r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6241
Expires: Fri, 18 Nov 2022 16:17:20 GMT
Date: Fri, 18 Nov 2022 14:33:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2606
Cache-Control: max-age=160874
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:19 GMT
Etag: "63775eeb-1d7"
Expires: Sun, 20 Nov 2022 11:14:33 GMT
Last-Modified: Fri, 18 Nov 2022 10:31:07 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3a38b6dd8a4cc335c026aebf2ed348b6
8a386e0ccb0ca4dc502746c45b2ebc3aa3f83cf8
8b4040a645cec1841a00a22765eb3a74978559daf15c54bd4b41b6b48aab7f95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6931
Expires: Fri, 18 Nov 2022 16:28:50 GMT
Date: Fri, 18 Nov 2022 14:33:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 13:44:48 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2911
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: tTG/11KnbVhNq8/EwIwEXIKCrV4bvT88vSVJXXB1XCWsoS/hfvqOUXyFKheol5cTHNB3aeoHKDY=
x-amz-request-id: BH9ESGHAP4KGRX90
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 14:15:38 GMT
age: 1061
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 14:33:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
webmail.psdurres.com/
108.167.158.61200 OK 12 kB IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10601)
Hash f6d49ef2a430a2850ab90a6d5dd4b5dd
1d4126d3caf6089e1ec81bc55faccc1806ee4b1b
369256ba01e8296dcce4dadba90bca0a411b497faa23f01b781233686a48f0e6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:19 GMT
Server: Apache
Content-Type: text/html; charset="utf-8"
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, private, no-cache, no-store, must-revalidate, private
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 12153
Set-Cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=80
webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; HttpOnly; path=/; port=80
roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=80
roundcube_sessauth=expired; HttpOnly; domain=webmail.psdurres.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=80
Horde=expired; HttpOnly; domain=.webmail.psdurres.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=80
horde_secret_key=expired; HttpOnly; domain=.webmail.psdurres.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=80
Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=80
Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=80
PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=80
imp_key=expired; HttpOnly; domain=webmail.psdurres.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=80
roundcube_cookies=enabled; HttpOnly; expires=Sat, 18-Nov-2023 14:33:19 GMT; path=/; port=80
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/open_sans.min.css
108.167.158.61200 OK 526 B URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/open_sans.min.css
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (6478), with no line terminators
Hash 37aad43ded2a6135bce251117cbe5f63
69119b2efd10aadfb9c075e555c159ab2d0b9b2b
0c0231030679dcc49ca7a5a22b472a53618584bb6c4e93ab63f396f2e3ec01de
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/open_sans.min.css HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:19 GMT
Server: Apache
Content-Type: text/css
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:19 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 526
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 14:25:01 GMT
cache-control: public,max-age=3600
age: 498
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/style_v2_optimized.css
108.167.158.61200 OK 27 kB URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/style_v2_optimized.css
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (36306)
Hash 268a3be2c99f5c426e0a9c6d1511032e
29c93cf8f9a6676407e8c3c254bac0b54ffa2a92
eef81472a2fbf1ecefba5410c8fe5884d0496a8139550758820dae7c5a4a03fe
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1631732355/unprotected/hostgator/style_v2_optimized.css HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:19 GMT
Server: Apache
Content-Type: text/css
Last-Modified: Wed, 15 Sep 2021 18:59:15 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:19 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 27212
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5937
Cache-Control: max-age=159154
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:19 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 10:45:53 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
cdn.optimizely.com/js/13477600374.js
23.38.200.155200 OK 99 kB URL HTTP/2 cdn.optimizely.com/js/13477600374.js
IP 23.38.200.155:0
File type ASCII text, with very long lines (65468)
Hash 47f5d4c33f9ad50c4e3a58cc866e9444
14c87c887b805b2e524b10caff55ddd6da97bcd0
aae4f16d167a8a1d64d9fbaef61ebcad04cbcabc629ed98378261c6208a38184
GET /js/13477600374.js HTTP/1.1
Host: cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: oRKeMCjsB6zf2VYWhJ2EJpm2SmWHz2SLMDYoT+jzCf+lSZr43pWNfoWxnxKELikHt3OalpKhmsU=
x-amz-request-id: 448PB9HCV9MFF4M1
x-amz-replication-status: COMPLETED
last-modified: Thu, 17 Nov 2022 19:56:09 GMT
etag: "47f5d4c33f9ad50c4e3a58cc866e9444"
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 10561
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: 5rYPtgO994AfZ2zo7jTk3Dhi.XBTewSD
