Report - birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf

Report Overview

Submitted URL
birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf
IP
66.96.161.132
ASN
#29873 BIZLAND-SD
Submitted
2022-12-03 23:04:02
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.131
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	53 kB	34.120.237.76
greenskymotions.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	19 kB	185.177.94.152
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.4 kB	12 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
birtatsut.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	737 B	16 kB	66.96.161.132
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	968 B	27 kB	142.250.74.35
new.weatherplllatform.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	1.7 kB	91.211.91.114
di4.biz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	558 B	214 B	185.177.92.179
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
www.birtatsut.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.5 kB	93 kB	66.96.161.132
broworker4s.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	830 B	55 kB	212.129.18.219
0.greenskymotions.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	554 B	214 B	185.177.94.152
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	474 B	2.2 kB	142.250.74.106
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.77.40

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-03	medium	new.weatherplllatform.com/pick.js?v=2.11.2	Malware
2022-12-03	medium	greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed18	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-03	medium	di4.biz	Sinkholed

JavaScript (23)

	URL	Size	First Seen	Last Seen
	www.birtatsut.com/wp-content/plugins/akismet/_inc/form.js?ver=4.0.2	700 B	2023-03-07	2024-05-08
Pretty URL www.birtatsut.com/wp-content/plugins/akismet/_inc/form.js?ver=4.0.2 IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:26 Last Seen2024-05-08 11:10:02 Times Seen764 Hash 270f0cd7341bce6c2afacf2682e7690e e9f1f100bb9e59ed8b060040c1695cb635e7a156 0515cbd1f8aee97e1c8e0d1d015ca96c86def13e90d2e73bf813072ccc23d531 Loading...

	greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed18	8.2 kB	2023-03-08	2023-03-08
Pretty URL greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed18 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:38:11 Last Seen2023-03-08 15:38:11 Times Seen1 Hash 77e69eb1b4a62ac9dcf17ff247e5d15b 63db85d613f36d90b3b13769489de6a83b767599 c6d5bebd992c279fcc002ee89019744022ca3c836c73eb01ce4c149451afe650 Loading...

	0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18	8.1 kB	2023-03-08	2023-03-08
Pretty URL 0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:38:11 Last Seen2023-03-08 15:38:11 Times Seen1 Hash 0f2fe2f8c6b6448aa0358b38be7b6a4c 050392f991fbfed3dd4263cbc9966b0d5d6971a8 ff39626a07192854aa440ae2c6e0cad37fb6172b864da22c6674a3335e559019 Loading...

	0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18	3.1 kB	2023-03-07	2024-05-08
Pretty URL 0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-05-08 10:26:48 Times Seen192 Hash 68e280edf3cadafe4af8ccdc8782024d 7467ad11f5f3a21a3a4e0ab8556912db67311d90 3d8d725c431734a47f6dbbce8a3546d9490407d342cfbb48eba2eeddede260aa Loading...

	birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf	102 B	2023-03-07	2024-05-10
Pretty URL birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:19 Last Seen2024-05-10 18:31:36 Times Seen6813 Hash 336b4b067dcb50351d5e2d7c92cf1631 9709109f27eaad0c5a1e50facc142f8f197a11b6 ef2f7f28db32250196ae2c8242611a7f7159c2a539dabd40b82071b1c07561c6 Loading...

	birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf	2.1 kB	2023-03-08	2023-03-08
Pretty URL birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:38:11 Last Seen2023-03-08 15:38:11 Times Seen1 Hash aa0eea81099e28777afa24535fce7e09 4d3be9e4198680f2ec69656abe3a3512252c0f19 0da5d5c7af056f22e78a0347d7e68a9ec98b5f14d187b94a3c8bbb19a4a7686c Loading...

	www.birtatsut.com/wp-includes/js/jquery/jquery.js?ver=1.12.4	97 kB	2023-03-07	2024-05-10
Pretty URL www.birtatsut.com/wp-includes/js/jquery/jquery.js?ver=1.12.4 IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:38 Last Seen2024-05-10 15:13:57 Times Seen5107 Hash 8610f03fe77640dee8c4cc924e060f12 076524186dbbdd4c41afbbd6b260d9e46a095811 fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e Loading...

