r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8b4f1afb0e830b797238d34ab9254aa
e011acef3d05c959a65205d53b651ecd18a889fe
f7ceff5b4fda083c7449b7298c232224cf48a632dcb87233b646790de207d49c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7CEFF5B4FDA083C7449B7298C232224CF48A632DCB87233B646790DE207D49C"
Last-Modified: Thu, 12 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12405
Expires: Sat, 14 Jan 2023 22:51:32 GMT
Date: Sat, 14 Jan 2023 19:24:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0643dc6b6fed33b3537160b6bb77bcbf
aa43bd1fbb30d2219f3285c1ee4991ffb33562c5
f137438e30e0d69cba77ca2eb736687873e4a9c06cf88d23c6d55ea930fde09f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F137438E30E0D69CBA77CA2EB736687873E4A9C06CF88D23C6D55EA930FDE09F"
Last-Modified: Sat, 14 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12633
Expires: Sat, 14 Jan 2023 22:55:20 GMT
Date: Sat, 14 Jan 2023 19:24:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7bd85a261739c122eefb74ffddaec99
e2e059b0740592e8591d432249aafe5fcb8af23c
71bdd130b8d143f228542f678e91c98ab4e5844fb9f47b036e15372660be25fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71BDD130B8D143F228542F678E91C98AB4E5844FB9F47B036E15372660BE25FD"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7130
Expires: Sat, 14 Jan 2023 21:23:38 GMT
Date: Sat, 14 Jan 2023 19:24:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 14 Jan 2023 18:42:03 GMT
content-type: application/json
age: 2565
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: On+i+LjFxN56xZXsWhRaII3gauyA7V9jyOhd+3GhRvFLEJpW6m37MPM0YAYPoAi+rw/6UWPJbTI=
x-amz-request-id: VV8BCQMZ428QYDPN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 14 Jan 2023 18:43:50 GMT
age: 2458
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
openingtowin.com/
104.26.4.243301 Moved Permanently 346 B IP 104.26.4.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c1d5af6b7e889f5bf194722167a84c18
a8d8b95bd436259459c5c35f0e79e617ef0db85c
5a61fcbf073411362cbc3414fbb5cb0f37f4ebb436fa7eb9f58481918dcaff87
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: openingtowin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 14 Jan 2023 19:24:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://openingtowin.com/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E32ptNhh9rNXJ9B98NIGRQJZxpIc9eZPbsJi8HD4aWIAnowyGyd2JUSk%2FwcGklbg5%2FxN2LLkd0nsn9dq%2FI5j9VECnq9X6kDFrC4OP4u2HCofqOG6prFccyodRgtcSxer7Zk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7898c0febc37b4ed-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 19:24:48 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 63a13dc1a78c2c03d48425d971364e36
3c406f5c7c6573451f32e1990e0ca873a40a19d7
2d64776619c1de7c9ed738216fc0dc992fb35cd22cd95b69542ad06fa3b5422d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2D64776619C1DE7C9ED738216FC0DC992FB35CD22CD95B69542AD06FA3B5422D"
Last-Modified: Sat, 14 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21596
Expires: Sun, 15 Jan 2023 01:24:44 GMT
Date: Sat, 14 Jan 2023 19:24:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 14 Jan 2023 18:33:45 GMT
age: 3063
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c01ec61f7ca77158f474b3ab519c12fa
fc82ae0fcd73a83a980b75709a08e65239894e4a
f533e0fac9b92e79d4fbd6e70b42a83067de95f0a13cc737d7e5fa459baa4c54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1826
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 19:24:48 GMT
Last-Modified: Sat, 14 Jan 2023 18:54:22 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
code.jquery.com/jquery-3.6.0.min.js
69.16.175.10200 OK 31 kB URL HTTP/2 code.jquery.com/jquery-3.6.0.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (65447)
Hash 899f0189aaf034bbba5340f724d91dfa
210ea9de03968edb9d839ba4a0ce2d48666a8ab8
949b6597c5ea907a7ef3c8ca6d5ffc73be2352f9df485b78704e5c4dabac5d0f
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://openingtowin.com
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 19:24:48 GMT
content-encoding: gzip
content-length: 30875
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d9d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-sp-metadata: HS256.CJCfjJ4GEocBCiRlNjNlOWQyNy01MDliLTQ2ZTYtYmYwMC1mMmRjYjdhNDYxZjEQ+OiCoKvU+wIaBgiAg4yeBiIMOTEuOTAuNDIuMTU0KO+LAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkNDc1YmRjMDQtMjkzZC00OTgwLWI4NTAtODQ1NDAxMDQwOTExGJvxASIYCAISFGNkczIxMC5zazEuaHdjZG4ubmV0./u4fb9I+YF44mOoqW9m9y/hQdmP/GCKQ8lIJZOdaz7k=
x-hw: 1673724288.dop203.sk1.t,1673724288.cds201.sk1.hn,1673724288.cds210.sk1.c
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
151.101.65.229200 OK 22 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
IP 151.101.65.229:0
File type ASCII text, with very long lines (65299)
Hash a5cbb97cf034dd181106adecdafe3035
5fca1af6c76dd3e609f7f92841e564df1281927a
5ae018daf5df2cd903f80162efbaa3e138e0ed47ff90a315f2e2c497dc88a890
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://openingtowin.com