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
server: AmazonS3
content-length: 99393
vary: Accept-Encoding
cache-control: max-age=120
date: Fri, 18 Nov 2022 14:33:19 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="2";dur=0,cdnip;desc="23.38.200.155";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
webmail.psdurres.com/cPanel_magic_revision_1660251973/unprotected/hostgator/images/webmail-logo.svg
108.167.158.61200 OK 2.4 kB URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1660251973/unprotected/hostgator/images/webmail-logo.svg
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5359)
Hash 909c40a0b2e364625e4356e8426d3fc9
647d1918fa5dbb1c38f9865bf86697067463adc6
c89739465a9509dbc3f71be455e331ae62fec45102bd10dbf893f37cdc83a132
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1660251973/unprotected/hostgator/images/webmail-logo.svg HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: image/svg+xml
Last-Modified: Thu, 11 Aug 2022 21:06:13 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 2399
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
www.googletagmanager.com/gtm.js?id=GTM-PPNLL2
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-PPNLL2
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash f7306f9da50817ff4d29cae1cacb7879
1d17822a6d9f3fe9054be84744744364108f754a
c999f86febec3fafac94da0ff4feecc36f415a7641296b5c756d4010ed5674e1
GET /gtm.js?id=GTM-PPNLL2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-PPNLL2
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 18 Nov 2022 14:33:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/notice-error.png
108.167.158.61200 OK 1.0 kB URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/notice-error.png
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash a3265cc598ae28633c060889e790f80c
57530d6996c8f36711ef05681474b8f63d4184b3
bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1631732355/unprotected/hostgator/images/notice-error.png HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/style_v2_optimized.css
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled; optimizelyEndUserId=oeu1668781998341r0.5790914030447353
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 15 Sep 2021 18:59:15 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 1026
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/icon-password.png
108.167.158.61200 OK 450 B URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/icon-password.png
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 7ac1cefcb7eab93c6d6981ecde6c1635
1523f8cb80ab19108549d0b7db31a58b71c05d39
a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1631732355/unprotected/hostgator/images/icon-password.png HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/style_v2_optimized.css
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled; optimizelyEndUserId=oeu1668781998341r0.5790914030447353
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 15 Sep 2021 18:59:15 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 450
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/OpenSans-Regular-webfont.woff
108.167.158.61200 OK 23 kB URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/OpenSans-Regular-webfont.woff
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 22660, version 1.0\012- data
Hash 79515ad0788973c533405f7012dfeccd
5092881fad2caffdc6bf71bdab1ea547b73d3564
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/OpenSans-Regular-webfont.woff HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/open_sans.min.css
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled; optimizelyEndUserId=oeu1668781998341r0.5790914030447353
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 22660
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/icon-username.png
108.167.158.61200 OK 320 B URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/icon-username.png
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 07ff84f8c855e5fe9d510ff5c9a4b1e4
11c262053e2b9be57d1dba7cb3d916ef041a0e50
05ce0f813e6236158fa1d115faba62cd2041aab1878cac0960a0f45575cece1e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1631732355/unprotected/hostgator/images/icon-username.png HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/style_v2_optimized.css
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled; optimizelyEndUserId=oeu1668781998341r0.5790914030447353
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 15 Sep 2021 18:59:15 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 320
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
push.services.mozilla.com/
34.213.140.56101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.140.56:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6GGUZVOLO1dsCeXjN6GSVg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: c5OQDUEECwhAXS98RLEtJLG8deg=
www.googletagmanager.com/gtm.js?id=GTM-PPNLL2
142.250.74.168200 OK 103 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PPNLL2
IP 142.250.74.168:0
File type ASCII text, with very long lines (38874)
Size 103 kB (103065 bytes)
Hash ec87f451d5edf56f36e63bd6ba138121
670b391dd129078b9cf16cad237e85136a274270
d6a9d3a570129b278c7bd03812318af97bec4e5fbd79e5e0e21e1152616fecfd