	www.birtatsut.com/wp-content/themes/twentyfifteen/js/functions.js?ver=20150330	5.9 kB	2023-03-07	2024-02-27
Pretty URL www.birtatsut.com/wp-content/themes/twentyfifteen/js/functions.js?ver=20150330 IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:40:39 Last Seen2024-02-27 19:16:10 Times Seen58 Hash a76b662d0cca75d9012db66d1d2eb7c5 8101e1a3dd00cb4bf99563a749eae1335ecd3f45 5777a9b3fd1b52eaa86f0a4fcffe6e5c37d0c92bf0aca35db4346fa19c250282 Loading...

	www.birtatsut.com/wp-content/themes/twentyfifteen/js/skip-link-focus-fix.js?ver=20141010	727 B	2023-03-07	2024-05-10
Pretty URL www.birtatsut.com/wp-content/themes/twentyfifteen/js/skip-link-focus-fix.js?ver=20141010 IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:36 Last Seen2024-05-10 06:16:12 Times Seen398 Hash d774bf15e2e23e3a7bbb9afa92f4f0b6 9a82aa3fa1c6f0c921311b7fffe7626ffdd6bbfe c99b9b0e6f18e2095f1552d926fbb566e5cd18b3867672d84689ca97a69b9479 Loading...

	new.weatherplllatform.com/pick.js?v=2.11.2	2.3 kB	2023-03-08	2023-03-11
Pretty URL new.weatherplllatform.com/pick.js?v=2.11.2 IP 91.211.91.114 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:46 Last Seen2023-03-11 23:34:29 Times Seen1 Hash b44eea14204182e61452dea83f5896b8 0142488636ef1fe4ada476225e58147babd9fa63 af8b20e40e19ff4a8c23e6d714c04934c802e83dd397f79795aa5a3b684f8b7f Loading...

	0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18	29 kB	2023-03-07	2024-05-08
Pretty URL 0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-05-08 10:26:48 Times Seen189 Hash ae7f0f1874bd3e9a6a0e9736f3307398 f9ea5e0bc3f3f8039b7d2835e9d8aa775621b9d3 cf8229ead2362ab9f5b9f608b9eb668414a21aca7c9bcc0c90b138415abf72cf Loading...

	birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf	195 B	2023-03-08	2023-03-08
Pretty URL birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:38:11 Last Seen2023-03-08 15:38:11 Times Seen1 Hash 1000883f8aa707e64f123e7914a19a79 f15b2af22051f5f66df784c8910f0ed372d07fca 9ca4b6797ffb8bd58e512f04ae06be778727c03bbc91c7fcd16bf2df5e42ef0f Loading...

	birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf	227 B	2023-03-08	2023-03-08
Pretty URL birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:38:11 Last Seen2023-03-08 15:38:11 Times Seen1 Hash 95d78283d9679391728caf5d0bb0758b ec9b82e8c7edf2c7419333aa35edd120fffd90d4 c9161fef8fa0b9d1ca72d406cef83db9494fd320b243ae8cef4cfa676ef4f58a Loading...

	www.birtatsut.com/wp-includes/js/wp-embed.min.js?ver=4.9.3	1.4 kB	2023-03-07	2024-05-10
Pretty URL www.birtatsut.com/wp-includes/js/wp-embed.min.js?ver=4.9.3 IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:47 Last Seen2024-05-10 12:17:19 Times Seen4241 Hash 5a03f97cc479b9f5d7efdaccec31bc17 54518be91b7c5d4b139e032d23ffae568cc7e9fd dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0 Loading...

	away.cdnbestplatform.com/go.php?id=3245467-34-56736-11	216 B	2023-03-08	2023-03-11
Pretty URL away.cdnbestplatform.com/go.php?id=3245467-34-56736-11 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:15:09 Last Seen2023-03-11 23:34:29 Times Seen1 Hash a89dcc3acfcde395d237fc0be94fc5e0 9ace2b92a2ad3eb7c24f7082f8097d8e73994881 7e08cedf0cb250ea632f78ae8a5948755682d28cdda6a42b38347cfc03803238 Loading...

