified: Sat, 26 Nov 2022 20:24:41 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b29f31fbee9e8b7e3dc9457ee6c2e227
3b24fa3b0b80403050fa3364ada73090183a523a
3e11f90567142c01e71d64033021cfcb084e09258eee323dfe473876f1691693
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6448
Cache-Control: max-age=144550
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Etag: "6382ca69-116"
Expires: Tue, 29 Nov 2022 04:12:09 GMT
Last-Modified: Sun, 27 Nov 2022 02:24:41 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278
www.naguide.com/wp-content/uploads/2021/06/Muck-Naguide.jpg
104.21.72.10200 OK 43 kB URL HTTP/2 www.naguide.com/wp-content/uploads/2021/06/Muck-Naguide.jpg
IP 104.21.72.10:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 616x353, components 3\012- data
Hash 01b947aa7268425e8d5adbad6ab97cbb
d3f1647f372affee2ad73568023781a015003579
6ba3edade56bb6e4b6370716b0657011a42f49820a24143e4b793b501fac2ae3
GET /wp-content/uploads/2021/06/Muck-Naguide.jpg HTTP/1.1
Host: www.naguide.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:02:59 GMT
content-type: image/jpeg
content-length: 43372
cache-control: public, max-age=604800
expires: Sat, 03 Dec 2022 08:51:14 GMT
etag: "a96c-62fa5c86-15a1b0;;;"
last-modified: Mon, 15 Aug 2022 14:47:34 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4bNWKVaOJq27Qjox5W9Sa2ZmTVGLLJFJLvoDq0maB2Fxm4Zo%2BkzS4bLsEa7%2FxGYG3S3X6QD5jPNLE9vF7N37QD0gf90ITney1MmIFHKUxMhoQ2ZzFFaRSLMUD8lOTWcJwfI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7d3b965b527-OSL
X-Firefox-Spdy: h2
tryhardguides.com/wp-content/uploads/2021/07/featured-muck-how-to-beat-guardians.jpg
172.67.199.71200 OK 119 kB URL HTTP/2 tryhardguides.com/wp-content/uploads/2021/07/featured-muck-how-to-beat-guardians.jpg
IP 172.67.199.71:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x675, components 3\012- data
Size 119 kB (118682 bytes)
Hash 4636560ea0c988bab64757390a0297bb
4394bc5ae64edd152579045251754ef63944726c
f20d068f7f6942344eafa0986fc67de79d2b24cf5a65a0008450fbaf5ba7d74a
GET /wp-content/uploads/2021/07/featured-muck-how-to-beat-guardians.jpg HTTP/1.1
Host: tryhardguides.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:02:59 GMT
content-type: image/jpeg
content-length: 118682
last-modified: Mon, 05 Jul 2021 16:02:54 GMT
etag: "60e32d2e-1cf9a"
x-powered-by: centminmod
x-hosted-by: BigScoots
access-control-allow-origin: *
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-cache-status: HIT
age: 4624
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=40w6spJtc55z21h5RKBrFhmdNmELxCA7DnmY7niGt2vC2RMj2O9z0a6SHVMcUipM3c4WcGQcGx80dHYsC4j12usuVWIUIE4UmO1K09QwGFhESWHjcQULuaXT2DDohJ5Fa%2Fjn0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7d47a60b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 463f202e3459fe2f41a8497ad045285d
8af5c14682cbc7db37d98455a7b84e67299dd938
2ad6cf7761c84f639372165d5940264de82f4f1152a46ec2d102e3a8fcd0e000
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.163.62.5101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.62.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: D4OCSuh8W7ToLsa81H0PBw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LY2H5eMr2610z6HJ23Xo5onS6pw=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ca9a5a187a9301acd15cc891755a13c8
1522515a371821fe1c94ce773898f2e913e03012
469bcc07c9e15d43d093697277d75eaa3199cb3f455b6fd32daaa0153f4e0f98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8835f987270c3a6655732a8b9f79019d
b526a02966f50407fd20c881616a505ca6693ce3
349663442998cf63d2ff77fdfee46ac572703750f977b4f60e9082307309f7c2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8835f987270c3a6655732a8b9f79019d
b526a02966f50407fd20c881616a505ca6693ce3
349663442998cf63d2ff77fdfee46ac572703750f977b4f60e9082307309f7c2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/js/platform.js
142.250.74.174200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1279)
Hash 7ac44ef24e267df17ff72f195b252806
62db12d9ce11a576ccd7fa3544d851c5fd42f3b7
aae7897e7b55999c1b3166309381d19ac488dced51e14071339d8b193a686a61
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Sun, 27 Nov 2022 12:02:59 GMT
expires: Sun, 27 Nov 2022 12:02:59 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8835f987270c3a6655732a8b9f79019d
b526a02966f50407fd20c881616a505ca6693ce3
349663442998cf63d2ff77fdfee46ac572703750f977b4f60e9082307309f7c2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:02:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2620cb440711056d80ec6ee6a4101116
0de0450475dd899906c36956881f9db5ecad90fd
9a84a21b1cb5e13c925b144beef55b87669a02836087e1a9cf74fa4964ef43f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3735
Cache-Control: max-age=158440
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Etag: "63830b45-117"
Expires: Tue, 29 Nov 2022 08:03:40 GMT
Last-Modified: Sun, 27 Nov 2022 07:01:25 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
zaline.diraya.my.id/728.js
104.21.24.51200 OK 682 B URL HTTP/2 zaline.diraya.my.id/728.js
IP 104.21.24.51:0
Hash cf0ad6dcd7eb6a9b9a2a06ac0b696027
ef3a87e47c586ba3eb402df161fd55e29ad24cf5
f0b5088fd80b02a32db10454f370a8255b911ae7a634bc3aaa2a77c99428ff9f
GET /728.js HTTP/1.1
Host: zaline.diraya.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:02:59 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"05a61fc0830f81ec7aff0677288562b8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dt2vWGvWwdCnIHd1OPLmfMKV58g8LfWzUSVcNWV2%2BE9RJe06zy1emE7i43w8qd3FeDP6YCcfkNXx2Dx4BMYVIH2J8TaHJS22kk8Kc%2BDSg5%2BN96mw0GUtKHSiJFW44K%2FxH0P2bv5Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 770ab7d3dbfcfabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.ytimg.com/vi/DFOt-B2R058/maxresdefault.jpg
142.250.74.22200 OK 132 kB URL HTTP/2 i.ytimg.com/vi/DFOt-B2R058/maxresdefault.jpg
IP 142.250.74.22:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size 132 kB (132495 bytes)
Hash d181b9ed1acd3baee6d64b49b9e280c0
7de15393df55482875ecf5d88c89e5923b8aed15
e939ce39f9f2141bec168b04bf85cb9890f2c7c81d7b9e4a0778ec650ba3652b
GET /vi/DFOt-B2R058/maxresdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 132495
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 12:02:59 GMT
expires: Sun, 27 Nov 2022 14:02:59 GMT
cache-control: public, max-age=7200
etag: "1624415230"
content-type: image/jpeg
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
steamlists.com/wp-content/uploads/2021/06/Muck-All-the-items-steamlists-com.png
104.26.6.197200 OK 13 kB URL HTTP/2 steamlists.com/wp-content/uploads/2021/06/Muck-All-the-items-steamlists-com.png
IP 104.26.6.197:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 462x799, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 21d0c5d7ece878bc6a3e6e96fc590e3c
50c7f7182a4633e0b1fe9c5c95ee94845f014392
77856c38b6fac69bc8273e93cda37bf6cd6395fdda54e58dbeaacf4a37d2a598
GET /wp-content/uploads/2021/06/Muck-All-the-items-steamlists-com.png HTTP/1.1
Host: steamlists.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/webp
content-length: 13158
last-modified: Sun, 06 Jun 2021 10:45:03 GMT
etag: "60bca72f-3366"
expires: Mon, 27 Nov 2023 12:02:59 GMT
cache-control: max-age=31536000
vary: Accept
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=goqicuXEv3ldo9h0yokjpN6CEExwrPuuO%2Bt4j4MjID6L7Jf%2FtaaiIC9MuL03NLayroSVsQWwlcYooO48nCM07W2IxOARHt23Q0nPjkhNHdo9GPLofJAvm9OBKO4oZ3i9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770ab7d3bad91c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
steamlists.com/wp-content/uploads/2021/06/Muck-All-the-items-Woods-steamlists-com.png
104.26.6.197200 OK 11 kB URL HTTP/2 steamlists.com/wp-content/uploads/2021/06/Muck-All-the-items-Woods-steamlists-com.png
IP 104.26.6.197:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 394x694, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a3087af1e6c5ecde49f71493f9c6f3ff
98ac66faab81905ceec96d3f4c9aa722282b6b3d
32a419885b9fa6ba3778d6d76953bbb0723a14c5b9156e7b043be837b815c9cd
GET /wp-content/uploads/2021/06/Muck-All-the-items-Woods-steamlists-com.png HTTP/1.1
Host: steamlists.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/webp
content-length: 11358
last-modified: Sun, 06 Jun 2021 10:45:03 GMT
etag: "60bca72f-2c5e"
expires: Mon, 27 Nov 2023 12:02:59 GMT
cache-control: max-age=31536000
vary: Accept
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ZRoUIWSsL7I71oy1agA82MwBLNUUR5ACcxV9dfrx7UYU%2BaLCbD0KpztSW5nWcoNUo%2BBsJsTXUByq4hTC1TwNdbzZ6pMizEBeEzTBoFxfREjW3CuMghPtc5ToINtVszz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770ab7d3bad71c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3777052dd051aadd51d7ed0abe02aeb8
ef84205bb29e91e9b0bc1dec2bb1d087937dd74f
5f2c213da2f9b19ecd1a1b8b2eef8c431dad7a587bdb24338741b0848b2228c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.slythergames.com/wp-content/uploads/2021/06/Muck-Beginner-Guide-Tips-Screenshot.jpg
104.21.42.2200 OK 244 kB URL HTTP/2 www.slythergames.com/wp-content/uploads/2021/06/Muck-Beginner-Guide-Tips-Screenshot.jpg
IP 104.21.42.2:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size 244 kB (244385 bytes)
Hash 2e810fa07a0b22efad1dc8c91a96342e
1a38758b580de978ce310745016d8ff41f9c55e6
1614e120ef1a1c035a682d32a322325a621f027e3074d509f4f4550649593175
GET /wp-content/uploads/2021/06/Muck-Beginner-Guide-Tips-Screenshot.jpg HTTP/1.1
Host: www.slythergames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/jpeg
content-length: 244385
last-modified: Tue, 08 Jun 2021 22:17:03 GMT
etag: "3baa1-5c44884822284"
cache-control: public, max-age=31536000
expires: Sun, 26 Nov 2023 20:59:36 GMT
content-security-policy: block-all-mixed-content
referrer-policy: no-referrer-when-downgrade
x-endurance-cache-level: 2
x-nginx-cache: WordPress
cf-cache-status: HIT
age: 54204
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0omxEn4BbImzHFTZ5gciwYspjdxPkREdeosk4jgVpJ5HsiltQ4dera2wqCXoU%2By9kPq6qYNxJ9AwlwPh93AIC6sONt2GWRUE4R2goklfKf7pJ8Q2RoIDLM8fIJgyg3%2BQoJ8udHFtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7d57918b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/2342155703-widgets.js
142.250.74.105200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2342155703-widgets.js
IP 142.250.74.105:0
File type ASCII text, with very long lines (2221)
Hash 1217c8e34acb09c7cea97bae4d386ea1
55ee17703d0a7710943e93913bacb49220d98b4b
c2f23437ab938096bf8b40de8b08c4f27bb880b7ef8588481ec5ccc08b58870b
GET /static/v1/widgets/2342155703-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 16:02:03 GMT
expires: Tue, 21 Nov 2023 16:02:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 00:52:59 GMT
content-type: text/javascript
age: 504057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dorothyfigueroa5.blogspot.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 282009
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash b29f31fbee9e8b7e3dc9457ee6c2e227
3b24fa3b0b80403050fa3364ada73090183a523a
3e11f90567142c01e71d64033021cfcb084e09258eee323dfe473876f1691693
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4368
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Last-Modified: Sun, 27 Nov 2022 10:50:12 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
104.18.11.207200 OK 77 kB URL HTTP/2 stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 104.18.11.207:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dorothyfigueroa5.blogspot.com
Connection: keep-alive
Referer: https://stackpath.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: font/woff2
content-length: 77160
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "af7ae505a9eed503f8b8e6982036873e"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 08/17/2022 18:20:14
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: c3e7f35d47152d42099fb9827f4e8e74
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 770ab7d5c9e50b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zaline.diraya.my.id/320-1.js
104.21.24.51200 OK 680 B URL HTTP/2 zaline.diraya.my.id/320-1.js