GET /gtm.js?id=GTM-PPNLL2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://webmail.psdurres.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 18 Nov 2022 14:33:20 GMT
expires: Fri, 18 Nov 2022 14:33:20 GMT
cache-control: private, max-age=900
last-modified: Fri, 18 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 103065
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/OpenSans-Bold-webfont.woff
108.167.158.61200 OK 22 kB URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/OpenSans-Bold-webfont.woff
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 22432, version 1.0\012- data
Hash 2e90d5152ce92858b62ba053c7b9d2cb
8cf65f42a2a8c349ccd6ab63b6cbd17c96fd665c
a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/OpenSans-Bold-webfont.woff HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/open_sans.min.css
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled; optimizelyEndUserId=oeu1668781998341r0.5790914030447353
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 22432
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/warning.png
108.167.158.61200 OK 1.1 kB URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/warning.png
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash a64b8c7407bf94cc4448cb210bb882e7
a526cf52b2c5b6c2d0409b886de4aa968000fcd8
7ecb82019606d891c5197d2f8ba24ec323d9b10a089facc82d089ff1ec3d399b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1631732355/unprotected/hostgator/images/warning.png HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/style_v2_optimized.css
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled; optimizelyEndUserId=oeu1668781998341r0.5790914030447353; timezone=Etc/UTC
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 15 Sep 2021 18:59:15 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 1060
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/notice-info.png
108.167.158.61200 OK 976 B URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/notice-info.png
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 14146cf832470d9beca95a708a1d6f8d
d4b506f92876baea69409f3a78c4718757a53b33
95f8a142dd96c310afeb75329ef504f162ab3102a81fc07f20b268361990f526
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1631732355/unprotected/hostgator/images/notice-info.png HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/style_v2_optimized.css
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled; optimizelyEndUserId=oeu1668781998341r0.5790914030447353; timezone=Etc/UTC
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 15 Sep 2021 18:59:15 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 976
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/notice-success.png
108.167.158.61200 OK 962 B URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/images/notice-success.png
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 0a0ec2a6468d4d1aa3fc2baa70271ac8
a31fb01790aca8dc1976450e4234cb6ccc328956
cafbe3036533fe094931f5745f8cb9962a34409522e93d63ac8427acb9a02c79
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1631732355/unprotected/hostgator/images/notice-success.png HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/cPanel_magic_revision_1631732355/unprotected/hostgator/style_v2_optimized.css
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled; optimizelyEndUserId=oeu1668781998341r0.5790914030447353; timezone=Etc/UTC
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 15 Sep 2021 18:59:15 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 962
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/OpenSans-Semibold-webfont.woff
108.167.158.61200 OK 23 kB URL HTTP/1.1 webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/OpenSans-Semibold-webfont.woff
IP 108.167.158.61:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 22908, version 1.0\012- data
Hash 697574b47bcfdd2c45e3e63c7380dd67
4590722b795938e0b6ff1b99701d1abe37aeabef
26b216fadb2ffcd542ca56c2d84f9918f62e40de89bf88b4211fffacd2a4ad83
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1
Host: webmail.psdurres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://webmail.psdurres.com/cPanel_magic_revision_1616517441/unprotected/hostgator/fonts/open_sans/open_sans.min.css
Cookie: webmailsession=%3a2Bvj44bvqtB22LOo%2caa216482dcf26b455277415ad247922b; roundcube_cookies=enabled; optimizelyEndUserId=oeu1668781998341r0.5790914030447353
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 14:33:20 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Tue, 23 Mar 2021 16:37:21 GMT
Cache-Control: max-age=5184000, public
Expires: Tue, 17 Jan 2023 14:33:20 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 22908
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
cdn3.optimizely.com/js/geo4.js
104.110.9.127200 OK 302 B URL HTTP/1.1 cdn3.optimizely.com/js/geo4.js
IP 104.110.9.127:0
Hash 56e10233eaa57653e63ee929e1c619cf
864e4dfc0f6b0a2d73680b80eb476003b303eab7
4515bfcea10a9dfd175ba279138db6023e67d536edb9c9b542b4af85d8fc7146
GET /js/geo4.js HTTP/1.1
Host: cdn3.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/
HTTP/1.1 200 OK
Server: AmazonS3
Content-Length: 302
Content-Type: application/javascript
x-amz-id-2: loliDaOn4KUzoN31Z5msbI3R6cAVr5vDXx7Fz1bTz/wg17ywd6/W1z1jFyM7hpvEyXRTQOZfhl8=
Vary: Accept-Encoding
x-amz-version-id: F8W1XaLRNmnJXrMgZ6ZMuxtE6L376GC.