	0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18	203 B	2023-03-07	2024-05-08
Pretty URL 0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-05-08 10:26:48 Times Seen189 Hash c4824c2a16d2c8bb70469ed7b8508f34 783dcaa37fcdd311197de60f0c55ab5367be4fe2 f97308b8745f77dc6b279dafa3f98d4e64de2f494681e452a477afaa13b4d1fb Loading...

	www.birtatsut.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1	13 kB	2023-03-08	2023-03-12
Pretty URL www.birtatsut.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:38:11 Last Seen2023-03-12 22:36:12 Times Seen1 Hash c48f0d9aed7a50731e634a2a36b2d0c6 7be9efa9af38819c298c20c078dec09cae445dda ff0112d460acd0976c215170a0523b619c4f6876579c707918af084a6e68b4b5 Loading...

	www.birtatsut.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.3	12 kB	2023-03-07	2024-05-10
Pretty URL www.birtatsut.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.3 IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:03 Last Seen2024-05-10 12:17:20 Times Seen763 Hash a7c259ac67b3b4002dc8ac4a09765b9d 95a56d0d0fa8b38105324ddeae45afb36d19f1b9 3d8e94fed6cc8ea56ee5ec6174efb68cb7197d2e729149cb43e85505bf175779 Loading...

	www.birtatsut.com/wp-includes/js/comment-reply.min.js?ver=4.9.3	1.1 kB	2023-03-07	2024-05-08
Pretty URL www.birtatsut.com/wp-includes/js/comment-reply.min.js?ver=4.9.3 IP 66.96.161.132 ASN #29873 BIZLAND-SD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:43:40 Last Seen2024-05-08 11:10:01 Times Seen771 Hash 56bc2726d829207bfa802f957aac0791 5bf5c0a61359d8784c950b059e013aceea0d42f1 1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30 Loading...

	0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18	705 B	2023-03-07	2023-04-05
Pretty URL 0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2023-04-05 02:03:39 Times Seen49 Hash dd81871bef578a008b6d389ca0d1a234 31f4851126c5708430334e0b3b5674d7b22f1c2d f4805b1fa2c14f4bfb52cbfcdbd03a7ff3ace4aac7dc2466f0501d5cdfd19954 Loading...

		Size	First Seen	Last Seen
	#1 Eval - e1a46f227243babce1b50a0f4ce963f7	8.0 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 15:38:11 Last Seen2023-03-08 15:38:11 Times Seen1 Hash e1a46f227243babce1b50a0f4ce963f7 5a93c741cfe4e640a042ee4e8c2ef1f5bab4c36a beebea16dbb7808f8448439fd687ab544afbb24442e8c94703c22d52867874d8 Loading...

	#2 Eval - ea1fb3fd4eec192e2be1d770d5e5060b	659 B	2023-03-08	2023-11-23
Pretty Observations First Seen2023-03-08 14:46:04 Last Seen2023-11-23 06:38:27 Times Seen12 Hash ea1fb3fd4eec192e2be1d770d5e5060b a3cec8c0f3893338c9d3d7a76729298326a53f97 b1eae98e01697b0c0e7642f840e514de361f43f7f74ec06a47470da1ee76c7b7 Loading...

	#3 Eval - 58add4be0005389a523760eecc5d72be	8.1 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 15:38:11 Last Seen2023-03-08 15:38:11 Times Seen1 Hash 58add4be0005389a523760eecc5d72be 783b8437f2d959a37e09bf476cd54d14c6a435d0 a9be10e3a5a60c049f5eeff0952c289a5e5b08865c5075d3df511de098fe9277 Loading...

HTTP Transactions (53)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8975
Expires: Sun, 04 Dec 2022 01:33:26 GMT
Date: Sat, 03 Dec 2022 23:03:51 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3115
Cache-Control: max-age=130756
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:03:51 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 11:23:07 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 22:18:18 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2733
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14581
Expires: Sun, 04 Dec 2022 03:06:52 GMT
Date: Sat, 03 Dec 2022 23:03:51 GMT
Connection: keep-alive

birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf

66.96.161.132

200 OK

15 kB

URL HTTP/1.1
birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (25856)
Size
15 kB (15104 bytes)
Hash
451ce19474015f8062d7d512f3fc1fea
3acd950a1ac335dd6785197a96e0c689fece3203
f28bec1b68d9b80ba4c02233939af69e116a332f30f90f4b278b23be940715fe

HTTP Headers

GET /xvu/corrosion-experiment-weight-loss-method-pdf HTTP/1.1
Host: birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 15104
Connection: keep-alive
Server: Apache/2
X-Powered-By: PHP/7.4.10
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Generated: t=1670108631290146
X-Endurance-Cache-Level: 2
Age: 0