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:48 GMT
age: 19412932
x-served-by: cache-fra19162-FRA, cache-bma1662-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21830
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
151.101.65.229200 OK 24 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP 151.101.65.229:0
File type ASCII text, with very long lines (65326)
Hash 849f3e827da80e4e4c6a8c49689f057d
035d81aaaf6da3ffa5ce241179a9e14d533e7a3b
9546dbb82c3facf833e4adb713ce7e57a34dd53f6b55697ef1e1877bdbd8bb73
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://openingtowin.com
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:48 GMT
age: 10181064
x-served-by: cache-fra19147-FRA, cache-bma1662-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24100
X-Firefox-Spdy: h2
i2.wp.com/9to5google.com/wp-content/uploads/sites/4/2020/10/Google-Camera-8.0-4K-UHD-60fps-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1
192.0.77.2200 OK 32 kB URL HTTP/2 i2.wp.com/9to5google.com/wp-content/uploads/sites/4/2020/10/Google-Camera-8.0-4K-UHD-60fps-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x628, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9afe45d36a2ba3a200dbf5ed9b20fc59
d5d29d7e4d4bd32856de6f7dba42aad76433cb64
08dea788e07a36bd836da04d13747447fa50028d6d7182c5e933119e3e042732
GET /9to5google.com/wp-content/uploads/sites/4/2020/10/Google-Camera-8.0-4K-UHD-60fps-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 19:24:49 GMT
content-type: image/webp
content-length: 32248
last-modified: Thu, 12 Jan 2023 09:27:08 GMT
expires: Sat, 11 Jan 2025 21:27:08 GMT
cache-control: public, max-age=63115200
link: <https://9to5google.com/wp-content/uploads/sites/4/2020/10/Google-Camera-8.0-4K-UHD-60fps-2.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "f772b7887ed79a4f"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d8350371382d1c4ae2d0db58ff370e5a
6d4f6439375716c71b620f75ab2714eb5fed2382
0ebdcc0abed3d4b32fc367f061dfb74f59c6f97ebb2c53e88f84db589ef109da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5925
Cache-Control: max-age=109944
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 19:24:49 GMT
Etag: "63c1f4d4-118"
Expires: Mon, 16 Jan 2023 01:57:13 GMT
Last-Modified: Sat, 14 Jan 2023 00:18:28 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 280
image.cnbcfm.com/api/v1/image/106891166-1622640866076-gettyimages-951362454-775150409ED00068_CinemaCon_.jpeg?v=1622640932
104.110.4.211200 OK 186 kB URL HTTP/2 image.cnbcfm.com/api/v1/image/106891166-1622640866076-gettyimages-951362454-775150409ED00068_CinemaCon_.jpeg?v=1622640932
IP 104.110.4.211:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2709x1800, components 3\012- data
Size 186 kB (186489 bytes)
Hash d0384eee86b8a8aa101d05cb8d569b59
9b6d67883e41030cacf5f5cd0beafa508a8b5df2
e353953a220c8df5169b7fe571b2e8d487abdcc9482f55f3e4e53e2d7f174c3f
GET /api/v1/image/106891166-1622640866076-gettyimages-951362454-775150409ED00068_CinemaCon_.jpeg?v=1622640932 HTTP/1.1
Host: image.cnbcfm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 186489
x-application-context: application:prod:18089
imageservice-release-version: 2.0.14
imageservice-application-version: v1
imageservice-revision: c1a8a89529ee421fc42b922163fec3878653a4d1
imageservice-requestid: H-1673515609540-6270713
access-control-allow-origin: *
access-control-allow-credentials: *
x-aicache-os: xxx.xx.4.65:18089
cache-control: max-age=2592000
expires: Mon, 13 Feb 2023 19:24:49 GMT
date: Sat, 14 Jan 2023 19:24:49 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.82.246.186101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.82.246.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S1pg8WE6hJFEo+6CUpGu8A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: m7JbsxAsGXVS8KX7GCKhsZmH6eE=
static.politico.com/26/6b/46c18fa24a4d84b5b1b971f28f24/6-3-21-capito-infrastructure-ap-773.jpg
172.64.155.55200 OK 1.0 MB URL HTTP/2 static.politico.com/26/6b/46c18fa24a4d84b5b1b971f28f24/6-3-21-capito-infrastructure-ap-773.jpg
IP 172.64.155.55:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1160x773, components 3\012- data
Size 1.0 MB (1019946 bytes)
Hash 297824281fd2036ddcd20cc00fac226b
e8896235e592fb1ee8c2c8d2d47530f3f50785b1
ae0eddecf81af2966e54cf46ab815462c2dd72935fe828dc1fbb5ef164498a97
GET /26/6b/46c18fa24a4d84b5b1b971f28f24/6-3-21-capito-infrastructure-ap-773.jpg HTTP/1.1
Host: static.politico.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 19:24:49 GMT
content-type: image/jpeg
content-length: 1019946
cache-control: public, max-age=31536000
cf-bgj: h2pri
etag: "297824281fd2036ddcd20cc00fac226b"
last-modified: Thu, 03 Jun 2021 22:44:45 GMT
x-amz-id-2: +uOz55dgsTZ3pLPCaKmSDUVx4F2Z+wRkbFoEZBvIUZRk5Ccp1L47iPFAmgvXrz/PEmomo1sv1fs=
x-amz-request-id: GGYD29R6VPPWNTCZ
x-amz-version-id: pG3LnBbe05C1fpdpTcbLXWjBKD6HLt7A
cf-cache-status: HIT
age: 72798