x-amz-server-side-encryption: AES256
ETag: "8777c006589ecabfa3d63a6b5bf24393"
x-amz-replication-status: COMPLETED
x-amz-request-id: 4YSEQAXQGR2X4TNS
Cache-Control: max-age=86005
Date: Fri, 18 Nov 2022 14:33:20 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af11bb94a0e548b9b4d9289dfb071ca0
a5126b377181a1cfa97f2615df8dff43a27cdadf
407405cc365ae725a1279b378736139fa6f29f5ebc32ea53e81f3a734bf78d03
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1693
Cache-Control: max-age=151648
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:20 GMT
Etag: "63773e73-1d7"
Expires: Sun, 20 Nov 2022 08:40:48 GMT
Last-Modified: Fri, 18 Nov 2022 08:12:35 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39007), with no line terminators
Hash 22e2e3226eb5ada04929a2e43307eeda
04615fa88f80567974bdeb0f103ca5909746ebd7
41feebdfb0b03cd7fee2eb886adef6f3f1f85d3f14215e9a388d2a50e42efb9b
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.psdurres.com/
HTTP/1.1 200 OK
Cache-Control: private,max-age=1800
Content-Length: 11421
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 09 Nov 2022 21:23:50 GMT
Accept-Ranges: bytes
ETag: "077538f81f4d81:0"
Vary: Accept-Encoding
Set-Cookie: MUID=3614FAC8D9E367C719F0E8A8D81666B5; domain=.bing.com; expires=Wed, 13-Dec-2023 14:33:20 GMT; path=/; SameSite=None; Secure; Priority=High;
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 7938F57B3D174C3C9E4BD092B220F3ED Ref B: OSL30EDGE0222 Ref C: 2022-11-18T14:33:20Z
Date: Fri, 18 Nov 2022 14:33:20 GMT
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: dTdqfUXAkv/d8V50gYqWcBU4ilnj2AwzCl2q9uWXEd0yPZW+q8N5ekS3u9AIT5PJVMq0CXVFWbHFY6HtvTfNXA==
priority: u=3,i
content-length: 27340
x-fb-trip-id: 1904183273
date: Fri, 18 Nov 2022 14:33:20 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af11bb94a0e548b9b4d9289dfb071ca0
a5126b377181a1cfa97f2615df8dff43a27cdadf
407405cc365ae725a1279b378736139fa6f29f5ebc32ea53e81f3a734bf78d03
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1693
Cache-Control: max-age=151648
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:20 GMT
Etag: "63773e73-1d7"
Expires: Sun, 20 Nov 2022 08:40:48 GMT
Last-Modified: Fri, 18 Nov 2022 08:12:35 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
bat.bing.com/action/0?ti=5797759&Ver=2&mid=a68d1ba6-dafc-459a-aa8f-2f6f345e53b1&sid=f1f9ecd0674d11edb67bd5461406e55b&vid=f1fa0530674d11ed8e41c9a117a173f9&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Webmail%20Login&p=http%3A%2F%2Fwebmail.psdurres.com%2F&r=<=1218&evt=pageLoad&sv=1&rn=659758
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=5797759&Ver=2&mid=a68d1ba6-dafc-459a-aa8f-2f6f345e53b1&sid=f1f9ecd0674d11edb67bd5461406e55b&vid=f1fa0530674d11ed8e41c9a117a173f9&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Webmail%20Login&p=http%3A%2F%2Fwebmail.psdurres.com%2F&r=<=1218&evt=pageLoad&sv=1&rn=659758
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=5797759&Ver=2&mid=a68d1ba6-dafc-459a-aa8f-2f6f345e53b1&sid=f1f9ecd0674d11edb67bd5461406e55b&vid=f1fa0530674d11ed8e41c9a117a173f9&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Webmail%20Login&p=http%3A%2F%2Fwebmail.psdurres.com%2F&r=<=1218&evt=pageLoad&sv=1&rn=659758 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3FBFA086860963630A7EB2E687FC62BB; domain=.bing.com; expires=Wed, 13-Dec-2023 14:33:20 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EB7193CF37F643858EF6F535263D9A29 Ref B: OSL30EDGE0114 Ref C: 2022-11-18T14:33:20Z
date: Fri, 18 Nov 2022 14:33:20 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=393095817498804&ev=PageView&dl=http%3A%2F%2Fwebmail.psdurres.com%2F&rl=&if=false&ts=1668781998985&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1668781998984.1738141254&it=1668781998843&coo=false&tm=1&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=393095817498804&ev=PageView&dl=http%3A%2F%2Fwebmail.psdurres.com%2F&rl=&if=false&ts=1668781998985&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1668781998984.1738141254&it=1668781998843&coo=false&tm=1&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=393095817498804&ev=PageView&dl=http%3A%2F%2Fwebmail.psdurres.com%2F&rl=&if=false&ts=1668781998985&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1668781998984.1738141254&it=1668781998843&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 18 Nov 2022 14:33:20 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071979603/?random=1668781999058&cv=11&fst=1668781999058&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fwebmail.psdurres.com%2F&tiba=Webmail%20Login&auid=2040827201.1668781999&rfmt=3&fmt=4