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: C2XNSHj0pJTSFzOg8EmRHC7pbTEND5LNPwaQdfnROXRz6Ogv8KRk171ZW/lp0pu91Kfh5DYecEY=
x-amz-request-id: CKSWQTC4Y4BVWFZQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 22:47:18 GMT
age: 993
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 23:03:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:03:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Noto+Sans%3A400italic%2C700italic%2C400%2C700%7CInconsolata%3A400%2C700&subset=latin%2Clatin-ext

142.250.74.106

200 OK

1.5 kB

URL HTTP/2
fonts.googleapis.com/css?family=Noto+Sans%3A400italic%2C700italic%2C400%2C700%7CInconsolata%3A400%2C700&subset=latin%2Clatin-ext
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
1.5 kB (1450 bytes)
Hash
be4c0493c6026539d521e8870cecade1
6da5c22d1fde60b3236412327ea906a333bfd0cc
9ce33649fbfea6cccf7ebffb27a97c596e9b7da49fd42c9d027875e4c49db7c8

HTTP Headers

GET /css?family=Noto+Sans%3A400italic%2C700italic%2C400%2C700%7CInconsolata%3A400%2C700&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 23:03:51 GMT
date: Sat, 03 Dec 2022 23:03:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22d149ac0bf8a3fc3db08d4f340968f6
f20aa28aad50f15b4ada303bb91da37038432d20
14cef64d187e633f12c2a60dad1904e93d05c42e999ee9e4de64addcef8ca94b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "14CEF64D187E633F12C2A60DAD1904E93D05C42E999EE9E4DE64ADDCEF8CA94B"
Last-Modified: Sat, 03 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21562
Expires: Sun, 04 Dec 2022 05:03:14 GMT
Date: Sat, 03 Dec 2022 23:03:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
abda293c675b70a2f21eaedfb76d1436
8c6ff652afb6371e0cb9ed63387b91ac791b4d27
ff6ba1f3243db565be9a5245577d9d5e3aee1c23bffb731245f6674e132f3f62

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF6BA1F3243DB565BE9A5245577D9D5E3AEE1C23BFFB731245F6674E132F3F62"
Last-Modified: Fri, 02 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21542
Expires: Sun, 04 Dec 2022 05:02:54 GMT
Date: Sat, 03 Dec 2022 23:03:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22d149ac0bf8a3fc3db08d4f340968f6
f20aa28aad50f15b4ada303bb91da37038432d20
14cef64d187e633f12c2a60dad1904e93d05c42e999ee9e4de64addcef8ca94b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "14CEF64D187E633F12C2A60DAD1904E93D05C42E999EE9E4DE64ADDCEF8CA94B"
Last-Modified: Sat, 03 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 04 Dec 2022 05:03:52 GMT
Date: Sat, 03 Dec 2022 23:03:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22d149ac0bf8a3fc3db08d4f340968f6
f20aa28aad50f15b4ada303bb91da37038432d20
14cef64d187e633f12c2a60dad1904e93d05c42e999ee9e4de64addcef8ca94b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "14CEF64D187E633F12C2A60DAD1904E93D05C42E999EE9E4DE64ADDCEF8CA94B"
Last-Modified: Sat, 03 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21520
Expires: Sun, 04 Dec 2022 05:02:32 GMT
Date: Sat, 03 Dec 2022 23:03:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22d149ac0bf8a3fc3db08d4f340968f6
f20aa28aad50f15b4ada303bb91da37038432d20
14cef64d187e633f12c2a60dad1904e93d05c42e999ee9e4de64addcef8ca94b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "14CEF64D187E633F12C2A60DAD1904E93D05C42E999EE9E4DE64ADDCEF8CA94B"
Last-Modified: Sat, 03 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21583
Expires: Sun, 04 Dec 2022 05:03:35 GMT
Date: Sat, 03 Dec 2022 23:03:52 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 22:08:58 GMT
cache-control: public,max-age=3600
age: 3294
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www.birtatsut.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

66.96.161.132

200 OK

4.6 kB

URL HTTP/1.1
www.birtatsut.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text, with very long lines (9959)
Size
4.6 kB (4621 bytes)
Hash
778312051cdf3c25c9d5e8d12945b8d8
74e988f60bb50d8bfdc547c4397a684947da76af
5cf6f6e5000a92a94cb832c73ef8f511b103ccce79d56029cd5be5f27fc34416