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqjJwgkMMh%2BrB13nUmX2r9qObfNzQC9CSnbGUux2D98R3IjEez6pp9aId6FcsuCy3oFQBFtsP%2BNvCMCqwDu7kZ54QUUsD0d3FfKheW%2BQyDd%2BXEVmNwEHwXreYqXtLvrEuRN8Klo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7898c1073fa00b45-OSL
X-Firefox-Spdy: h2
tvline.com/wp-content/uploads/2021/05/greys-anatomy-season-17-episode-17-kelly-mccreary-james-pickens-jr-anthony-hill.jpg?w=620
192.0.66.120200 OK 371 kB URL HTTP/2 tvline.com/wp-content/uploads/2021/05/greys-anatomy-season-17-episode-17-kelly-mccreary-james-pickens-jr-anthony-hill.jpg?w=620
IP 192.0.66.120:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 371 kB (370610 bytes)
Hash 3f1c74a7e3c0aeeb908d33d92b388627
6d7e41af00af41222103a1b8698f7611f7e8b8f0
f5a86a1dff487774514fd23eccc7c7d1f6343f42957bb6e038d24264aae4824d
GET /wp-content/uploads/2021/05/greys-anatomy-season-17-episode-17-kelly-mccreary-james-pickens-jr-anthony-hill.jpg?w=620 HTTP/1.1
Host: tvline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 19:24:49 GMT
content-type: image/webp
content-length: 370610
last-modified: Thu, 12 Jan 2023 09:27:08 GMT
expires: Fri, 12 Jan 2024 09:27:08 GMT
etag: "e951c27e17fe35b7"
vary: Accept
cache-control: max-age=2592000
x-rq: arn1 109 88 443
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
thehill.com/sites/default/files/paulrand_052821gn3_lead.jpg
151.101.65.91308 Permanent Redirect 0 B URL HTTP/2 thehill.com/sites/default/files/paulrand_052821gn3_lead.jpg
IP 151.101.65.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sites/default/files/paulrand_052821gn3_lead.jpg HTTP/1.1
Host: thehill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 308 Permanent Redirect
server: Varnish
retry-after: 0
location: https://thehill.com/wp-content/uploads/sites/2/2022/04/paulrand_052821gn3_lead.jpg
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:49 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1673724289.179886,VS0,VE0
state: HIT-SYNTH
content-length: 0
X-Firefox-Spdy: h2
static.foxnews.com/foxnews.com/content/uploads/2021/06/Keeping-Up-with-the-Kardashians.jpg
151.101.130.132200 OK 18 kB URL HTTP/2 static.foxnews.com/foxnews.com/content/uploads/2021/06/Keeping-Up-with-the-Kardashians.jpg
IP 151.101.130.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5d0f67a854c3328b2ea1ffeb0d4387d8
22686c9fc06c373f9551e5b7835966df39f3e4b3
9af44bff3a81e8c8fa0144e5c2fbc06bb4207bb63546a93b32b462d8a663b8b8
GET /foxnews.com/content/uploads/2021/06/Keeping-Up-with-the-Kardashians.jpg HTTP/1.1
Host: static.foxnews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=2592000, public
content-type: image/webp
etag: "tt/DTEQuIXJxc3/7amNN54D6UvlfZBg8WyVz3CnhJeA"
fastly-io-info: ifsz=214818 idim=1280x720 ifmt=jpeg ofsz=18278 odim=1280x720 ofmt=webp
fastly-stats: io=1
via: 1.1 varnish, 1.1 varnish
x-debug-path: /foxnews.com/content/uploads/2021/06/Keeping-Up-with-the-Kardashians.jpg
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:49 GMT
age: 876521
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,POST
access-control-allow-headers: *
access-control-allow-credentials: false
access-control-max-age: 86400
x-served-by: cache-iad-kcgs7200172-IAD, cache-bma1674-BMA
x-cache: HIT, HIT
x-cache-hits: 3, 1
x-timer: S1673724289.243512,VS0,VE1
vary: Accept
strict-transport-security: max-age=31557600
content-length: 18278
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 26380e6914b37a130f5d9469cea574aa
009e579e7f60dfe07cd7cfc6a36c383e0ecc7960
57801342947028bea3e8c68f4080eeab2c6f0d6658f7454ffb21cf9efdbb257f
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "57801342947028BEA3E8C68F4080EEAB2C6F0D6658F7454FFB21CF9EFDBB257F"
Last-Modified: Sat, 14 Jan 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2961
Expires: Sat, 14 Jan 2023 20:14:10 GMT
Date: Sat, 14 Jan 2023 19:24:49 GMT
Connection: keep-alive
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash 75b2d2c4afef32f5b32979b6ea1077b2
fecff0e281054232906e7b4835522d9fa340b85b
14d7c3137ce0dd637669dd3350099cda2bc9e24419031f63bd10c650998fe470
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 19:24:49 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "C64BEDE849A82172DE774A69A93C3C8FD6B275EB"
Expires: Sun, 15 Jan 2023 06:00:00 GMT
Last-Modified: Sat, 14 Jan 2023 18:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2042
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7898c107ec190b02-OSL
thehill.com/sites/default/files/article_images/psakijen_60421_gettyimages.jpg
151.101.65.91308 Permanent Redirect 0 B URL HTTP/2 thehill.com/sites/default/files/article_images/psakijen_60421_gettyimages.jpg
IP 151.101.65.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sites/default/files/article_images/psakijen_60421_gettyimages.jpg HTTP/1.1
Host: thehill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 308 Permanent Redirect
server: Varnish
retry-after: 0
location: https://thehill.com/wp-content/uploads/sites/2/2022/04/article_images-psakijen_60421_gettyimages.jpg