IP 104.21.24.51:0
Hash 5d1c0ff53c708e1426195e0644f8ccb0
9e87ecde5a20afabd0607a9122cf6362f714cb39
63ef259efe4883a7f1aea508c8de54aa0072e930beb671cdacf736f85da11097
GET /320-1.js HTTP/1.1
Host: zaline.diraya.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:02:59 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"40ac7da57bffb7e3b7950d609b4bdd57"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zD8hSndCi2RhqvLuUtAy5gCpPTwvn0A%2BoVcxbjtDT1wVkhKJBitMqLJdvMvhrWcjlsH12oEWxt8eTI%2BAnf4wYUis8L%2FCNFrYwOBwL0BBjv7Fnce3pvWpq%2B0gjNZ4mxDOUw9UrSs7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 770ab7d3fc24fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8f17aad502c2d2f8bfd1222410c94947
afcf3e8e7bc2c85e304c1f97bdf648ab58a7337a
4d5c610cbf445fb91df96f6a9c1b7bf7450d41b22723991b7564cd3b2e73e5fe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1876
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Last-Modified: Sun, 27 Nov 2022 11:31:44 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 84f667bbe3508732781e8c937ed464d2
f81866fdfdc422b4be834b1001187124d8059633
a110ffb5c4b7fba68f87ecccade6f85a01125986bba767f3b5036309eb852652
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=116502
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Etag: "63827609-117"
Expires: Mon, 28 Nov 2022 20:24:42 GMT
Last-Modified: Sat, 26 Nov 2022 20:24:41 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
steamlists.com/wp-content/uploads/2021/06/2_Muck-All-the-items-steamlists-com.png
104.26.6.197200 OK 19 kB URL HTTP/2 steamlists.com/wp-content/uploads/2021/06/2_Muck-All-the-items-steamlists-com.png
IP 104.26.6.197:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 566x817, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 24abb31137ba0b2f491b422f7390b505
e9e417e8d87914fe86c30b112796f2fee0f30cb8
4f2fcfa2743d98e1f022165aa61ed5b61ac06846673250d98c79bcd2604ea529
GET /wp-content/uploads/2021/06/2_Muck-All-the-items-steamlists-com.png HTTP/1.1
Host: steamlists.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/webp
content-length: 18776
last-modified: Sun, 06 Jun 2021 10:45:04 GMT
etag: "60bca730-4958"
expires: Mon, 27 Nov 2023 12:03:00 GMT
cache-control: max-age=31536000
vary: Accept
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZKIV1U7RU3K6y2h0%2BWff%2FoUL0yXWCWWtoE2fk6gosc%2Bok41kIyLL%2BKePPVQuBq9XpfbqboyoD6iEwcc0%2Bg8AksXK5EU9bdMKGwFd0PYWJEzK2ghD6PPoUWa%2BVMKnK5za"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770ab7d3badb1c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
216.58.207.195200 OK 472 B URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 216.58.207.195:0
Hash 3777052dd051aadd51d7ed0abe02aeb8
ef84205bb29e91e9b0bc1dec2bb1d087937dd74f
5f2c213da2f9b19ecd1a1b8b2eef8c431dad7a587bdb24338741b0848b2228c9
GET /s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dorothyfigueroa5.blogspot.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 18:59:14 GMT
expires: Tue, 21 Nov 2023 18:59:14 GMT
cache-control: public, max-age=31536000
age: 493426
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash f4c0dcafa6e6e21c07f1186b8da7db4b
6cfa71860304288f2df6d1078c48d7af04e77029
2d3812c808dda9745205466c3fd95a24beab5359101133d38d7e37db55f1426b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=131991
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Etag: "6382b28b-116"
Expires: Tue, 29 Nov 2022 00:42:51 GMT
Last-Modified: Sun, 27 Nov 2022 00:42:51 GMT
Server: nginx
Content-Length: 278
www.blogger.com/dyn-css/authorization.css?targetBlogID=6350032300081539781&zx=f1cb9b03-5c66-4e87-9196-c44c52b42009
142.250.74.105200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=6350032300081539781&zx=f1cb9b03-5c66-4e87-9196-c44c52b42009
IP 142.250.74.105:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=6350032300081539781&zx=f1cb9b03-5c66-4e87-9196-c44c52b42009 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Nov 2022 12:03:00 GMT
last-modified: Sun, 27 Nov 2022 12:03:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3c15a6fb5937c9f6cd9de0f275497af4
d6d9a3aaeb9ec1952ceb26dd4b32fa8aca4cdb67
9e74b7c39628bf60aa3b6d3fe54346b227116f42195fa49b01828493a77b55c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Etag: "6381a8b3-116"
Server: ECS (amb/6BA4)
Content-Length: 279
steamlists.com/wp-content/uploads/2021/06/muck-all-the-items-0-steamlists-com-4ew3dr4w3drw3.jpg
104.26.6.197200 OK 94 kB URL HTTP/2 steamlists.com/wp-content/uploads/2021/06/muck-all-the-items-0-steamlists-com-4ew3dr4w3drw3.jpg
IP 104.26.6.197:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1680x1050, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 114694394a0b0f1669824dac1329175b
2365fe660be669bd008108e82869572bea10b732
a6802632f548d6a37fd1d429b6e8d7de06bd9782d4f89f37b5c62ce1c8f4d240
GET /wp-content/uploads/2021/06/muck-all-the-items-0-steamlists-com-4ew3dr4w3drw3.jpg HTTP/1.1
Host: steamlists.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/webp
content-length: 94410
last-modified: Sun, 06 Jun 2021 10:43:47 GMT
etag: "60bca6e3-170ca"
expires: Mon, 27 Nov 2023 12:02:59 GMT
cache-control: max-age=31536000
vary: Accept
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpEJIy72ayLCY%2BjBA1ZUuqMQm5jnLcLVzxAQEVgsMG463OY5E6FcuWoTQSi1rFpEiCR8ySd4Fyuqth0ysy%2BJaf5z4CoMU2WSfQCcILOYa7K%2FA6k2K6UqO479U6j8cJ8Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770ab7d3bad51c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8265519a9ad7f0ba3f4cae81a69a3fab
5b441b1c43eaed8b670ad1e3ad91d18a7668c664
e4ea958bdb87b40f7e34aa8b40e0d6aea1e84b7b51da1a81e1193afd38a0c898
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=113970
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Etag: "63826c26-117"
Expires: Mon, 28 Nov 2022 19:42:30 GMT
Last-Modified: Sat, 26 Nov 2022 19:42:30 GMT
Server: nginx
Content-Length: 279
steamlists.com/wp-content/uploads/2021/06/muck-full-wiki-everything-you-need-to-know-boners-0-steamlists-com-rwe3dew34rdw34e.jpg
104.26.6.197200 OK 63 kB URL HTTP/2 steamlists.com/wp-content/uploads/2021/06/muck-full-wiki-everything-you-need-to-know-boners-0-steamlists-com-rwe3dew34rdw34e.jpg
IP 104.26.6.197:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1680x1050, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9c22a4fa19a4983edf639025ded712a0
2de737724a16e7fef1e027a07a20ccf4c0f6616f
c2edaf337aa1540a3985b3964ab73c9496775a3c586304eea29ce195cc89e73d
GET /wp-content/uploads/2021/06/muck-full-wiki-everything-you-need-to-know-boners-0-steamlists-com-rwe3dew34rdw34e.jpg HTTP/1.1
Host: steamlists.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/webp
content-length: 62726
last-modified: Sun, 06 Jun 2021 10:48:29 GMT
etag: "60bca7fd-f506"
expires: Mon, 27 Nov 2023 12:02:59 GMT
cache-control: max-age=31536000
vary: Accept
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjFWzeR%2FRtboVNGoWQby5nLk0YFz7eS8A6SJr3gjX0UtCzeOa2m63drsxwQw5lOx%2FFlCrAOGulpwCc25O1AkDvrOu6WJyysdHtbMy3ubjGszWkPtspwBZpn6VaDp5WGs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770ab7d3bada1c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha3LmV3Zy4p3kDQXd3D5rBE45i0U6lEE7hT5QXdJNRMaY4Uf-lQGqw-jtRAiz8tCB2a-I8Qe33-3CKodHli58n4-G3SpIiehl8d-iyuqAtaxffKM9ehTEspjd9b6AnzLTcsG3qQDUkYtoAsfQNTSGmg=w72-h72-p-k-no-nu
142.250.74.33200 OK 5.7 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha3LmV3Zy4p3kDQXd3D5rBE45i0U6lEE7hT5QXdJNRMaY4Uf-lQGqw-jtRAiz8tCB2a-I8Qe33-3CKodHli58n4-G3SpIiehl8d-iyuqAtaxffKM9ehTEspjd9b6AnzLTcsG3qQDUkYtoAsfQNTSGmg=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Hash 1abb57f6ed8127917d36eab187d1c0ab
d6a3a9fc770461b6409fe7df19e16af838936ea4
7b0aa7f38e525ea3e182f73174a98957e0f49969d30675ab6d8c00c52094f62e
GET /blogger_img_proxy/ANbyha3LmV3Zy4p3kDQXd3D5rBE45i0U6lEE7hT5QXdJNRMaY4Uf-lQGqw-jtRAiz8tCB2a-I8Qe33-3CKodHli58n4-G3SpIiehl8d-iyuqAtaxffKM9ehTEspjd9b6AnzLTcsG3qQDUkYtoAsfQNTSGmg=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Mon, 28 Nov 2022 12:03:00 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 12:03:00 GMT
server: fife
content-length: 5727
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9d41a13cb271c760de85912b1d7da387
d45ea99f3902795af3c4d03dea3e1a8c0cfdfaf4
b2c1252c2757541fd0272ce76d5881ff7377e401c7d4da5be58ba241a7c1a9c4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B2C1252C2757541FD0272CE76D5881FF7377E401C7D4DA5BE58BA241A7C1A9C4"
Last-Modified: Sat, 26 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12607
Expires: Sun, 27 Nov 2022 15:33:07 GMT
Date: Sun, 27 Nov 2022 12:03:00 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8835f987270c3a6655732a8b9f79019d
b526a02966f50407fd20c881616a505ca6693ce3
349663442998cf63d2ff77fdfee46ac572703750f977b4f60e9082307309f7c2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dispatchoffenderbleat.com/431475e49e1926d143ad1caad2092d6e/invoke.js
173.233.139.164200 OK 9.8 kB URL HTTP/1.1 dispatchoffenderbleat.com/431475e49e1926d143ad1caad2092d6e/invoke.js
IP 173.233.139.164:0
File type exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Hash 2110d7153b493064cd1a9dfaef190af6
f947123d6536a9f49d4a00a34a8ef0eb4feff90f
e9fd21bec879b843e3c72324df2f02061f93eaf706947cfea215122edb367cf8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /431475e49e1926d143ad1caad2092d6e/invoke.js HTTP/1.1
Host: dispatchoffenderbleat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 12:03:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 372f440abceb094b414ea3ae4370d893
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
static1.thegamerimages.com/wordpress/wp-content/uploads/2021/06/Muck-8-Beginner-Tips-To-Survive.jpg
172.67.15.25200 OK 142 kB URL HTTP/2 static1.thegamerimages.com/wordpress/wp-content/uploads/2021/06/Muck-8-Beginner-Tips-To-Survive.jpg
IP 172.67.15.25:0
File type ISO Media, AVIF Image\012- data
Size 142 kB (141479 bytes)
Hash 235a67f88b63341134468cd5ad532935
dec88e27cac4330e18f34e08f5102e0fa83187c4
6afe62e0b41508234e513b1d7fc79ee876e96cede07467af235049a701bb723c
GET /wordpress/wp-content/uploads/2021/06/Muck-8-Beginner-Tips-To-Survive.jpg HTTP/1.1
Host: static1.thegamerimages.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/avif
content-length: 141479
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="Muck-8-Beginner-Tips-To-Survive.avif"
etag: "PfnUbYazAqVprj9epflQLIs-V8-GUNi-wBdnhO0lZzU/RIjlHNmpSS1N2cEk4aDFlMk9sNUNfS0Ei"
expires: Mon, 27 Nov 2023 12:03:00 GMT
vary: Accept, Accept-Encoding
x-request-id: e97yaWFpYnuFWUrXRXjMv
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 770ab7d3bf1fb50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d2cfaa980d6648773a67b53d9f8a251a
2f45ee73500205d60807f7f4150c882b3c9aeb7d
947c2d33351064dde56067c703672a544003c1dfd6ef44860f3487662adcf01b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5011
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Last-Modified: Sun, 27 Nov 2022 10:39:29 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
lh3.googleusercontent.com/blogger_img_proxy/ANbyha2aV8OdJSPbNBU9bl50ghcybGjHqNWOCXZ05ZoA1D2xgvC1cBW1MDn4pss1-UvLJlyFzdIrExbYXihftxiw53StvNteh6K-ER-J5Lc1aqtmh9rAresMuUpw0eCzB-yE5PqGQWd2whYwT8ABW3ahAwM=w72-h72-p-k-no-nu
142.250.74.33200 OK 5.7 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha2aV8OdJSPbNBU9bl50ghcybGjHqNWOCXZ05ZoA1D2xgvC1cBW1MDn4pss1-UvLJlyFzdIrExbYXihftxiw53StvNteh6K-ER-J5Lc1aqtmh9rAresMuUpw0eCzB-yE5PqGQWd2whYwT8ABW3ahAwM=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Hash 8d575899149591ddc198f4c0dd97ba9e
5164fcf3b8dc62e8876d3c55e62572487174a641
72653d4766ee4e30f402ec7237dbc41ccffa7fc690672b1b486a1338b407835a
GET /blogger_img_proxy/ANbyha2aV8OdJSPbNBU9bl50ghcybGjHqNWOCXZ05ZoA1D2xgvC1cBW1MDn4pss1-UvLJlyFzdIrExbYXihftxiw53StvNteh6K-ER-J5Lc1aqtmh9rAresMuUpw0eCzB-yE5PqGQWd2whYwT8ABW3ahAwM=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Mon, 28 Nov 2022 12:03:00 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 12:03:00 GMT
server: fife
content-length: 5661