142.250.74.162200 OK 855 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1071979603/?random=1668781999058&cv=11&fst=1668781999058&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fwebmail.psdurres.com%2F&tiba=Webmail%20Login&auid=2040827201.1668781999&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (1775), with no line terminators
Hash d6453dfbd6192379668da9d6b391690b
f8191dc2ddf9244d6e271c9462bf887247834aae
cddf02a5795285f2a3510a88b38ff2615d4d0f0ea0419d625bb44641ab95d8b7
GET /pagead/viewthroughconversion/1071979603/?random=1668781999058&cv=11&fst=1668781999058&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fwebmail.psdurres.com%2F&tiba=Webmail%20Login&auid=2040827201.1668781999&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 14:33:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 855
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 18-Nov-2022 14:48:20 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d3ba0eba720a8e5904bee6e804873c24
df1f9c79e39f777ab12225af0af60b9f26af6485
76500b32cbac4ad40e3f42c7dfd46832f3854ba88c3a6d5a9d2b5633e8e1f27b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 3aff786b51449bdfd1c167542e42ea75
bb2dd35cc849ab868aab3e31dff6235cfa764633
4e978feb303698a4379a381d021981a6679628f8eac4a8fc1144f81f9aeec21c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/1071979603/?random=1668781999058&cv=11&fst=1668780000000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwebmail.psdurres.com%2F&tiba=Webmail%20Login&fmt=3&is_vtc=1&random=810311586&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/1071979603/?random=1668781999058&cv=11&fst=1668780000000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwebmail.psdurres.com%2F&tiba=Webmail%20Login&fmt=3&is_vtc=1&random=810311586&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1071979603/?random=1668781999058&cv=11&fst=1668780000000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwebmail.psdurres.com%2F&tiba=Webmail%20Login&fmt=3&is_vtc=1&random=810311586&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 14:33:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/1071979603/?random=1668781999058&cv=11&fst=1668780000000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwebmail.psdurres.com%2F&tiba=Webmail%20Login&fmt=3&is_vtc=1&random=810311586&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1071979603/?random=1668781999058&cv=11&fst=1668780000000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwebmail.psdurres.com%2F&tiba=Webmail%20Login&fmt=3&is_vtc=1&random=810311586&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1071979603/?random=1668781999058&cv=11&fst=1668780000000&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwebmail.psdurres.com%2F&tiba=Webmail%20Login&fmt=3&is_vtc=1&random=810311586&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Nov 2022 14:33:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash c15be7bf1c6987951ddd348d6f6b4db1
9faac1fb81abc8fce6d4ae81777c76b8bc11e9b0
7f1d01e3fc0b69e331fd30326ea8fd9b1e3e06a0a93ae4768e7addd03a121025
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 3aff786b51449bdfd1c167542e42ea75
bb2dd35cc849ab868aab3e31dff6235cfa764633
4e978feb303698a4379a381d021981a6679628f8eac4a8fc1144f81f9aeec21c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 14:33:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18625
Expires: Fri, 18 Nov 2022 19:43:46 GMT
Date: Fri, 18 Nov 2022 14:33:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18625
Expires: Fri, 18 Nov 2022 19:43:46 GMT
Date: Fri, 18 Nov 2022 14:33:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18625
Expires: Fri, 18 Nov 2022 19:43:46 GMT
Date: Fri, 18 Nov 2022 14:33:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18625
Expires: Fri, 18 Nov 2022 19:43:46 GMT
Date: Fri, 18 Nov 2022 14:33:21 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d32fa3866dd741de610a61a93ad893
4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: mhgNSp1_LsVmn00ULm116flMHpnfE6G6JABrJwXH5i4q-isv_W1-Ig==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:34:18 GMT
age: 61143