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:49 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1673724289.271912,VS0,VE0
state: HIT-SYNTH
content-length: 0
X-Firefox-Spdy: h2
cbsnews2.cbsistatic.com/hub/i/r/2021/06/03/d8c508c7-85cd-4b04-81b4-c154f93283d1/thumbnail/1200x630/d69fc3208f935b5398580a15510bb021/gettyimages-1231360193.jpg
151.101.245.188200 OK 80 kB URL HTTP/2 cbsnews2.cbsistatic.com/hub/i/r/2021/06/03/d8c508c7-85cd-4b04-81b4-c154f93283d1/thumbnail/1200x630/d69fc3208f935b5398580a15510bb021/gettyimages-1231360193.jpg
IP 151.101.245.188:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, comment: "d8c508c7-85cd-4b04-81b4-c154f93283d1", baseline, precision 8, 1200x630, components 3\012- data
Hash fb49c5b62006a09e561b448f0ebcdd3b
caace5d8c8e4c46d78154a4199952c04fa8ace7c
08f9c25a96ae98674c8a3650e712f9106a2d070e705eb467352e3bc29dafa8cb
GET /hub/i/r/2021/06/03/d8c508c7-85cd-4b04-81b4-c154f93283d1/thumbnail/1200x630/d69fc3208f935b5398580a15510bb021/gettyimages-1231360193.jpg HTTP/1.1
Host: cbsnews2.cbsistatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 03 Jun 2021 20:12:57 GMT
etag: "fb49c5b62006a09e561b448f0ebcdd3b"
content-type: image/jpeg
cache-control: max-age=5184000s
timing-allow-origin: *
link: <https://assets1.cbsnewsstatic.com/hub/i/r/2021/06/03/d8c508c7-85cd-4b04-81b4-c154f93283d1/thumbnail/1200x630/d69fc3208f935b5398580a15510bb021/gettyimages-1231360193.jpg>; rel="canonical"
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:49 GMT
via: 1.1 varnish
age: 208660
content-length: 80543
X-Firefox-Spdy: h2
thehill.com/wp-content/uploads/sites/2/2022/04/article_images-psakijen_60421_gettyimages.jpg
151.101.65.91200 OK 28 kB URL HTTP/2 thehill.com/wp-content/uploads/sites/2/2022/04/article_images-psakijen_60421_gettyimages.jpg
IP 151.101.65.91:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 827x551, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3542f0f7585f3b9abda67cb713afb576
b379da4199a3ba8084a5b7a750435b7cb245b52e
4b15c8634d1b982fe3a992d979360668f13d775e7d880ee13c7027a410a5733c
GET /wp-content/uploads/sites/2/2022/04/article_images-psakijen_60421_gettyimages.jpg HTTP/1.1
Host: thehill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://openingtowin.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
last-modified: Thu, 12 Jan 2023 09:33:39 GMT
expires: Fri, 12 Jan 2024 09:33:39 GMT
etag: "f2fdaad33bd346a0"
cache-control: max-age=2592000
x-rq: arn1 109 27 443
accept-ranges: bytes
x-origin-status-code: 200
date: Sat, 14 Jan 2023 19:24:49 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: HIT, MISS
x-cache-hits: 0
x-timer: S1673724289.332504,VS0,VE1
vary: Accept
state: PASS
content-security-policy: script-src 'unsafe-eval' 'none' 'nonce-QE5KJCU/FasZlaBUYmcAGw+6li4='
content-length: 27668
X-Firefox-Spdy: h2
a4.espncdn.com/combiner/i?img=%2Fphoto%2F2021%2F0526%2Fr858936_1296x729_16%2D9.jpg
23.36.76.122200 OK 148 kB URL HTTP/2 a4.espncdn.com/combiner/i?img=%2Fphoto%2F2021%2F0526%2Fr858936_1296x729_16%2D9.jpg
IP 23.36.76.122:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1296x729, components 3\012- data
Size 148 kB (148465 bytes)
Hash 910c2cbeaa45bcda5bee3e94628c2724
771bf7f24f7a6f25401ab1f4aeaa6f220ec0f694
49bd8f1b33b5de33cb8fd6cc457df6c1178e0867c76f6146188df1f1f17cc3b2
GET /combiner/i?img=%2Fphoto%2F2021%2F0526%2Fr858936_1296x729_16%2D9.jpg HTTP/1.1
Host: a4.espncdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 148465
last-modified: Wed, 26 May 2021 04:30:21 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=33858
expires: Sun, 15 Jan 2023 04:49:07 GMT
date: Sat, 14 Jan 2023 19:24:49 GMT
X-Firefox-Spdy: h2
media-cldnry.s-nbcnews.com/image/upload/t_nbcnews-fp-1200-630,f_auto,q_auto:best/newscms/2021_22/3480201/210603-mike-pence-ac-814p.jpg
104.110.0.138200 OK 120 kB URL HTTP/2 media-cldnry.s-nbcnews.com/image/upload/t_nbcnews-fp-1200-630,f_auto,q_auto:best/newscms/2021_22/3480201/210603-mike-pence-ac-814p.jpg
IP 104.110.0.138:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 120 kB (119618 bytes)
Hash 3347d258881156e77cbba5ff910bfe33
9f085db03e68a3076b1c5be98c1ac93e1e44847e
e17a5cbbd8856be6dd73dd16b08de0835381f5309c9280614846077517e6e902
GET /image/upload/t_nbcnews-fp-1200-630,f_auto,q_auto:best/newscms/2021_22/3480201/210603-mike-pence-ac-814p.jpg HTTP/1.1
Host: media-cldnry.s-nbcnews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 119618
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 445947609076603202566811780249321548143,502685259852572472855584767507892950218,7831a46e631c715519da9d0ce0a38b6b
content-disposition: inline; filename="210603-mike-pence-ac-814p.webp"
content-type: image/webp
etag: "3347d258881156e77cbba5ff910bfe33"
last-modified: Fri, 04 Jun 2021 01:38:33 GMT
server: cloudinary
timing-allow-origin: *
accept-ranges: bytes
x-served-by: cache-iad-kiad7000053-IAD
x-cache-hits: 1
x-timer: S1673515983.674850,VS0,VE1
cache-control: public, private, max-age=31349261
expires: Fri, 12 Jan 2024 15:32:30 GMT