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha2s-KDFURRtTjmx1kEdfKGbf_cNGpIHAkrqJLOcnJdPlI5xObyWQ8c4ZR3hRyPIbOFnnVOWhxSDSfC65GDum25YOOtq2XuFvhn4_usRu3NtdHHe_dKQiUNbsbWDzLuKs2IIkTvAhoAZumQ9SThq8w=w72-h72-p-k-no-nu
142.250.74.33200 OK 4.8 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha2s-KDFURRtTjmx1kEdfKGbf_cNGpIHAkrqJLOcnJdPlI5xObyWQ8c4ZR3hRyPIbOFnnVOWhxSDSfC65GDum25YOOtq2XuFvhn4_usRu3NtdHHe_dKQiUNbsbWDzLuKs2IIkTvAhoAZumQ9SThq8w=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Hash 5dff261d51b22714e39c7be0d917f6cb
c4bcc7335c655b3dd1bd8e5bfdb9439804b5a970
78894ad95bda336508e1075035801b5eaf207dcd43101097b517f25beaa6d840
GET /blogger_img_proxy/ANbyha2s-KDFURRtTjmx1kEdfKGbf_cNGpIHAkrqJLOcnJdPlI5xObyWQ8c4ZR3hRyPIbOFnnVOWhxSDSfC65GDum25YOOtq2XuFvhn4_usRu3NtdHHe_dKQiUNbsbWDzLuKs2IIkTvAhoAZumQ9SThq8w=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Mon, 28 Nov 2022 12:03:00 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 12:03:00 GMT
server: fife
content-length: 4802
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dispatchoffenderbleat.com/768320f2a9b589040780a7f24f18f88e/invoke.js
173.233.139.164200 OK 9.8 kB URL HTTP/1.1 dispatchoffenderbleat.com/768320f2a9b589040780a7f24f18f88e/invoke.js
IP 173.233.139.164:0
File type exported SGML document, ASCII text, with very long lines (26982), with no line terminators
Hash 5372f833f1d03c620304cd344de71a00
80ff714b7049d652338f8ebf3eb9ba4267ce3d85
9ed67303a252d0afa469a9ce3c1cc83b82e2e2884c598760262363919bac9cb0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /768320f2a9b589040780a7f24f18f88e/invoke.js HTTP/1.1
Host: dispatchoffenderbleat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 12:03:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e85a0f19c2be3110b068310337f27afc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.slythergames.com/wp-content/uploads/2021/06/Muck-How-to-Craft-Tools.jpg
104.21.42.2200 OK 237 kB URL HTTP/2 www.slythergames.com/wp-content/uploads/2021/06/Muck-How-to-Craft-Tools.jpg
IP 104.21.42.2:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size 237 kB (236829 bytes)
Hash 48b412236fe4d0e2939e0c6f61389563
24b178fb584c628b1d051d3327d1c66ab7b18ae4
0fa896d8b0ec96fde01f22ec65f2659d2c4f1d73df2304b9ea41858e6e72ae4d
GET /wp-content/uploads/2021/06/Muck-How-to-Craft-Tools.jpg HTTP/1.1
Host: www.slythergames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/jpeg
content-length: 236829
last-modified: Tue, 08 Jun 2021 22:15:46 GMT
etag: "39d1d-5c4487fef2f35"
cache-control: public, max-age=31536000
expires: Mon, 27 Nov 2023 12:03:00 GMT
content-security-policy: block-all-mixed-content
referrer-policy: no-referrer-when-downgrade
x-endurance-cache-level: 2
x-nginx-cache: WordPress
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0yA6Y9%2Fv7gvLcWuJ1VFNq9vuLlSZT0TT2Ab8wn2t%2BvtPUbkpJi1GFT2VClQW1hjpIXpm5R5uD4Ed%2FSq1snxuGH19055mZGcteYHAYZVY%2FylFK7Jn%2F1vH6XPqRTxSD8Iq2qoi7lIiIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7d41f23b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 4af47334194a0d10c2bfd52f16eb91ac
8ea04d240499dea43f26c738c8428df118dd622d
6741505308b8f473e68a567b74e6cd099b7a624b3711cc0acab45b2add675f74
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 12:03:00 GMT
Last-Modified: Sun, 27 Nov 2022 10:17:56 GMT
Server: ECS (dcb/7F5E)
X-Cache: Miss from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bdQb05uXoUefp0yX0gPFqkGpDM1asYI4XubpNU2S_1h7eGXBcuB5rQ==
Age: 6304
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash e3df74456a260d8ff1aeb4caa70bf932
ad127a4a694c9565c8513a38a995bb48eff6a410
79882e2daf340dd0668ab6aae3617012c809ab63107b57a546d331b83981eff2
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dorothyfigueroa5.blogspot.com
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dorothyfigueroa5.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=2b77043e-b609-4903-800a-f5a45ce0d08c:3:1; expires=Wed, 24 Nov 2032 12:03:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
dispatchoffenderbleat.com/97264edc4c73fd2d5b41ac5081114f10/invoke.js
173.233.139.164200 OK 9.8 kB URL HTTP/1.1 dispatchoffenderbleat.com/97264edc4c73fd2d5b41ac5081114f10/invoke.js
IP 173.233.139.164:0
File type exported SGML document, ASCII text, with very long lines (26980), with no line terminators
Hash 5b4a2fef1c9884b8a4862495744e7c81
411908cab41fbdba7721a8777d38d293e1cea693
049ec22d6de6044984eddd98fe689e26ea0ace3116f81d853262605edac2423d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /97264edc4c73fd2d5b41ac5081114f10/invoke.js HTTP/1.1
Host: dispatchoffenderbleat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 12:03:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a5acecbd7f6d3360aa61ee564471762
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 9df7808dce477b9fa388ac67264e378c
4e3e9fe6970a01d7f86bf6be3942ea325c777a35
6c7cdb6175376f838617bd1d68527ce57ea8ccdbc8e5c2ad8d3555da4af26805
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dorothyfigueroa5.blogspot.com
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dorothyfigueroa5.blogspot.com
access-control-allow-credentials: true
set-cookie: uid_id2=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe:3:1; expires=Wed, 24 Nov 2032 12:03:00 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha11zjx4LivLUvAgc2NTAeC4U4INoooEsk7QDdppRSwwmes9Pmkokwhau2xyGftgtMb6mCe3ZgT02zFMbYRtCLgI0fSQH3wNhd-CapfqYg3_GvGcCA2I5kEh0gpVeejHDuXDJRYbLfJFOZRQlNVgdoM=w72-h72-p-k-no-nu
142.250.74.33200 OK 2.3 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha11zjx4LivLUvAgc2NTAeC4U4INoooEsk7QDdppRSwwmes9Pmkokwhau2xyGftgtMb6mCe3ZgT02zFMbYRtCLgI0fSQH3wNhd-CapfqYg3_GvGcCA2I5kEh0gpVeejHDuXDJRYbLfJFOZRQlNVgdoM=w72-h72-p-k-no-nu
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 72x72, components 3\012- data
Hash 7b459c460227bbc5e57c164e33a8870c
e45a6837c69a30f6bb075d7686033ee8447604ee
9a6dbbf516f6db1170ac7859f309686408ea0e424cee9836c3de3d755934b3c6
GET /blogger_img_proxy/ANbyha11zjx4LivLUvAgc2NTAeC4U4INoooEsk7QDdppRSwwmes9Pmkokwhau2xyGftgtMb6mCe3ZgT02zFMbYRtCLgI0fSQH3wNhd-CapfqYg3_GvGcCA2I5kEh0gpVeejHDuXDJRYbLfJFOZRQlNVgdoM=w72-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Mon, 28 Nov 2022 12:03:00 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 12:03:00 GMT
server: fife
content-length: 2284
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 9df7808dce477b9fa388ac67264e378c
4e3e9fe6970a01d7f86bf6be3942ea325c777a35
6c7cdb6175376f838617bd1d68527ce57ea8ccdbc8e5c2ad8d3555da4af26805
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dorothyfigueroa5.blogspot.com
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Cookie: uid_id2=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dorothyfigueroa5.blogspot.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
steamsplay.com/wp-content/uploads/2021/06/muck-ultimate-beginners-guide-0-steamsplay-com-64564566.jpg
104.26.2.77200 OK 188 kB URL HTTP/2 steamsplay.com/wp-content/uploads/2021/06/muck-ultimate-beginners-guide-0-steamsplay-com-64564566.jpg
IP 104.26.2.77:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 188 kB (188086 bytes)
Hash 5575283a0787c6e875f20cb6d3099334
8938546ec43801a113f4ea58bd84ad31ddb8b162
53db5707746c8fdbf3c55c3e21d14bd7438ecc3e533f340a2786da70ccdd14c6
GET /wp-content/uploads/2021/06/muck-ultimate-beginners-guide-0-steamsplay-com-64564566.jpg HTTP/1.1
Host: steamsplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/webp
content-length: 188086
last-modified: Sat, 13 Nov 2021 06:04:28 GMT
etag: "618f556c-2deb6"
expires: Mon, 27 Nov 2023 12:03:00 GMT
cache-control: max-age=31536000
vary: Accept
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2FteBASi3HBtZtL%2BxERDWu2X6Myqit%2F5XEeI7HSxUjl8f4ZJfovo51cayMq8FCstPgY5j%2BZEZcgposENmvjrsbUIr9dVd%2B9xzeMr3UCeMA2fVI8z09b0IvKkv7R1VAng"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770ab7d67d4b1bfa-OSL
X-Firefox-Spdy: h2
www.slythergames.com/wp-content/uploads/2021/06/Muck-How-to-Get-Food.jpg
104.21.42.2200 OK 219 kB URL HTTP/2 www.slythergames.com/wp-content/uploads/2021/06/Muck-How-to-Get-Food.jpg
IP 104.21.42.2:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size 219 kB (218797 bytes)
Hash d97e575439c70fe35dc58b545068acbf
55d87d757cc1ff955df340806c828c32a9fe1f51
5f3a05f708d4b52c9ff7699c5dd716e8b341a9a6e33e19362cdbb35c349fb981
GET /wp-content/uploads/2021/06/Muck-How-to-Get-Food.jpg HTTP/1.1
Host: www.slythergames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/jpeg
content-length: 218797
last-modified: Tue, 08 Jun 2021 22:15:55 GMT
etag: "356ad-5c4488074c52a"
cache-control: public, max-age=31536000
expires: Mon, 27 Nov 2023 12:03:00 GMT
content-security-policy: block-all-mixed-content
referrer-policy: no-referrer-when-downgrade
x-endurance-cache-level: 2
x-nginx-cache: WordPress
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=voIXZigOh%2FsUZd2KcgZB986Zwb1C1Y8xoSroruJHRWk8j40m7kPqjpWr1BLNhdJGT%2Fmb8elJVtOx95nC2pX8ZFbLou%2BnVQZ9Z40KvPEua88spz6IXX5E%2Fr3SZDCYI%2FTUbjugRXYVXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7d4f851b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.slythergames.com/wp-content/uploads/2021/06/Muck-What-Are-Buffs.jpg
104.21.42.2200 OK 351 kB URL HTTP/2 www.slythergames.com/wp-content/uploads/2021/06/Muck-What-Are-Buffs.jpg
IP 104.21.42.2:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size 351 kB (350749 bytes)
Hash 5cd075f7a6472545a8d435f84c1ed790
1f92cf9b8f307854fc6dfab3a310af188a0af2b8
3b9965612e502aa7169f9e30b78a446c5125ebc6810ae6342c302f8515e8f907
GET /wp-content/uploads/2021/06/Muck-What-Are-Buffs.jpg HTTP/1.1
Host: www.slythergames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:00 GMT
content-type: image/jpeg
content-length: 350749
last-modified: Tue, 08 Jun 2021 22:15:59 GMT
etag: "55a1d-5c44880b6154b"
cache-control: public, max-age=31536000
expires: Mon, 27 Nov 2023 12:03:00 GMT
content-security-policy: block-all-mixed-content
referrer-policy: no-referrer-when-downgrade
x-endurance-cache-level: 2
x-nginx-cache: WordPress
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jg87SInZHSUqtXYxOLHK0nXS%2FXzjpUOyltgXC4bb%2B0Y2t%2BkBbqSUrpWXA2HZRRVigkhh1XWpqa3IOMqMBupTniAJ0cM%2BGzzcoVhBwzRTdS4shi51vbVVXm3cn8x8DRQ0Hj%2FXCcYNLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7d4f866b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207200 OK 7.0 kB URL HTTP/2 stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (30837)
Hash 2b2cd14362070afcbab59181149eb8ca
132ef4777e501285f90d538f512dd62330afe515
9d03f40632ef8c1bad7ffa9c6a17672f23a581b76cacb8bc6fc6f32b4d6f9f08
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:02:59 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cdn-cache: HIT
cf-cache-status: HIT
age: 14997333
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 770ab7d2ffe8b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 341bf2d853e98a084a560793fbe475b0
4e9a3faa4f1996833f7c316836b5f20c602ddaed
5d0ef73e1765e55f0618ad4296414268ae04bb2e6b3311b149bc960e7b749354
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D0EF73E1765E55F0618AD4296414268AE04BB2E6B3311B149BC960E7B749354"
Last-Modified: Fri, 25 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12036
Expires: Sun, 27 Nov 2022 15:23:37 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12530
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 341bf2d853e98a084a560793fbe475b0
4e9a3faa4f1996833f7c316836b5f20c602ddaed
5d0ef73e1765e55f0618ad4296414268ae04bb2e6b3311b149bc960e7b749354
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D0EF73E1765E55F0618AD4296414268AE04BB2E6B3311B149BC960E7B749354"
Last-Modified: Fri, 25 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12036
Expires: Sun, 27 Nov 2022 15:23:37 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12530
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12530
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12530
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
age: 51647
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