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: ae092a0a-1709-4497-9f07-0348a28d2491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqZOIEN7oAMFlaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637408c0-5ac595df302a8f1d3703ad8d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:46:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c_SJMaV3uYSUysTSOFV--jQqDUxw-fBp8cXWWUZw9vUjt0d6PsOpxA==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 18:45:44 GMT
age: 71257
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash f4a87b2f5638018e4d57fc730ddb611b
14f37ca8b8815c0596a35e34f4960f146996d11b
b09b3316dc22c8652a816db161039304afa4cf23b1dea5068a82b849a5dece26
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=148900
Date: Fri, 18 Nov 2022 14:33:21 GMT
Etag: "63773095-1d7"
Expires: Sun, 20 Nov 2022 07:55:01 GMT
Last-Modified: Fri, 18 Nov 2022 07:13:25 GMT
Server: ECS (nyb/1D33)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: OrGNjbSm01XbeQ-og1xzQUMgZEjG7rTDFTvg8aTlNBpQe-9xSNgHcw==
Age: 2497
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d16e5ff718353c095d266b080fe547f
fa7c5c9a1d16355859196271f3d13f3850931888
9a94d8eb20cc56d0898b1e2b80c0006ebbef75c15ad94e907050c5be4e19a960
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10349
x-amzn-requestid: fc85e078-a81a-4fed-899e-15249961f59c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7tHGLIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7d-4224d193517794684fcdc0ad;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UK-XD_8EcfPwfLb-QVwfLr8aG-sqVBoUJcbPb5hKAlQS68eOxdgM5g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:03:27 GMT
age: 59394
etag: "fa7c5c9a1d16355859196271f3d13f3850931888"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:50:49 GMT
age: 60152
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38915691-004a-4ae6-a5c6-fd071040ffba.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38915691-004a-4ae6-a5c6-fd071040ffba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4998f097d23ee5f19cae27d5b938e5fc
4369c8ebe61b9944e639bb2731feb51c5a758fe7
5691c66766c9578e9c4aa71240608653821162c668abc63ee40e553ede2450e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38915691-004a-4ae6-a5c6-fd071040ffba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6339
x-amzn-requestid: 0be5dee5-272d-4577-ba55-5cdb7935ea60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-MCExBoAMFz6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa4c-15fd613336aa6fcb165d0b26;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: NYs-Nf0PzWqhXP5nkvanTjhJ6vfwRIU--YD06RFIGPEuwDCu6fvEPg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:52:40 GMT
age: 60041
etag: "4369c8ebe61b9944e639bb2731feb51c5a758fe7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05289172c1455c4134e496c6f4606efd
ce1bb33256b0754f9acc01e7e9f3e5dc85f89244
a8b4411a0310cc376efe2aec7c0830b8d3b63b8827631b0ff43ec092f1f80f82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12065
x-amzn-requestid: 45c97153-71c7-4985-a1ad-fc21a509d153
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K5FyVIAMFtDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-0f9d22dd544a4580570f3089;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dxT2WJB7m5tUhgBn2PwTIN4Zskzm3X7CW-29hl1nCyNPbKt5j6q5iA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:27 GMT
age: 59874
etag: "ce1bb33256b0754f9acc01e7e9f3e5dc85f89244"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
logx.optimizely.com/v1/events
3.222.30.2204 No Content 0 B URL HTTP/1.1 logx.optimizely.com/v1/events
IP 3.222.30.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/events HTTP/1.1
Host: logx.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 739
Origin: http://webmail.psdurres.com
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://webmail.psdurres.com
Access-Control-Expose-Headers: X-Results-Data-Source
Content-Type: text/plain
Date: Fri, 18 Nov 2022 14:33:21 GMT
Server: nginx/1.21.0
Timing-Allow-Origin: *
X-Request-Id: d1357791-77bc-40ca-84c9-21d0628ac663
Connection: keep-alive
static.hotjar.com/c/hotjar-23213.js?sv=7
54.230.111.113200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-23213.js?sv=7
IP 54.230.111.113:0
GET /c/hotjar-23213.js?sv=7 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.psdurres.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Fri, 18 Nov 2022 14:32:52 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
etag: W/bc3fbe445a146e3c4cc863940e12f08f
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PfGt6i_OZ2a5QCkiPr3dGVZ9rhCzJ4MnNg6yFpGQFpWhLcsn66IjYg==
age: 28
X-Firefox-Spdy: h2