date: Sat, 14 Jan 2023 19:24:49 GMT
strict-transport-security: max-age=2628000 ; preload
X-Firefox-Spdy: h2
cdn.cnn.com/cnnnext/dam/assets/210524132552-02-raman-pratasevich-file-2017-super-tease.jpg
96.6.16.166200 OK 70 kB URL HTTP/2 cdn.cnn.com/cnnnext/dam/assets/210524132552-02-raman-pratasevich-file-2017-super-tease.jpg
IP 96.6.16.166:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=11, description=Belarus police detain journalist Roman Protasevich in Minsk, Belarus, Sunday, March 26, 2017. Dozens protestors were detained d, manufacturer=Canon, model=Canon EOS-1D X Mark II, xresolution=380, yresolution=388, resolutionunit=2, software=Adobe Photoshop Lightroom Classic 8.4 (Macintosh), datetime=2021:05:24 13:25:37], baseline, precision 8, 1100x619, components 3\012- data
Hash 8bd866f33ca76b329d9b9ba208204e9e
6ea88009d12fb8cba83478b2b7d71bcedd5a54aa
887546c04bfddda0eb3dad9ee04f39909a95d0e4aa291f45b49fe6426e1b3a60
GET /cnnnext/dam/assets/210524132552-02-raman-pratasevich-file-2017-super-tease.jpg HTTP/1.1
Host: cdn.cnn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
content-length: 70418
server: Apache-Coyote/1.1
cache-control: max-age=3600
expires: Sat, 14 Jan 2023 20:24:49 GMT
date: Sat, 14 Jan 2023 19:24:49 GMT
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash fd86cf1cd5e843e769a14cb3fb690768
6fa632eab2e17f3219693b8c90c4860118619967
f1981ae85f87b1058ae8c8d5fdad8543d547be635dfde7edc91baf201a5e3682
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 14 Jan 2023 19:24:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 12 Jan 2023 13:30:40 GMT
Expires: Thu, 19 Jan 2023 13:30:39 GMT
Etag: "6fa632eab2e17f3219693b8c90c4860118619967"
Cache-Control: max-age=410149,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7898c108499b0b49-OSL
i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200/bx7v4sy3ig8vpwcazsci.jpg
151.101.66.166200 OK 138 kB URL HTTP/2 i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200/bx7v4sy3ig8vpwcazsci.jpg
IP 151.101.66.166:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x675, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 138 kB (138202 bytes)
Hash 06bd345dd8405b6dc4e458012d94e6f0
b9797e74ecd785b9385ca00b713f48c5127f66e8
1377de4e85711a8414ed3f339779dfb42da62cd3749bce616f08dcfe7b3cee16
GET /gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200/bx7v4sy3ig8vpwcazsci.jpg HTTP/1.1
Host: i.kinja-img.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
etag: "q2jUaJYswaNlnL/g4GSoCpu7KwL8Dc25HePi5PzFSkw"
fastly-io-info: ifsz=1640384 idim=4514x2520 ifmt=jpeg ofsz=138202 odim=1200x675 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: GfRAwpRyUU92tK2Z2qyD6P8mjQRLVIo9KrAOwb0VW0RnNFEB6t35zMNnAOs9BYkk6HS9qAlZ4iM=
x-amz-meta-cld-original-filename: multipartBody6147133100114926508asTemporaryFile
x-amz-meta-cld-surrogate-key: 367818403746581785365032882965061160161
x-amz-meta-cld-surrogate-reporting: width=4514,height=2520
x-amz-meta-cld-transformation-id: 10000011314925
x-amz-meta-cld-version: 1610663494
x-amz-request-id: M2ZXJNMVASP7WF2G
x-amz-storage-class: STANDARD_IA
x-amz-version-id: null
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:49 GMT
age: 413014
x-served-by: cache-iad-kcgs7200110-IAD, cache-bma1639-BMA
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1673724289.354616,VS0,VE5
vary: Accept
x-kinja-qs: auto=webp&enable=upscale&fit=crop&format=pjpg&frame=1&height=675&quality=80&width=1200
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
content-length: 138202
X-Firefox-Spdy: h2
s.hdnux.com/photos/01/16/10/22/20481215/13/rawImage.jpg
151.101.0.200200 OK 245 kB URL HTTP/2 s.hdnux.com/photos/01/16/10/22/20481215/13/rawImage.jpg
IP 151.101.0.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6, description=Hundreds of Alameda County workers lined up outside of St. Rose Hospital in Hayward, Calif. Friday, January 8, 2021to receive t, xresolution=346, yresolution=354, resolutionunit=2], baseline, precision 8, 2048x1364, components 3\012- data
Size 245 kB (244655 bytes)
Hash ac315814984c9b0bc369a13e5c199c9e
d0b8d8d160d7ae0e198f8c194f510a89b44811f5
88fd88b4b163108ff0f4de3925eb983e7cfe009a1b64960039a26f34fd0ad784
GET /photos/01/16/10/22/20481215/13/rawImage.jpg HTTP/1.1
Host: s.hdnux.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
last-modified: Sat, 17 Dec 2022 03:41:18 GMT
etag: "3bbaf-5effddbe1fa8c"
expires: Thu, 19 Jan 2023 09:33:39 GMT
referrer-policy: no-referrer-when-downgrade
content-type: image/jpeg
x-ttl: 31536000
cache-control: max-age=604800
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:49 GMT
via: 1.1 varnish
age: 208269
set-cookie: location_data={"is_eu":true,"country_code":"NO","postal_code":"1"}; path=/; SameSite=Strict; Secure
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1673724289.334419,VS0,VE1
vary: Fastly-SSL, X-is-eu
content-length: 244655
X-Firefox-Spdy: h2
www.investors.com/wp-content/uploads/2019/12/stock-Tesla-Model3-10-shutter.jpg