age: 51647
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac95573-22e8-41b4-a5f2-d8adbaff2829.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac95573-22e8-41b4-a5f2-d8adbaff2829.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5c135ab961de12d926b94f9abae8adbe
139f48ea60880efc6d2977f4d3141809f22adfef
1578a994e7c4eef451f1c744116caa95e1aa995c4817a13832f1ac3487cea95d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac95573-22e8-41b4-a5f2-d8adbaff2829.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2944
x-amzn-requestid: 8f1b2573-39ab-442e-8c6e-97538a28aba0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWXXEjJIAMFu1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813762-52f27ff536b0c3b84bdfba8e;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:45:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q-rLeRGOZPf2QGeA9skv1V7Rm9JGCJT6xihYR25KwqOV4WWF0u2cdg==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:49:20 GMT
age: 51221
etag: "139f48ea60880efc6d2977f4d3141809f22adfef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ee5071a31d351c552aa651e40b16189
6fca9136030ea6f67be44e428ea39c34ff3e28e7
8d52f14267b8bd47119954796ff6c5d54eb6aa5d23c6e8bbd246108a5b89c1d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8254
x-amzn-requestid: e12624ea-58c6-4f39-826c-8a1d87ebc5ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFySQGegIAMF-HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637efda7-2c5e216a0d8a1502615186a8;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 05:14:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0Ylris3tg94-66p8L5kYl2zgnVZ4mCc04ju96DslaB97Dfr-6nTyfA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
age: 51647
etag: "6fca9136030ea6f67be44e428ea39c34ff3e28e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaab9de7-1f50-401c-bd84-6bcd72fb53d1.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaab9de7-1f50-401c-bd84-6bcd72fb53d1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c52c26038ed572c870cf2119865907b1
b298107232e837ccf8d853e6d2c91f67e74dc2ba
d95471f66cf6404bfb5400c4c707fbb81bcaf4be1518313d3f513c9b2a3da1fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaab9de7-1f50-401c-bd84-6bcd72fb53d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8335
x-amzn-requestid: 265466c8-029d-4738-bdbe-be0a161fb497
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOeD0GwYIAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638276e5-1c8225cf00057ce0047f74ba;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 20:28:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TK_kNT9Vcv_lNMbiTqXxAYXCko2Gy64Oy9MGXwuBu9S_3DdqIc67Nw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 01:05:18 GMT
age: 39463
etag: "b298107232e837ccf8d853e6d2c91f67e74dc2ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lh3.googleusercontent.com/blogger_img_proxy/ANbyha1suBtUigNc0GXtqYbBCPRzo8IN9orwGI1vSAu0tWJ13hJECvkMKRors6fbRlXrVMgMh4SJDxJ6FtvKaU2Bvtr09ORgkxYwgKPQzcM_HXFNyEX53dyy-5Z5AqgHlU6M6APUX3ulcbr1uAUDKtmcvYwXxQJYTZ_F=w1600
142.250.74.33200 OK 186 kB URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha1suBtUigNc0GXtqYbBCPRzo8IN9orwGI1vSAu0tWJ13hJECvkMKRors6fbRlXrVMgMh4SJDxJ6FtvKaU2Bvtr09ORgkxYwgKPQzcM_HXFNyEX53dyy-5Z5AqgHlU6M6APUX3ulcbr1uAUDKtmcvYwXxQJYTZ_F=w1600
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1600x900, components 3\012- data
Size 186 kB (186460 bytes)
Hash 7769862856ea1040e2ea40dc9bb0f7bb
de2a61ae7e341168e60dab3bbb88baa08ba3f883
51e99d396fdd0e0cddc13a5c5092f1566f9a15f0f950152d0f303615a6b6c43b
GET /blogger_img_proxy/ANbyha1suBtUigNc0GXtqYbBCPRzo8IN9orwGI1vSAu0tWJ13hJECvkMKRors6fbRlXrVMgMh4SJDxJ6FtvKaU2Bvtr09ORgkxYwgKPQzcM_HXFNyEX53dyy-5Z5AqgHlU6M6APUX3ulcbr1uAUDKtmcvYwXxQJYTZ_F=w1600 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Mon, 28 Nov 2022 12:03:01 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 12:03:01 GMT
server: fife
content-length: 186460
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: K2eKLQhrsCdd4ASsfEibRuZAYW4CpPTlO3fZs7xdoKrw1HBxfTGkEA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
age: 51647
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7e2d335937c22dcca6c3e5293bfffba1
b0e644b402c2e2b5f262e6525f152a0bbd3a2fe0
438a83493d1e9f79633000a92a34087f899e0f224b8b50fadac19bb692bb83a4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "438A83493D1E9F79633000A92A34087F899E0F224B8B50FADAC19BB692BB83A4"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5586
Expires: Sun, 27 Nov 2022 13:36:07 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
lightssyrupdecree.com/watch.668640906572.js?key=768320f2a9b589040780a7f24f18f88e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 lightssyrupdecree.com/watch.668640906572.js?key=768320f2a9b589040780a7f24f18f88e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.668640906572.js?key=768320f2a9b589040780a7f24f18f88e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dorothyfigueroa5.blogspot.com
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 12:03:01 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Origin: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://lightssyrupdecree.com/watch.668640906572.js?key=768320f2a9b589040780a7f24f18f88e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&shu=1e414434b00d64a207611904e3e4fa2d729b9f72009956fb7ad495a6c33876001e19d637259a74475e7787f50991b0d212d740db95f9e7a999055ca1db84b48236d6ad101dcfe8cd99ee8a55d3722357e6a477e33b946c7e673e35d73c106a98e8&pst=1669550641&rmtc=t
Set-Cookie: u_pl=16989701; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjk4OTcwMSwiayI6Ijc2ODMyMGYyYTliNTg5MDQwNzgwYTdmMjRmMThmODhlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzgyOTI5LCJwaWQiOjIzODgxNSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJlYXZjZTExaHZmIiwiY3BrcyI6eyAiMjgiOiIyMTMzMTAzNzgzZTI0MGUwYzQ5YTNhYWIxNjdhMjIzYyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9kb3JvdGh5ZmlndWVyb2E1LmJsb2dzcG90LmNvbS8yMDIyLzA1L2lzLWdvbGQtYmV0dGVyLXRoYW4tc3RlZWwtaW4tbXVjay5odG1sIn19.TM_6MCTpRMiQAaWZHkihGaiQI6f_WIcfgdxlDzyp-eY; expires=Sun, 27 Nov 2022 12:04:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 81d7a5305b3e107a7fc0d54b153101e0
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 949fc6a68c263e9826a31bceed73163e
b0da1f7aed2b0fea560b6ab64afc767eba7e980e
c2261eb9d64ffa5218230a3b4edddda9496061863abab7cf1aaffa428f1f0d1b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2261EB9D64FFA5218230A3B4EDDDDA9496061863ABAB7CF1AAFFA428F1F0D1B"
Last-Modified: Sun, 27 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15998
Expires: Sun, 27 Nov 2022 16:29:39 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
lightssyrupdecree.com/watch.668640906572.js?key=768320f2a9b589040780a7f24f18f88e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&shu=1e414434b00d64a207611904e3e4fa2d729b9f72009956fb7ad495a6c33876001e19d637259a74475e7787f50991b0d212d740db95f9e7a999055ca1db84b48236d6ad101dcfe8cd99ee8a55d3722357e6a477e33b946c7e673e35d73c106a98e8&pst=1669550641&rmtc=t
173.233.137.44200 OK 2.1 kB URL HTTP/1.1 lightssyrupdecree.com/watch.668640906572.js?key=768320f2a9b589040780a7f24f18f88e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&shu=1e414434b00d64a207611904e3e4fa2d729b9f72009956fb7ad495a6c33876001e19d637259a74475e7787f50991b0d212d740db95f9e7a999055ca1db84b48236d6ad101dcfe8cd99ee8a55d3722357e6a477e33b946c7e673e35d73c106a98e8&pst=1669550641&rmtc=t
IP 173.233.137.44:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2633)
Hash 5a6173a2feb87e2ca2a465d6d9b146af
d16bde8192afb8b5b4b8e2cf9d9e5177b96e479c
757f723e6119a4de996702cef46ad3a877f20b78963eb83e9d2bfc8a169979cc
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.668640906572.js?key=768320f2a9b589040780a7f24f18f88e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&shu=1e414434b00d64a207611904e3e4fa2d729b9f72009956fb7ad495a6c33876001e19d637259a74475e7787f50991b0d212d740db95f9e7a999055ca1db84b48236d6ad101dcfe8cd99ee8a55d3722357e6a477e33b946c7e673e35d73c106a98e8&pst=1669550641&rmtc=t HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dorothyfigueroa5.blogspot.com
Referer: https://dorothyfigueroa5.blogspot.com/
Connection: keep-alive
Cookie: u_pl=16989701; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjk4OTcwMSwiayI6Ijc2ODMyMGYyYTliNTg5MDQwNzgwYTdmMjRmMThmODhlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzgyOTI5LCJwaWQiOjIzODgxNSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJlYXZjZTExaHZmIiwiY3BrcyI6eyAiMjgiOiIyMTMzMTAzNzgzZTI0MGUwYzQ5YTNhYWIxNjdhMjIzYyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9kb3JvdGh5ZmlndWVyb2E1LmJsb2dzcG90LmNvbS8yMDIyLzA1L2lzLWdvbGQtYmV0dGVyLXRoYW4tc3RlZWwtaW4tbXVjay5odG1sIn19.TM_6MCTpRMiQAaWZHkihGaiQI6f_WIcfgdxlDzyp-eY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 12:03:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Origin: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe:3:1; expires=Sun, 04 Dec 2022 12:03:01 GMT; secure; SameSite=None
iprce197798b32b7890e0ccab5b2c1aa157d=3569806; expires=Sun, 27 Nov 2022 16:03:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e159c4f43953a3d7822dbfe1767bd372
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
lightssyrupdecree.com/21/33/10/2133103783e240e0c49a3aab167a223c.js
173.233.137.44200 OK 29 kB URL HTTP/1.1 lightssyrupdecree.com/21/33/10/2133103783e240e0c49a3aab167a223c.js
IP 173.233.137.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 968e8299b0c14c2b78bec32568b4502a
dff865255ccab2db79b2a7c38d38185297bdab12
594b8875edbee9ce34ee7cbf709cb78fd6d9ce505a74de1b379d1ef9adee708e
Analyzer Verdict Alert quad9 Sinkholed
GET /21/33/10/2133103783e240e0c49a3aab167a223c.js HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 12:03:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6a37c4851de0ca5613abc006923406c9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
veilsuccessfully.com/watch.700682811762.js?key=97264edc4c73fd2d5b41ac5081114f10&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 veilsuccessfully.com/watch.700682811762.js?key=97264edc4c73fd2d5b41ac5081114f10&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.700682811762.js?key=97264edc4c73fd2d5b41ac5081114f10&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1 HTTP/1.1
Host: veilsuccessfully.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dorothyfigueroa5.blogspot.com
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 12:03:01 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Origin: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://veilsuccessfully.com/watch.700682811762.js?key=97264edc4c73fd2d5b41ac5081114f10&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&shu=08778e445753cc948f650738c066b43db853a14d7865ac3719342b16fcc93f2a912015ae3b2ffe5c77a5a3cd28b219abf71b5798c12e201092798402fc71da2abd039f7b68cc26265d875e1763e1a3be6e5ca5be1b1c00066a6669cf08ae998232&pst=1669550641&rmtc=t
Set-Cookie: u_pl=16989719; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjk4OTcxOSwiayI6Ijk3MjY0ZWRjNGM3M2ZkMmQ1YjQxYWM1MDgxMTE0ZjEwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzgyOTI5LCJwaWQiOjIzODgxNSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjozMiwicHQiOjQsInBrIjoiZjdibmJ3MGoiLCJjcGtzIjp7ICIyOSI6IjJmODY2MDUxN2Q2Y2VhZjM3ZTNhODk3MGNlYzBlYTU5In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Rvcm90aHlmaWd1ZXJvYTUuYmxvZ3Nwb3QuY29tLzIwMjIvMDUvaXMtZ29sZC1iZXR0ZXItdGhhbi1zdGVlbC1pbi1tdWNrLmh0bWwifX0.ey2NDdwbWvmsqtsZDnjR_GzOWDVbPyvMbVlO8pKod-8; expires=Sun, 27 Nov 2022 12:04:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5e04d4bbfc3f62568d85f798147b333e
Strict-Transport-Security: max-age=0; includeSubdomains
veilsuccessfully.com/2f/86/60/2f8660517d6ceaf37e3a8970cec0ea59.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 veilsuccessfully.com/2f/86/60/2f8660517d6ceaf37e3a8970cec0ea59.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37135), with no line terminators
Hash 35885465150bf979ac852557411677e5
ef1ebdd6a475dc013271f086efa230ce36728bf9