104.16.175.239200 OK 101 kB URL HTTP/2 www.investors.com/wp-content/uploads/2019/12/stock-Tesla-Model3-10-shutter.jpg
IP 104.16.175.239:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, orientation=upper-left], progressive, precision 8, 1065x600, components 3\012- data
Size 101 kB (100826 bytes)
Hash f27b03b1d944b2d3724fde5ca55cbf4c
68e4dec73427f3fb96f70f2e53fb9e8ab2791fc8
6f7f5b8b092fbc643167f81006472008599303a6b73378f73a8a3be281fd1578
GET /wp-content/uploads/2019/12/stock-Tesla-Model3-10-shutter.jpg HTTP/1.1
Host: www.investors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 19:24:49 GMT
content-type: image/jpeg
content-length: 100826
cf-ray: 7898c108ed291bfe-OSL
accept-ranges: bytes
age: 12639
cache-control: public, max-age=315360000
etag: "623bcc9c-19473"
expires: Tue, 11 Jan 2033 19:24:49 GMT
last-modified: Thu, 24 Mar 2022 01:42:52 GMT
vary: Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
cf-polished: origSize=103539
sid: 0
x-ibd-sid: 0
server: cloudflare
X-Firefox-Spdy: h2
assets-prd.ignimgs.com/2021/06/03/venus-1622740810073.jpg?width=1280
151.101.193.135200 OK 112 kB URL HTTP/2 assets-prd.ignimgs.com/2021/06/03/venus-1622740810073.jpg?width=1280
IP 151.101.193.135:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size 112 kB (112409 bytes)
Hash 128664b32bac24ace34d121586caee1b
73d9a5ba37064972d973be0bf8731bf10d344b10
64cd0edcd46f0ac8d342c6e370cf7c3d0300e71cbe118d567f7fa30c4b7538ae
GET /2021/06/03/venus-1622740810073.jpg?width=1280 HTTP/1.1
Host: assets-prd.ignimgs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
etag: "JyzxD/lGr82GNAtS0Sd0z2E6x3qOM7cqbqJLtatGlIk"
fastly-io-info: ifsz=594615 idim=1280x720 ifmt=jpeg ofsz=117981 odim=1280x720 ofmt=jpeg
fastly-stats: io=1
content-encoding: gzip
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:49 GMT
via: 1.1 varnish
age: 1330573
x-served-by: cache-iad-kiad7000094-IAD, cache-bma1656-BMA
x-cache: HIT, HIT
x-cache-hits: 14, 1
x-timer: S1673724289.392254,VS0,VE23
vary: Accept-Encoding
cache-control: max-age=7776000,public
content-length: 112409
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=7deea0368b
172.64.168.22200 OK 120 kB URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=7deea0368b
IP 172.64.168.22:0
File type ASCII text, with very long lines (60130)
Size 120 kB (119774 bytes)
Hash ec4146b1145496827dcecafdc55984f4
8a2f4eb3850f211965b2b336381e8f699753ddb6
1a5287262275be771b59b9119277b36487839b8f2a3c713867521a4405d2ca05
GET /releases/v5.15.4/css/free.min.css?token=7deea0368b HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://openingtowin.com/
Origin: https://openingtowin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 19:24:49 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2cf47d29654db45db9bba43a6d5a68e0.cloudfront.net (CloudFront)
x-amz-cf-pop: YTO50-P1
x-amz-cf-id: 8qNutejSGRCxq9cZJVb81Jsj8Z-tgSOjsIQJP-qADi8JcHzbrp2I4g==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVFJkQta1jvtfmQaq98iSVA5%2BUSGbNSTk1gd%2FM8XPNTXdrfkkj88J6AVb2vQRVorXEwb57VdKENLLTeIQlBKiFSaCSAvjimViBAPjgSKLgYHa7SnZl9IHEXaAmfHddHmGHrWbjPT9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7898c108db31f3eb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=7deea0368b
172.64.168.22200 OK 164 kB URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=7deea0368b
IP 172.64.168.22:0
File type ASCII text, with very long lines (26500)
Size 164 kB (164426 bytes)
Hash 20e8a4277f9596ab6708deab042e7155
697adebe041378fea843801bdea97ad4a445f896
d3180fce65c3f08efeda440e470e5af3b08c083d35bbba3de2cc610da03d4d12
GET /releases/v5.15.4/css/free-v4-shims.min.css?token=7deea0368b HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://openingtowin.com/
Origin: https://openingtowin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 19:24:49 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d7e35fb15b3339fbd8a9457f22308ea0.cloudfront.net (CloudFront)
x-amz-cf-pop: YTO50-P1
x-amz-cf-id: JOjKLRv9HD2vAXUvUoxQtvsJcBvnGlIX7YS159EQbyyCqwNESdhdvw==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPrPWNUpVekCruubDEq8UUPZ1xqww%2Bux93IeeZyG2%2Bn0S6Q5RsuaC58Id7BDwD%2FZl6rRlMJJKrvq4dc3zC1yYSlgFEn%2FmYR2XN%2F1hjoAW7sYrtmhPqc0t6pjhLdYfa2cX8O3LTJ3ZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7898c108fb53f3eb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
openingtowin.com/favicon.ico
172.67.69.101200 OK 547 B URL HTTP/2 openingtowin.com/favicon.ico
IP 172.67.69.101:0
File type MS Windows icon resource - 2 icons, 1x1, 2 colors, 1x1, 2 colors\012- data
Hash 052b4f9db09f659638c22021111714f8
cf8551d4309772f1a0b6e4cd0e1640abbd6f29fd
b67c12212d851c2dc7157b8831aaf937570f510c1a9a768aa78c05b172c3888b
GET /favicon.ico HTTP/1.1
Host: openingtowin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 14 Jan 2023 19:24:50 GMT
content-type: image/x-icon
last-modified: Fri, 13 Jan 2023 08:14:09 GMT
etag: W/"63c112d1-96"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2FflXSCUnPT%2ByBaDn29vHD1WvDkacTeSEvZJ8rr%2BLEfRdOuhspwLLQRQ%2FzNR2PGVe56aHiiBUrEJiQd%2B9BF6GLSEmdWhiGI2kCxYSxWvo5TuotzuIFwGB7DTgg1d7Lc4NEw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7898c10bccb6b527-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10728
Expires: Sat, 14 Jan 2023 22:23:38 GMT
Date: Sat, 14 Jan 2023 19:24:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10728
Expires: Sat, 14 Jan 2023 22:23:38 GMT
Date: Sat, 14 Jan 2023 19:24:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10728
Expires: Sat, 14 Jan 2023 22:23:38 GMT
Date: Sat, 14 Jan 2023 19:24:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d24ea1f095f492934a1f1c63f5d8590c
dade37148c9b9a941f93a8535d8ddc5de3952623
2d8e3f90eb347eb3479a6c5d20a1c2ca6a0560f335a6c6800948db2640e4c878
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8181
x-amzn-requestid: 7ada8fbd-58e6-4433-a532-b4a4ef93ac9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0paH-OIAMFg5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce3c-582529522dbb67ee728484f8;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AHjOmYxva5avyA3gt9DvYLas_B2ACimer5QRQOi919HDtSjnKq22lw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 10:27:20 GMT
age: 32250
etag: "dade37148c9b9a941f93a8535d8ddc5de3952623"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69cd0f59-3b24-4742-958c-e856dc02789f.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69cd0f59-3b24-4742-958c-e856dc02789f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7055d5db8f2f9c89dfab16c4fe3f11a5
29566fe8eb5c9d12b0584642dac170c93ba80b90
6510cf0eda1d062df3b81b2b797e9bfca73040cac874e80ae9b8ff70b0407302
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69cd0f59-3b24-4742-958c-e856dc02789f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 28db68a0-ab23-4bef-b415-54120d187f80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eZ0gWEF6IAMFT7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba3468-23b24e4a2c863aed25e0c81e;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 03:11:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lkGbybdV4gBs1HNNzdVIBzyA5Akcx2T4YZX9Q1kR847Q33pG8sJ67w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:49:18 GMT
age: 77732
etag: "29566fe8eb5c9d12b0584642dac170c93ba80b90"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1378f107c1996ade14a8fe7fd728072
f52d98d9a0d1d343a539689ea14acf99e148cf8c
4be994757ec7ec42929590169de199e927889261334e258903a0929a1055047d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9154
x-amzn-requestid: fbb1140d-7ec2-4f86-8761-5d04601af70e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAkCEN2IAMFuMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7ae6-4baebf1104f9cf2a0ee8a538;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:13:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jlRcVyQppaQaPPMKaqadtaEHfdOYXXXbnfrr44l_2E2qaOoh_O0Mog==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 04:10:18 GMT
age: 54872
etag: "f52d98d9a0d1d343a539689ea14acf99e148cf8c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a23d61d610c7b55d943fcb2636a01b65
82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065
28bf3039cc8c1213e64893c71bc150eda573223feb2cc15ad0814a44960d434a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9539
x-amzn-requestid: eb427fd6-c342-4a22-af45-ecc528cf4a8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: epfDqEAZIAMFudQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0787d-4f61ecd2422081224869da76;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 21:15:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RRMRT2BC5p1x0Vh20ut0Kjbz2mnaNToUIbzIg9oczduvzYCckvFORA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 12:46:14 GMT
age: 23916
etag: "82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2363dbe7bb6a459853d8d19cab50e70b
ded76de1dd453e40dbf6eaa8607cf19fac7f71a4
f96da6354cec52143768014c36ba2b298224a58b0bf38bd2aa5f3bfce69d8670
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7447
x-amzn-requestid: dd3543b7-4e6b-4605-acea-a21d39af02ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0qSFjAIAMF7HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce41-56e2ccc63669032d70cba0ba;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AYaeawnEmwHkyx3h-yliVx-ARcRB3W5kbtFH5tARnL3YMD6e4WYAQw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:49:01 GMT
age: 77749
etag: "ded76de1dd453e40dbf6eaa8607cf19fac7f71a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64ba27a2f0a3bc61bd325f1fb317b755
c65c58476b66cbb6269ba1d8412d270a0a003ae3
5f7f03752f8a7c8c08d92512ae93b193ea37f59354503c3129d33fd2910f87e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9135
x-amzn-requestid: 2c5e9de0-9244-43ac-b7c4-712cbcf7038c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAnoG6roAMFzgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7afd-7fb640b30bab63bc1979a173;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:14:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SUGIIWi8jWe9RoRu-3dQXvLAddjwjH05V1ubKzEOEQrFonzVjQdbtw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 03:33:07 GMT