3da6a0fa5d1aaff26c8842dba789148372532ddcfc336a8e08f25936afa6038a
Analyzer Verdict Alert quad9 Sinkholed
GET /2f/86/60/2f8660517d6ceaf37e3a8970cec0ea59.js HTTP/1.1
Host: veilsuccessfully.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 12:03:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 03a73aec78f38b8f49020b547a35d390
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d08d079d04458028065ddfa315e8ca41
146b9eb370f649d3a230226ab373e05f39fd80af
c108c7e6ef9d790abca48344401f4b5a2204fe16287908f48a865181f711f000
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C108C7E6EF9D790ABCA48344401F4B5A2204FE16287908F48A865181F711F000"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18253
Expires: Sun, 27 Nov 2022 17:07:14 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc3bc3b231ebbd46c9990216f02a737a
abe0a2ee650eb32a809271c99a97ca551c43141f
7a8f5b295ee6b5263fd51ce81a12e0aa43b69a234fda244b7c8ad9827569620c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7A8F5B295EE6B5263FD51CE81A12E0AA43B69A234FDA244B7C8AD9827569620C"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4929
Expires: Sun, 27 Nov 2022 13:25:10 GMT
Date: Sun, 27 Nov 2022 12:03:01 GMT
Connection: keep-alive
veilsuccessfully.com/watch.700682811762.js?key=97264edc4c73fd2d5b41ac5081114f10&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&shu=08778e445753cc948f650738c066b43db853a14d7865ac3719342b16fcc93f2a912015ae3b2ffe5c77a5a3cd28b219abf71b5798c12e201092798402fc71da2abd039f7b68cc26265d875e1763e1a3be6e5ca5be1b1c00066a6669cf08ae998232&pst=1669550641&rmtc=t
173.233.137.36200 OK 642 B URL HTTP/1.1 veilsuccessfully.com/watch.700682811762.js?key=97264edc4c73fd2d5b41ac5081114f10&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&shu=08778e445753cc948f650738c066b43db853a14d7865ac3719342b16fcc93f2a912015ae3b2ffe5c77a5a3cd28b219abf71b5798c12e201092798402fc71da2abd039f7b68cc26265d875e1763e1a3be6e5ca5be1b1c00066a6669cf08ae998232&pst=1669550641&rmtc=t
IP 173.233.137.36:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (601)
Hash 2bc570ff487309dfe0931833b71ad114
f77c034285d951cc2444da3232b628630d3bd845
9aaede04a3601777a516f453d786e8f2bc315b4c95b94891d0b150a08303669c
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.700682811762.js?key=97264edc4c73fd2d5b41ac5081114f10&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&shu=08778e445753cc948f650738c066b43db853a14d7865ac3719342b16fcc93f2a912015ae3b2ffe5c77a5a3cd28b219abf71b5798c12e201092798402fc71da2abd039f7b68cc26265d875e1763e1a3be6e5ca5be1b1c00066a6669cf08ae998232&pst=1669550641&rmtc=t HTTP/1.1
Host: veilsuccessfully.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dorothyfigueroa5.blogspot.com
Referer: https://dorothyfigueroa5.blogspot.com/
Connection: keep-alive
Cookie: u_pl=16989719; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjk4OTcxOSwiayI6Ijk3MjY0ZWRjNGM3M2ZkMmQ1YjQxYWM1MDgxMTE0ZjEwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzgyOTI5LCJwaWQiOjIzODgxNSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjozMiwicHQiOjQsInBrIjoiZjdibmJ3MGoiLCJjcGtzIjp7ICIyOSI6IjJmODY2MDUxN2Q2Y2VhZjM3ZTNhODk3MGNlYzBlYTU5In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2Rvcm90aHlmaWd1ZXJvYTUuYmxvZ3Nwb3QuY29tLzIwMjIvMDUvaXMtZ29sZC1iZXR0ZXItdGhhbi1zdGVlbC1pbi1tdWNrLmh0bWwifX0.ey2NDdwbWvmsqtsZDnjR_GzOWDVbPyvMbVlO8pKod-8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 12:03:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Origin: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe:3:1; expires=Sun, 04 Dec 2022 12:03:01 GMT; secure; SameSite=None
iprcd2bc7f0c2ba3bd0a4d206c783218213b=2717341; expires=Mon, 28 Nov 2022 14:03:01 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
pdhtkv32=true; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
uncs32=1; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4e65361a90d12e31b54caa1c988589ac
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
reproductiontape.com/watch.112842705765.js?key=431475e49e1926d143ad1caad2092d6e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=2b77043e-b609-4903-800a-f5a45ce0d08c%3A3%3A1
192.243.59.13307 Temporary Redirect 0 B URL HTTP/1.1 reproductiontape.com/watch.112842705765.js?key=431475e49e1926d143ad1caad2092d6e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=2b77043e-b609-4903-800a-f5a45ce0d08c%3A3%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.112842705765.js?key=431475e49e1926d143ad1caad2092d6e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=2b77043e-b609-4903-800a-f5a45ce0d08c%3A3%3A1 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dorothyfigueroa5.blogspot.com
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 12:03:01 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Origin: https://dorothyfigueroa5.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://reproductiontape.com/watch.112842705765.js?key=431475e49e1926d143ad1caad2092d6e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=2b77043e-b609-4903-800a-f5a45ce0d08c%3A3%3A1&shu=4655682b2a8c74a1af3cac7ceb69134dd5162598cea349fe72c7bde7855309c0133ffc4728f02b2536c8eeafeee351911eb9829a9bfa8b2231be998a3bcbc180d4beacd013b14b094040cb156d9f808e40d8026c847dedb622b82892af3c32&pst=1669550641&rmtc=t
Set-Cookie: u_pl=16989730; expires=Mon, 28 Nov 2022 12:03:01 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjk4OTczMCwiayI6IjQzMTQ3NWU0OWUxOTI2ZDE0M2FkMWNhYWQyMDkyZDZlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzgyOTI5LCJwaWQiOjIzODgxNSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicW0xcGh2eXYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9kb3JvdGh5ZmlndWVyb2E1LmJsb2dzcG90LmNvbS8yMDIyLzA1L2lzLWdvbGQtYmV0dGVyLXRoYW4tc3RlZWwtaW4tbXVjay5odG1sIn19.sVjnB8j6oOj5tyo7KcdCzOLfAMxak4WaG8JYi9WLiWk; expires=Sun, 27 Nov 2022 12:04:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 46776022478c5403d649d24b02f5ff1b
Strict-Transport-Security: max-age=0; includeSubdomains
reproductiontape.com/watch.112842705765?key=431475e49e1926d143ad1caad2092d6e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1
192.243.59.13200 OK 1.3 kB URL HTTP/1.1 reproductiontape.com/watch.112842705765?key=431475e49e1926d143ad1caad2092d6e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (626)
Hash f531cacd311b0ff8fdff990bce34e098
b0637a8def28ed11c4db433f96382b9d42f894ec
766ce0973be8cbd186c999d39717b6bb7579b93935f7c1fb530d5486ddd4bdac
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.112842705765?key=431475e49e1926d143ad1caad2092d6e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Cookie: u_pl=16989730; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjk4OTczMCwiayI6IjQzMTQ3NWU0OWUxOTI2ZDE0M2FkMWNhYWQyMDkyZDZlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzgyOTI5LCJwaWQiOjIzODgxNSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicW0xcGh2eXYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9kb3JvdGh5ZmlndWVyb2E1LmJsb2dzcG90LmNvbS8yMDIyLzA1L2lzLWdvbGQtYmV0dGVyLXRoYW4tc3RlZWwtaW4tbXVjay5odG1sIn19.sVjnB8j6oOj5tyo7KcdCzOLfAMxak4WaG8JYi9WLiWk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 12:03:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjk4OTczMCwiayI6IjQzMTQ3NWU0OWUxOTI2ZDE0M2FkMWNhYWQyMDkyZDZlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzgyOTI5LCJwaWQiOjIzODgxNSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicW0xcGh2eXYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHBzOi8vZG9yb3RoeWZpZ3Vlcm9hNS5ibG9nc3BvdC5jb20vMjAyMi8wNS9pcy1nb2xkLWJldHRlci10aGFuLXN0ZWVsLWluLW11Y2suaHRtbCJ9fQ.Zhk5wok3Coga5KkflBjsDODB4ZKHBK7IYpsbNTUnf9Q; expires=Sun, 27 Nov 2022 12:04:02 GMT; secure; SameSite=None
uid_id2=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe:3:1; expires=Sun, 04 Dec 2022 12:03:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 001432c5f2bea5e42de96548a9a14429
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d91a913d078b1528f59c95c7b016983
cf35142c92ae95776a112c5e75a13019e1bb6bdc
306dc1d8f52a409b2737ffa749a6c92ae741de167f33a20c74d2cf64258f844e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "306DC1D8F52A409B2737FFA749A6C92AE741DE167F33A20C74D2CF64258F844E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16732
Expires: Sun, 27 Nov 2022 16:41:54 GMT
Date: Sun, 27 Nov 2022 12:03:02 GMT
Connection: keep-alive
reproductiontape.com/watch.112842705765?shu=f9c69bed5c83530cf73d457c5447ce4a78915b11f2162a264e2f333b54c3311578858212d7db94f5754af223189f4a8e721b7b235e910607e388329e0e5f56ee4cb07f494dffbc5a90366d5f68525a7fa8bcc353&pst=1669550642&rmtc=t&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&pii=&in=false&key=431475e49e1926d143ad1caad2092d6e&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D
192.243.59.13200 OK 783 B URL HTTP/1.1 reproductiontape.com/watch.112842705765?shu=f9c69bed5c83530cf73d457c5447ce4a78915b11f2162a264e2f333b54c3311578858212d7db94f5754af223189f4a8e721b7b235e910607e388329e0e5f56ee4cb07f494dffbc5a90366d5f68525a7fa8bcc353&pst=1669550642&rmtc=t&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&pii=&in=false&key=431475e49e1926d143ad1caad2092d6e&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (569)
Hash 7c81fda9b28b0188e17b6772450d2a60
573d82710efe2d758209c5788758f570fc5e873c
9ea4f1f8521338505ce6c4af31f4236a6b93909da371830b0b500a967f8e824d
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.112842705765?shu=f9c69bed5c83530cf73d457c5447ce4a78915b11f2162a264e2f333b54c3311578858212d7db94f5754af223189f4a8e721b7b235e910607e388329e0e5f56ee4cb07f494dffbc5a90366d5f68525a7fa8bcc353&pst=1669550642&rmtc=t&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1&pii=&in=false&key=431475e49e1926d143ad1caad2092d6e&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reproductiontape.com/watch.112842705765?key=431475e49e1926d143ad1caad2092d6e&kw=%5B%22is%22%2C%22gold%22%2C%22better%22%2C%22than%22%2C%22steel%22%2C%22in%22%2C%22muck%22%2C%22-%22%2C%22dorothy%22%2C%22figueroa%22%2C%22md%22%5D&refer=https%3A%2F%2Fdorothyfigueroa5.blogspot.com%2F2022%2F05%2Fis-gold-better-than-steel-in-muck.html&tz=0&dev=e&res=12.1055&uuid=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe%3A3%3A1
Cookie: u_pl=16989730; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjk4OTczMCwiayI6IjQzMTQ3NWU0OWUxOTI2ZDE0M2FkMWNhYWQyMDkyZDZlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzgyOTI5LCJwaWQiOjIzODgxNSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicW0xcGh2eXYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHBzOi8vZG9yb3RoeWZpZ3Vlcm9hNS5ibG9nc3BvdC5jb20vMjAyMi8wNS9pcy1nb2xkLWJldHRlci10aGFuLXN0ZWVsLWluLW11Y2suaHRtbCJ9fQ.Zhk5wok3Coga5KkflBjsDODB4ZKHBK7IYpsbNTUnf9Q; uid_id2=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe:3:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 12:03:02 GMT
Content-Type: text/html
Content-Length: 783
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dorothyfigueroa5.blogspot.com/2022/05/is-gold-better-than-steel-in-muck.html
Access-Control-Allow-Origin: https://dorothyfigueroa5.blogspot.com/2022/05/is-gold-better-than-steel-in-muck.html
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=d22a4a20-9fdc-4989-a2bb-f0800b6fabbe:3:1; expires=Sun, 04 Dec 2022 12:03:02 GMT; secure; SameSite=None
iprc4b1d24678d794320e411596a94f29b6e=2717291; expires=Mon, 28 Nov 2022 14:03:02 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 12:03:02 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 12:03:02 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 28 Nov 2022 12:03:02 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 28 Nov 2022 12:03:02 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5df6535531397ddbf6b74afa1961209
Strict-Transport-Security: max-age=0; includeSubdomains
www.spikereekvelocity.com/m3vcib848?key=e83c7700ffb295fb282c692b9f778d17&psid=16989730
192.243.59.13200 OK 1.2 kB URL HTTP/1.1 www.spikereekvelocity.com/m3vcib848?key=e83c7700ffb295fb282c692b9f778d17&psid=16989730
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 433ac9fc061d88fff311163adbbea4ae
7ba01251036031fa5da84d69b25c0e168948098e