age: 57103
etag: "c65c58476b66cbb6269ba1d8412d270a0a003ae3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.washingtonpost.com/wp-apps/imrs.php?src=https://arc-anglerfish-washpost-prod-washpost.s3.amazonaws.com/public/G5K344WESUI6XCNEW6XCFKQZHY.jpg&w=1440
104.110.5.173200 OK 352 kB URL HTTP/2 www.washingtonpost.com/wp-apps/imrs.php?src=https://arc-anglerfish-washpost-prod-washpost.s3.amazonaws.com/public/G5K344WESUI6XCNEW6XCFKQZHY.jpg&w=1440
IP 104.110.5.173:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 352 kB (352202 bytes)
Hash 0f4864c4ada343dfc6f310993275edb5
71fade2d6aa2aad748f232484a81959bfd5eef39
3c4973d12a2a9fd471df194c3a70bd38e73506f3e3b364a7749dd80d90f6aa73
GET /wp-apps/imrs.php?src=https://arc-anglerfish-washpost-prod-washpost.s3.amazonaws.com/public/G5K344WESUI6XCNEW6XCFKQZHY.jpg&w=1440 HTTP/1.1
Host: www.washingtonpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "8b759ea7256bd9b961560c181811d643"
last-modified: Thu, 21 Apr 2022 16:03:17 GMT
akamai-true-ttl: 31536000, 31536000, 31536000
content-length: 352202
content-type: image/webp
expires: Thu, 21 Dec 2023 10:31:06 GMT
date: Sat, 14 Jan 2023 19:24:49 GMT
cache-control: no-transform, max-age=31536000
set-cookie: wp_ak_wab=0|1|1|0|1|20220711; max-age=31536000; path=/; domain=.washingtonpost.com; SameSite=None; secure
wp_geo=NO||||EEA; max-age=3600; path=/; domain=.washingtonpost.com; SameSite=None; secure
content-security-policy: upgrade-insecure-requests
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
openingtowin.com/
172.67.69.101200 OK 0 B IP 172.67.69.101:0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: openingtowin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 14 Jan 2023 19:24:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIra3PS5KW81GHLEkJ6%2FJdDyY1u59x6MvYlljyw2nKbwsDcWHGowdymomy9fJIvBYXBKP9TLzsjCG9TGSffJe%2BMAcL4H1MArqkqlOwcrQtzW%2FjvyANbdhPXFFKFd4lL8IJU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7898c1023ebcb527-OSL
content-encoding: br
X-Firefox-Spdy: h2
images.wsj.net/im-347810/social
54.230.111.67200 OK 0 B URL HTTP/2 images.wsj.net/im-347810/social
IP 54.230.111.67:0
GET /im-347810/social HTTP/1.1
Host: images.wsj.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
date: Thu, 12 Jan 2023 09:26:57 GMT
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: public, max-age=6048800
phis: imu-20210602212637947
x-powered-by: PHIS
edge-cache-tag: nrtools.im.prod.im-347810,nrtools.im.prod.im-347810_1280x640
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kXuWVopky05umXnoUQib0gSWp3Dp5dV_SmjvikvJdEBLDLOCRRKreg==
age: 208672
X-Firefox-Spdy: h2
kit.fontawesome.com/7deea0368b.js
104.18.23.52200 OK 0 B URL HTTP/2 kit.fontawesome.com/7deea0368b.js
IP 104.18.23.52:0
GET /7deea0368b.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://openingtowin.com
Connection: keep-alive
Referer: https://openingtowin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 19:24:49 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FzmkCUtIwAC6q1ooJQXB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7898c105d860b529-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=7deea0368b
172.64.168.22200 OK 0 B URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=7deea0368b
IP 172.64.168.22:0
GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=7deea0368b HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://openingtowin.com/
Origin: https://openingtowin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 19:24:49 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 81f76a57a3b40a803013e33a76a4e06e.cloudfront.net (CloudFront)
x-amz-cf-pop: YTO50-P1
x-amz-cf-id: dhIE2lRaAUYKG4E7kX15FQlUOKW2ASmaI3eqT8vgz4RBTRgxj0k6xQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPNrvEqcLeYSTNY0cE3ToamLmi7IntQndzJF1OUlq%2BiIVPhiJLADJaDfp0BV%2BRYeObKT7fEbaIHW4VaJ6Yyrqu9%2FZuypNbV99f5Ror9w5Kxj8P4EtU68hk0DsEEIHrfvyArZyN0XwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7898c108cb2df3eb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thehill.com/wp-content/uploads/sites/2/2022/04/paulrand_052821gn3_lead.jpg
151.101.65.91404 Not Found 0 B URL HTTP/2 thehill.com/wp-content/uploads/sites/2/2022/04/paulrand_052821gn3_lead.jpg
IP 151.101.65.91:0
GET /wp-content/uploads/sites/2/2022/04/paulrand_052821gn3_lead.jpg HTTP/1.1
Host: thehill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://openingtowin.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx
content-type: text/html; charset=utf-8
x-rq: arn1 109 140 443
x-origin-status-code: 404
accept-ranges: bytes
date: Sat, 14 Jan 2023 19:24:49 GMT
via: 1.1 varnish
x-served-by: cache-bma1647-BMA
x-cache: EXPIRED, MISS
x-cache-hits: 0
x-timer: S1673724289.304888,VS0,VE27
vary: Accept-Encoding
state: PASS
content-security-policy: script-src 'unsafe-eval' 'none' 'nonce-QE5KJCU/FasZlaBUYmcAGw+6li4='
X-Firefox-Spdy: h2