f7aef03045630be30fd0339209ba7b338daf7edd0c2a5c342dd94576545f71cc
Analyzer Verdict Alert quad9 Sinkholed
GET /m3vcib848?key=e83c7700ffb295fb282c692b9f778d17&psid=16989730 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reproductiontape.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 12:03:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122935; expires=Mon, 28 Nov 2022 12:03:02 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjkzNSwiayI6ImU4M2M3NzAwZmZiMjk1ZmIyODJjNjkyYjlmNzc4ZDE3Iiwic2lkIjoiMTY5ODk3MzAiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJtM3ZjaWI4NDgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vcmVwcm9kdWN0aW9udGFwZS5jb20vIn19.w32-iM8mlSCOYJvFr4reNLb3u1k7ul3vtc2YnkobWSQ; expires=Sun, 27 Nov 2022 12:04:02 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 59f87f221fec1f38f3eb15ba08ef51de
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.spikereekvelocity.com/m3vcib848?shu=77dc0e06f5ff685c3bcc30a023b10895aef009436503c7fb690d4fde8165b7cb0dd01cd4aab99ebbe0546fdb89787b0f76edc25c7f3e962a9a3bb3d5d66485fab9e1f2d3c5c05d528232ae7356b1bf46e1607f&pst=1669550642&rmtc=t&uuid=&pii=&in=false&key=e83c7700ffb295fb282c692b9f778d17&refer=https%3A%2F%2Freproductiontape.com%2F&psid=16989730
192.243.59.13302 Found 0 B URL HTTP/1.1 www.spikereekvelocity.com/m3vcib848?shu=77dc0e06f5ff685c3bcc30a023b10895aef009436503c7fb690d4fde8165b7cb0dd01cd4aab99ebbe0546fdb89787b0f76edc25c7f3e962a9a3bb3d5d66485fab9e1f2d3c5c05d528232ae7356b1bf46e1607f&pst=1669550642&rmtc=t&uuid=&pii=&in=false&key=e83c7700ffb295fb282c692b9f778d17&refer=https%3A%2F%2Freproductiontape.com%2F&psid=16989730
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /m3vcib848?shu=77dc0e06f5ff685c3bcc30a023b10895aef009436503c7fb690d4fde8165b7cb0dd01cd4aab99ebbe0546fdb89787b0f76edc25c7f3e962a9a3bb3d5d66485fab9e1f2d3c5c05d528232ae7356b1bf46e1607f&pst=1669550642&rmtc=t&uuid=&pii=&in=false&key=e83c7700ffb295fb282c692b9f778d17&refer=https%3A%2F%2Freproductiontape.com%2F&psid=16989730 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.spikereekvelocity.com/m3vcib848?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122935
Cookie: u_pl=16122935; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjkzNSwiayI6ImU4M2M3NzAwZmZiMjk1ZmIyODJjNjkyYjlmNzc4ZDE3Iiwic2lkIjoiMTY5ODk3MzAiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJtM3ZjaWI4NDgiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vcmVwcm9kdWN0aW9udGFwZS5jb20vIn19.w32-iM8mlSCOYJvFr4reNLb3u1k7ul3vtc2YnkobWSQ; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 12:03:03 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://binomnet.com/c3t2l4k.php?key=rxlhweg90v6uku0l17w0&SUB_ID_SHORT=18d0888c3761415df1fa763ed05afe99&Cost=0.900000&PLACEMENT_ID=16122935&CAMPAIGN_ID=690726&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2041683
Set-Cookie: iprc3d0ae8c5bd68f4e6ce955ba9490e7040=3818673; expires=Thu, 01 Dec 2022 12:03:03 GMT
pdhtkv=true; expires=Mon, 28 Nov 2022 12:03:03 GMT
uncs=1; expires=Mon, 28 Nov 2022 12:03:03 GMT
pdhtkv28=true; expires=Mon, 28 Nov 2022 12:03:03 GMT
uncs28=1; expires=Mon, 28 Nov 2022 12:03:03 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 72647f451960fc35048d9d6156a16470
Strict-Transport-Security: max-age=0; includeSubdomains
binomnet.com/c3t2l4k.php?key=rxlhweg90v6uku0l17w0&SUB_ID_SHORT=18d0888c3761415df1fa763ed05afe99&Cost=0.900000&PLACEMENT_ID=16122935&CAMPAIGN_ID=690726&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2041683
162.19.86.114302 Found 0 B URL HTTP/1.1 binomnet.com/c3t2l4k.php?key=rxlhweg90v6uku0l17w0&SUB_ID_SHORT=18d0888c3761415df1fa763ed05afe99&Cost=0.900000&PLACEMENT_ID=16122935&CAMPAIGN_ID=690726&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2041683
IP 162.19.86.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c3t2l4k.php?key=rxlhweg90v6uku0l17w0&SUB_ID_SHORT=18d0888c3761415df1fa763ed05afe99&Cost=0.900000&PLACEMENT_ID=16122935&CAMPAIGN_ID=690726&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2041683 HTTP/1.1
Host: binomnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 12:03:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=vcm7a8rnfe; expires=Mon, 28-Nov-2022 12:03:03 GMT; Max-Age=86400; path=/
uclickhash=vcm7a8rnfe-vcm7a8rnfe-5mi4-0-qe0-du6o-dudz-b77792; expires=Mon, 28-Nov-2022 12:03:03 GMT; Max-Age=86400; path=/
Location: https://ak.hetapus.com/afu.php?zoneid=5460778&ymid=6b520vcm7a8rnfe87f&var=16122935
ak.hetapus.com/afu.php?zoneid=5460778&ymid=6b520vcm7a8rnfe87f&var=16122935
23.36.76.217200 OK 3.0 kB URL HTTP/2 ak.hetapus.com/afu.php?zoneid=5460778&ymid=6b520vcm7a8rnfe87f&var=16122935
IP 23.36.76.217:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)
Hash c8e617e9a55784546726d063d4340061
cd98a9d92495dab7109607c8c05afe62e7efb0fb
43f25f4f70adcd354bdccb4c2dc1d36e630e7f9407222a9d4c81028ba856c8a4
Analyzer Verdict Alert quad9 Sinkholed
GET /afu.php?zoneid=5460778&ymid=6b520vcm7a8rnfe87f&var=16122935 HTTP/1.1
Host: ak.hetapus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: 6ed5e276468f3ff8c72fb530e31e132b
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
expires: Sun, 27 Nov 2022 12:03:03 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 12:03:03 GMT
content-length: 2991
vary: Accept-Encoding
set-cookie: OAID=28e4649aba434391a4a97eec57c159eb; expires=Mon, 27 Nov 2023 12:03:03 GMT; path=/; secure; SameSite=None
oaidts=1669550583; expires=Mon, 27 Nov 2023 12:03:03 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43dca8ebcf06bd09eb16b5516072ec48
84fe572e189c13383dc0a805a90c07de69c48ee6
be524e069364f1231ff9f6f8a5ca6ae8aa4353ba95fa7913c30c13ed008ab8fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE524E069364F1231FF9F6F8A5CA6AE8AA4353BA95FA7913C30C13ED008AB8FD"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11682
Expires: Sun, 27 Nov 2022 15:17:45 GMT
Date: Sun, 27 Nov 2022 12:03:03 GMT
Connection: keep-alive
ak.hetapus.com/favicon.ico
23.36.76.217204 No Content 0 B URL HTTP/2 ak.hetapus.com/favicon.ico
IP 23.36.76.217:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: ak.hetapus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ak.hetapus.com/afu.php?zoneid=5460778&ymid=6b520vcm7a8rnfe87f&var=16122935
Cookie: OAID=28e4649aba434391a4a97eec57c159eb; oaidts=1669550583
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
expires: Sun, 27 Nov 2022 12:03:03 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 12:03:03 GMT
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=merge&userId=28e4649aba434391a4a97eec57c159eb
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=28e4649aba434391a4a97eec57c159eb
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=28e4649aba434391a4a97eec57c159eb HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ak.hetapus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 12:03:03 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=28e4649aba434391a4a97eec57c159eb; expires=Mon, 27 Nov 2023 12:03:03 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ak.hetapus.com/?z=5460778&syncedCookie=true&rhd=false
23.36.76.217302 Found 0 B URL HTTP/2 ak.hetapus.com/?z=5460778&syncedCookie=true&rhd=false
IP 23.36.76.217:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /?z=5460778&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.hetapus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 547
Origin: https://ak.hetapus.com
Connection: keep-alive
Referer: https://ak.hetapus.com/afu.php?zoneid=5460778&var=5460778&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=28e4649aba434391a4a97eec57c159eb; oaidts=1669550583
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-length: 0
x-trace-id: e0b1d90da514774635b8dcc1fb1b4cb8
link: <https://eu.can-get-so.me>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=620702737981771882&subid1=5460778&cost=0.002240&rdk=rk3
access-control-allow-origin: https://ak.hetapus.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sun, 27 Nov 2022 12:03:03 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 12:03:03 GMT
set-cookie: OAID=28e4649aba434391a4a97eec57c159eb; expires=Mon, 27 Nov 2023 12:03:03 GMT; path=/; secure; SameSite=None
oaidts=1669550583; expires=Mon, 27 Nov 2023 12:03:03 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 04 Dec 2022 12:03:03 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84f125a38d2dc5455b4257afecd14e68
394f4643db66c78e9d3228d54bd460f4779d0b41
aa2b7ca550586e5aa5bad7551558b5bc01887b6381e00f5129b31049c21ea2ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA2B7CA550586E5AA5BAD7551558B5BC01887B6381E00F5129B31049C21EA2BA"
Last-Modified: Sun, 27 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17941
Expires: Sun, 27 Nov 2022 17:02:04 GMT
Date: Sun, 27 Nov 2022 12:03:03 GMT
Connection: keep-alive
eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=620702737981771882&subid1=5460778&cost=0.002240&rdk=rk3
157.90.33.78302 Found 0 B URL HTTP/2 eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=620702737981771882&subid1=5460778&cost=0.002240&rdk=rk3
IP 157.90.33.78:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=620702737981771882&subid1=5460778&cost=0.002240&rdk=rk3 HTTP/1.1
Host: eu.can-get-so.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 27 Nov 2022 12:03:03 GMT
content-length: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
referrer-policy: no-referrer
location: http://35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop
set-cookie: rauid=CcdAzWe-Rwe817Yuk0XYiQ; expires=Mon, 27 Nov 2023 12:03:03 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop
35.227.234.222302 Found 0 B URL HTTP/1.1 35.227.234.222/2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop
IP 35.227.234.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /2/PU_NO_SB_DT_KINDRED?source=748351&geo=NO&device=desktop HTTP/1.1
Host: 35.227.234.222
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 27 Nov 2022 12:03:04 GMT
Content-Length: 0
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
Via: 1.1 google
adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
23.36.79.43307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=79982261&sref=GIG&GIG=NO_DESK_SB HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_54D7F231E58E4230A247038C24741616&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sun, 27 Nov 2022 12:03:04 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 12:03:04 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d; domain=.unibet.com; expires=Tue, 27-Nov-3021 12:03:04 GMT; path=/; secure; SameSite=Strict
server-timing: edge; dur=1, origin; dur=73, cdn-cache; desc=MISS
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_54D7F231E58E4230A247038C24741616&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_54D7F231E58E4230A247038C24741616&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_54D7F231E58E4230A247038C24741616&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 27 Nov 2022 12:03:04 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_54D7F231E58E4230A247038C24741616&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
set-cookie: JSESSIONID=node0zam4xo4m0xti2q31eeso5snd7934960.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0zam4xo4m0xti2q31eeso5snd7; Path=/; Domain=.unibet.nu; Expires=Tue, 26-Nov-2024 12:03:04 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Tue, 26-Nov-2024 12:03:04 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Tue, 26-Nov-2024 12:03:04 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320669908_54D7F231E58E4230A247038C24741616; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=85891437; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_54D7F231E58E4230A247038C24741616%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sun, 27 Nov 2022 12:03:04 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_54D7F231E58E4230A247038C24741616&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_54D7F231E58E4230A247038C24741616&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320669908_54D7F231E58E4230A247038C24741616&sref=GIG&GIG=NO_DESK_SB&affiliateId=1&pid=85891437&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0zam4xo4m0xti2q31eeso5snd7; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320669908_54D7F231E58E4230A247038C24741616; BID=37950; PID=85891437; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320669908_54D7F231E58E4230A247038C24741616%26sref%3DGIG%26GIG%3DNO_DESK_SB%26affiliateId%3D1%26pid%3D85891437%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sun, 27 Nov 2022 12:03:04 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sun, 27 Nov 2022 12:03:04 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
ocsp.securetrust.com/
23.36.79.18200 OK 638 B IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
Hash 7fbbde345541e30617e85c34ecfc595a
e610225d6a556410936e496fc763a72dca15b058
45e36cdd75fc3482317bbd0b5e83cef2462281cec8272f0beee5a91f75df5494
POST / HTTP/1.1
Host: ocsp.securetrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 638
Date: Sun, 27 Nov 2022 12:03:04 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 7d8726abc129a171336f2dd77bd5a744
70e44f661b5e92374fa76db71d09c0ce504ade53
58e8477c9460c09b96bd6ef1c62776cb8f14e26385a67fcb585234e5195cbc5b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6118
Cache-Control: max-age=92750
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:04 GMT
Etag: "63820160-118"
Expires: Mon, 28 Nov 2022 13:48:54 GMT
Last-Modified: Sat, 26 Nov 2022 12:06:56 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 957 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash e19225e3eb562a3b6a86f7b8b47c38fb
ce3eb55448afd8fc9dfa4ac82f8743a009d5e142
c152526a02cb050650847e999ae141eae985472fbf73c5a843160b3b6bb06f79
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: application/javascript
content-length: 957
last-modified: Mon, 25 Apr 2022 12:18:31 GMT
etag: "3bd-5dd799309c310"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.10200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 06:32:03 GMT
expires: Thu, 23 Nov 2023 06:32:03 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 365461
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5304 Not Modified 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 304 Not Modified
date: Sun, 27 Nov 2022 12:03:04 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
108.161.188.132200 OK 1.1 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 108.161.188.132:0
Hash d9f5eadb4bea700205b7ead61fe1a81d
89d8e5732c23c299cdd0c74e009f0663ec9dc7c9
9e1517aeec6eabcf6ae0e568867cf94e3458c285423c92e69a1c4b446c443cd5
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: e38fcad5-d01e-005f-5d56-02a63e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
108.161.188.132301 Moved Permanently 178 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 108.161.188.132:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: text/html
content-length: 178
location: https://www.unibet.com/
server: NetDNA-cache/2.2
x-cache: MISS
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5304 Not Modified 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d; clientId=polopoly_desktop
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 304 Not Modified
date: Sun, 27 Nov 2022 12:03:04 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: font/woff2
content-length: 74320
x-amz-id-2: SYu1O0qpfKXkCwrmaUAdwYMduNJ5VDJjzq/NZ6aXI+KzwfjKy8q7ykU1NLQf0byh/jE10eMvTwc=
x-amz-request-id: X6VAEWBQXGEVXHTZ
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: "3638e62ea50e6f5859b6a15276c25c87"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 174682
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n4zFG%2BnE9urTXvkAUC13g9KZOQE%2FiTGGPw911Akqy6oB5S7cogpAuagY%2FcR6dZtgx3G8hW9wWfe0XlLXmNj3ZUasHmCOwcr%2FCsv0FyFGRIlW%2BETj6FN%2BQOEE4Fs3mN%2FWjQynqJ9y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770ab7f39fda4089-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
108.161.188.132200 OK 2.2 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 108.161.188.132:0
Hash f40026cf935e8f4310147964d5e14335
9c84eaaeb403e22336b4fae2bb7545973050b765
818b339d5dcb8a3e2c892525b7741ca62a3c0c44a7c1e6792f619a43c0bf8479
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 8ee92209-b01e-0049-2257-0250e9000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 318536
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
108.161.188.132200 OK 104 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
IP 108.161.188.132:0
Size 104 kB (103500 bytes)
Hash 0c09432388854f8e426adde07c6821d1
6c66f2374a4e0fe7b6cc10519386e2cfdae7e3a7
72392e4bb7c68f3e670057bd038eda38a6a80a0105d98c038d61639c06d8bb0c
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB10C7230"
x-ms-request-id: cca4574d-201e-0074-7c57-0226f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
108.161.188.132200 OK 11 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP 108.161.188.132:0
File type Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Hash 0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: font/woff2
content-length: 10924
cache-control: public, max-age=900, immutable
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: "0x8DACBBCB4A3B989"
x-ms-request-id: d76a6ae0-b01e-003b-1657-0257a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 14:07:32 GMT
expires: Thu, 23 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 338132
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.168200 OK 81 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.168:0
File type ASCII text, with very long lines (62112)
Hash 15f491f556963d6be86b1646d1b39cb2
1e58c57fa924c20545f37aacaa40b2ddd4ae4cd8
f72a29176308af3c463298b168cd78a25c754bff63067d54d2284c1a668b28f0
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 12:03:04 GMT
expires: Sun, 27 Nov 2022 12:03:04 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80711
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:21 GMT
expires: Thu, 23 Nov 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 318523
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c409bd3e61028d1ee92cb2a72f0f74fa
acca9bd606e7ceedf20333d0be72c75dab12d10a
c57b5f222a014ef087b6bb563193960172ca82d944cff272dac605a7577c1f66
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6521
Cache-Control: max-age=85937
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:04 GMT
Etag: "6381e530-118"
Expires: Mon, 28 Nov 2022 11:55:21 GMT
Last-Modified: Sat, 26 Nov 2022 10:06:40 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
108.161.188.132200 OK 421 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP 108.161.188.132:0
File type PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/x-icon
content-length: 421
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: "0x8DACBBCB155306D"
x-ms-request-id: 4263ecb4-b01e-0076-1457-02984a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
104.19.148.8200 OK 1.8 kB URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP 104.19.148.8:0
File type JSON data\012- , ASCII text, with very long lines (5061), with no line terminators
Hash 96a88268b74f55101da75ef7aff3aa61
366877937e0990f811ddf544e2d2c22e68239f9d
35623bb71dfebb8fca9a0153395b059c6eb8cb863cdb96d216cc14ff7e20bbbe
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:05 GMT
content-type: application/json
content-length: 1769
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sun, 27 Nov 2022 10:48:40 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 4465
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7f478050b59-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
185.89.210.101307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 185.89.210.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sun, 27 Nov 2022 12:03:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 8ffe7986-2e21-45aa-b173-9ce670000b52
Set-Cookie: uuid2=5293267935784565713; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 25-Feb-2023 12:03:05 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.10200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.10:0
Hash 1c32586f7c2779b1bc7d715625593cd1
56e996d5f4bae58ab17732aea3cc1dc3003025ff
a5e1ed10a7a15b139f53dcb4e54015d94fa1ae06a74d65a4db93f7503bdde871
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 12:03:04 GMT
date: Sun, 27 Nov 2022 12:03:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
104.19.148.8200 OK 27 kB URL HTTP/2 script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
IP 104.19.148.8:0
File type ASCII text, with very long lines (63889)
Hash 40a61971f3342753b240df82579098d2
75a44689092cd59612c3c77f4c3f353f5898c4b9
c53652de8d763aa53a2226f899e6c57434675b324a4e22b91bea1f217e99504a
GET /pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:05 GMT
content-type: text/javascript
content-length: 26836
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Fri, 18 Nov 2022 16:53:01 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 153490
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7f5ba250b3d-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
185.89.210.101200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 185.89.210.101:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 27 Nov 2022 12:03:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 0c5e8a71-fea2-4b62-a425-3059d562de0c
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2In:utKNz!]tbP6j2F-XstGt!@Dg6$n8Sb; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 25-Feb-2023 12:03:05 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.148.8200 OK 4.9 kB URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.148.8:0
File type ASCII text, with very long lines (12965), with no line terminators
Hash e8a46e1ae7ed6b8d2b8ec6acf1bbf877
8c66fd435c2a96e4c493d520ad654b0d6b9365a0
a29f3cac5fcc16269629eb3ad2772e31e4e531ff74a717ec9a52ea62fd8606c2
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:05 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sun, 27 Nov 2022 10:48:40 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 4465
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7f438a50b3d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 745edf4df6fae2795d50d5a4641c7564
4bf8eeccc017ef4a70e387bce0be8371a5187eba
1cf96274e3a2a3a6f1b032fe93f1dcfaf7987b547cd40c5ba33d9d57aa76ae7a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5975
Cache-Control: max-age=96919
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:05 GMT
Etag: "6382123a-117"
Expires: Mon, 28 Nov 2022 14:58:24 GMT
Last-Modified: Sat, 26 Nov 2022 13:18:50 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 745edf4df6fae2795d50d5a4641c7564
4bf8eeccc017ef4a70e387bce0be8371a5187eba
1cf96274e3a2a3a6f1b032fe93f1dcfaf7987b547cd40c5ba33d9d57aa76ae7a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2751
Cache-Control: max-age=93696
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 12:03:05 GMT
Etag: "6382123a-117"
Expires: Mon, 28 Nov 2022 14:04:41 GMT
Last-Modified: Sat, 26 Nov 2022 13:18:50 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
108.161.188.132200 OK 6.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 108.161.188.132:0
Hash fe91ad2cda6d107e2eb71a794a8a459f
a9ab542437b84993fd98d79c37095cee354b0386
8dc089b84317ce033491c85a01d191b3fed1a5a49231ea8df1abe0b80842df8b
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: 8b9d2dd9-501e-0041-2a56-024ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 9.7 kB URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash c615f4fb472f8a8e944e699b617cbcf4
c5c9671b22d4df21e46ba43360ebb1a4c8e2fbcd
98221e178a78adcd3aab9c155e7ea463af75eabd34f474b7aba5c8c78d5a57d3
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sun, 27 Nov 2022 12:03:05 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=5673035676d86e84e1020885961d5365422988ddd91ba9348b9a26a484558e53;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
108.161.188.132200 OK 5.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 108.161.188.132:0
Hash 554ffcaa981193965c7bb2dbfe849284
6a94f097e798bb7148cc91a25657e79cb02afb31
7e23df0efe83a7e8ae6864f0e14e99adccd10c249c41321aa1520cc5b16a7015
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: cd3f51c1-201e-0039-5a57-02e91e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
108.161.188.132200 OK 1.1 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 108.161.188.132:0
Hash 833e6108862e8d69ef57c48ee026b005
b3e83f554616abd5d3b8700bbd598ae4085caaef
3a440635d7566c787a123594a513ce6b76bcc55db0f35073876fd94d27a42d56
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: ea67a86c-801e-006d-5057-02a649000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
unibet.demdex.net/dest5.html?d_nsid=0
3.248.128.54200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 3.248.128.54:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sun, 27 Nov 2022 12:03:05 GMT
DCS: dcs-prod-irl1-2-v045-0305a06ee.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:22:24 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: /8aszjeaTOg=
Content-Length: 2791
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
108.161.188.132200 OK 1.7 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 108.161.188.132:0
Hash 89913e82ba9752cd5f41c27ef007fd46
19bf1aefb903e474ff5da1a39810a48d2a3c8d72
3de253babb9a1ce301fa4ab87aa72b8176e12bf84a778d6f8f0363ad329da16a
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: d3f9d6b1-a01e-0008-7556-02080d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
108.161.188.132200 OK 506 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 108.161.188.132:0
Hash 3dd3dcaa7eebc455b4ce720dfc9ebe74
bb0489c4a458eefca01a63ac398818f86a0db145
0a3dd5d0b8a6fc847b70587a2bfdb00cc56bd9ceecb9b7c04383b35113d3d18f
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB1D5BF7A"
x-ms-request-id: 3db46885-c01e-0021-2356-023679000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s82986662685107?AQB=1&ndh=1&pf=1&t=27%2F10%2F2022%2012%3A3%3A5%200%200&mid=86684614562274477800706168720379799145&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_54D7F231E58E4230A247038C24741616%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_54D7F231E58E4230A247038C24741616%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=12%3A03%20PM%7CSunday&v6=12%3A03%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1669550585&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669908%3A85891437-37950&v122=NONE&v124=2799402&v125=320669908_54D7F231E58E4230A247038C24741616&v126=85891437&v127=37950&v134=1669550584&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1152&bh=836&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
13.36.218.177200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s82986662685107?AQB=1&ndh=1&pf=1&t=27%2F10%2F2022%2012%3A3%3A5%200%200&mid=86684614562274477800706168720379799145&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_54D7F231E58E4230A247038C24741616%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_54D7F231E58E4230A247038C24741616%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=12%3A03%20PM%7CSunday&v6=12%3A03%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1669550585&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669908%3A85891437-37950&v122=NONE&v124=2799402&v125=320669908_54D7F231E58E4230A247038C24741616&v126=85891437&v127=37950&v134=1669550584&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1152&bh=836&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 13.36.218.177:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s82986662685107?AQB=1&ndh=1&pf=1&t=27%2F10%2F2022%2012%3A3%3A5%200%200&mid=86684614562274477800706168720379799145&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_54D7F231E58E4230A247038C24741616%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320669908%3A85891437-37950%26btag%3D320669908_54D7F231E58E4230A247038C24741616%26bid%3D37950%26campaignId%3D2799402%26pid%3D85891437&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=12%3A03%20PM%7CSunday&v6=12%3A03%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1669550585&v21=Not%20Logged-In&c73=unibet&v120=affiliate&v121=1%3A320669908%3A85891437-37950&v122=NONE&v124=2799402&v125=320669908_54D7F231E58E4230A247038C24741616&v126=85891437&v127=37950&v134=1669550584&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1152&bh=836&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Sun, 27 Nov 2022 12:03:05 GMT
expires: Sat, 26 Nov 2022 12:03:05 GMT
last-modified: Mon, 28 Nov 2022 12:03:05 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3585332581571493888-4619762229830939744
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash d3a5b4edb3e666614bdc18634f9588f7
7562e9eefe1da0a93c457950466c805d60278ddd
e43bf5f136f59507ca4d69c5fe57cdda15f97a857ea7237093725bff3f246800
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 12:03:05 GMT
Last-Modified: Sun, 27 Nov 2022 10:17:19 GMT
Server: ECS (dcb/7F5B)
X-Cache: Miss from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: h5nOphcu7EnLofONv9YdSeGT9kZ6xRS74tLQrL0xSngOt6RXMn7bnw==
Age: 6346
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.16.171.188200 OK 1.9 kB URL HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.16.171.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0d3b25d24a9f39a3b7b2a4b8f815ee20
e37c0026de1ea9a4d5a9931d9a4260b91c310201
71fcfaaef0187e7ee4a219f0cacddcbeedcc3f1f6a03d1e970e0a3711513dbf6
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:05 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 544
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7f68a0eb51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4NR_QAAAM1cmwOV
52.213.58.50302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y4NR_QAAAM1cmwOV
IP 52.213.58.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y4NR_QAAAM1cmwOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-07e4ed132.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4NR_QAAAM1cmwOV
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=65386803250198143043680718811483475085; Max-Age=15552000; Expires=Fri, 26 May 2023 12:03:05 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: nMXnSrm+RqU=
Content-Length: 0
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 5d36531f0dca1b774f3cbf347dbe9a98
832b72b2b0cb847dac8b11ea054dd3e9c27369ac
5f8d0f529a03c035331f8eeb716b0e7d37eee79191208bdc2799ef0d34be4b03
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=101494
Date: Sun, 27 Nov 2022 12:03:05 GMT
Etag: "63822b8c-1d7"
Expires: Mon, 28 Nov 2022 16:14:39 GMT
Last-Modified: Sat, 26 Nov 2022 15:06:52 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JZExJPzwvioJK1TLIJ7aGCgTuavYLKhql8YfjU3Eh0ByRRqSDO2B7g==
Age: 4067
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4NR_QAAAM1cmwOV
52.213.58.50200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4NR_QAAAM1cmwOV
IP 52.213.58.50:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4NR_QAAAM1cmwOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-034f2d6c4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: moIZFOwuRTI=
Content-Length: 59
Connection: keep-alive
tracking.crazyegg.com/clock?t=1669550585312&tk=49f5480a39da8ce7e59e73633af4ed5a
52.50.139.125200 OK 26 B URL HTTP/2 tracking.crazyegg.com/clock?t=1669550585312&tk=49f5480a39da8ce7e59e73633af4ed5a
IP 52.50.139.125:0
File type ASCII text, with no line terminators
Hash ea006284c30de981a28730d588f5083c
ffa669cbfa9eda1763a6d4a8eca66bedda39d621
752b0283ab03890a8ebe3be5b69bfa66f4f109f717d09d50f36fffa63dda9275
GET /clock?t=1669550585312&tk=49f5480a39da8ce7e59e73633af4ed5a HTTP/1.1
Host: tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Sun, 27 Nov 2022 12:03:05 GMT
content-type: text/plain
content-length: 26
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,400i,600,600i,700,700i
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,400i,600,600i,700,700i
IP 142.250.74.10:0
GET /css?family=Open+Sans:400,400i,600,600i,700,700i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 12:02:59 GMT
date: Sun, 27 Nov 2022 12:02:59 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
45.133.44.10200 OK 0 B URL HTTP/2 cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:01 GMT
content-type: image/png
content-length: 144379
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Tue, 29 Nov 2022 12:03:01 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
108.161.188.132200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 108.161.188.132:0
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: e1e5ba65-701e-0024-6857-02e4a2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
108.161.188.132200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 108.161.188.132:0
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB39EA46F"
x-ms-request-id: 46ab21a8-201e-0064-3857-02e39a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
zaline.diraya.my.id/300-1.js
104.21.24.51200 OK 0 B URL HTTP/2 zaline.diraya.my.id/300-1.js
IP 104.21.24.51:0
GET /300-1.js HTTP/1.1
Host: zaline.diraya.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dorothyfigueroa5.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:02:59 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"c88ed40783b929cacc8b343570ac9c6f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8hJKNq6Wf%2BN0UFe2FNGm64Rd2ZNibNahJM8wEyQ9LZLGk7fYPkVV3xG5vZvTEKgkD%2FVEIp%2FOLm0Rd4ecTVx0GRIWpwT%2FkcTygHR5sNdx2Qnt5ZKpNvaNyzJM%2FVWwI2p4pjIgd5ZA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 770ab7d3ec12fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.132.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.132.15:0
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: text/css
x-amz-id-2: Naym7hPmP6C6hux6VLJAAre0tbecqXaiQpMJaYu3vDn0x1vPpC32gtoDJkl7kXKmPPFbhKi1q5U=
x-amz-request-id: MZGFJRB14SZWS1MV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 82241
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RQADrWggxAxBRCx%2BJH2V4XhMe0zRZsJbwXd642NfZWS%2Fh6WKTtk3xzQBTTX3eafL%2FAV%2FxCnTubC3jy1ws93g7xMeEaN8zG8E2LE%2BWV0qRC%2Br7BFz3S4elOvYlMABdLs3TjTrn%2B%2FL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770ab7f2cf074089-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
108.161.188.132200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP 108.161.188.132:0
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: ec4207e3-101e-000d-4a46-02dad6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
108.161.188.132200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 108.161.188.132:0
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: 8317c0ac-e01e-0044-7557-02983d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.16.171.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.16.171.188:0
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:05 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 546
vary: Accept-Encoding
server: cloudflare
cf-ray: 770ab7f69a17b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
108.161.188.132200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 108.161.188.132:0
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: e4a25543-a01e-0055-4456-020289000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
108.161.188.132200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 108.161.188.132:0
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320669908:85891437-37950&btag=320669908_54D7F231E58E4230A247038C24741616&bid=37950&campaignId=2799402&pid=85891437
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a85891437%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1669550584142)%5c%2f%22%2c%22CookieTag%22%3a%223795085891437451240919C20221127123%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228476394555%7c1%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 12:03:04 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: 17d8a81b-d01e-004f-1557-026356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2