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: application/x-javascript
Content-Length: 4621
Connection: keep-alive
Server: Apache/2
Last-Modified: Wed, 26 Oct 2022 00:15:32 GMT
ETag: "3134-5ebe4ec43877b-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=10800
Expires: Sun, 04 Dec 2022 02:03:52 GMT
X-Generated: t=1670108632103242
X-Endurance-Cache-Level: 2
Age: 0

www.birtatsut.com/wp-content/themes/twentyfifteen/js/skip-link-focus-fix.js?ver=20141010

66.96.161.132

200 OK

445 B

URL HTTP/1.1
www.birtatsut.com/wp-content/themes/twentyfifteen/js/skip-link-focus-fix.js?ver=20141010
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text
Size
445 B (445 bytes)
Hash
e0ba9e2214f9bd5260223ed05a3f7b3e
64fcba18103bb87a27ed50447f675fbc19ebdf08
e364f0ec3f498066567784e4936e5e01a241199b87aaf0ddfef9bbae87ef8cb0

HTTP Headers

GET /wp-content/themes/twentyfifteen/js/skip-link-focus-fix.js?ver=20141010 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: application/x-javascript
Content-Length: 445
Connection: keep-alive
Server: Apache/2
Last-Modified: Wed, 15 Oct 2014 05:49:20 GMT
ETag: "2d7-5056fb1707800-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=10800
Expires: Sun, 04 Dec 2022 02:03:52 GMT
X-Generated: t=1670108632109614
X-Endurance-Cache-Level: 2
Age: 0

www.birtatsut.com/wp-content/themes/twentyfifteen/style.css?ver=4.9.3

66.96.161.132

200 OK

14 kB

URL HTTP/1.1
www.birtatsut.com/wp-content/themes/twentyfifteen/style.css?ver=4.9.3
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text, with very long lines (403)
Size
14 kB (14097 bytes)
Hash
9eab0b0c450ff10ee1aa5e6fd777fd3d
3a85639848e740370223edf29dad277729859ce7
44ae31d32b135b32cde54049099b00202e043c39c18c12b3039bfe2d03f41b0f

HTTP Headers

GET /wp-content/themes/twentyfifteen/style.css?ver=4.9.3 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: text/css
Content-Length: 14097
Connection: keep-alive
Server: Apache/2
Last-Modified: Wed, 01 Nov 2017 22:43:48 GMT
ETag: "17e24-55cf39ad4d100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=21600
Expires: Sun, 04 Dec 2022 05:03:52 GMT
X-Generated: t=1670108632106180
X-Endurance-Cache-Level: 2
Age: 0

www.birtatsut.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.3

66.96.161.132

200 OK

4.2 kB

URL HTTP/1.1
www.birtatsut.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.3
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text, with very long lines (8813)
Size
4.2 kB (4211 bytes)
Hash
4239951e4c33743d03224b6ec12aeb21
e160d4fafdda0b50982eac8104a1111e7278881e
8af6aac97e8ee0b46954cb8c3ff1cf4176b4716d7f973f63d15a9e9b7c427c22

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.3 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: application/x-javascript
Content-Length: 4211
Connection: keep-alive
Server: Apache/2
Last-Modified: Mon, 05 Feb 2018 22:16:43 GMT
ETag: "2dc9-5647e6abe4544-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=10800
Expires: Sun, 04 Dec 2022 02:03:52 GMT
X-Generated: t=1670108632123532
X-Endurance-Cache-Level: 2
Age: 0

www.birtatsut.com/wp-includes/js/comment-reply.min.js?ver=4.9.3

66.96.161.132

200 OK

589 B

URL HTTP/1.1
www.birtatsut.com/wp-includes/js/comment-reply.min.js?ver=4.9.3
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text, with very long lines (1078), with no line terminators
Size
589 B (589 bytes)
Hash
758a8d85f5e231ed27925940ff07a66e
d2474fc7829e253cc08a43bec5a60f07bd925d12
f2233a526acca18657a60b6071f85fcdd69273253fb32632baed2bad08212436

HTTP Headers

GET /wp-includes/js/comment-reply.min.js?ver=4.9.3 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: application/x-javascript
Content-Length: 589
Connection: keep-alive
Server: Apache/2
Last-Modified: Wed, 18 Nov 2015 19:15:28 GMT
ETag: "436-524d577143400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=10800
Expires: Sun, 04 Dec 2022 02:03:52 GMT
X-Generated: t=1670108632213821
X-Endurance-Cache-Level: 2
Age: 0

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3128
Cache-Control: max-age=125707
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:03:52 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 09:58:59 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

www.birtatsut.com/wp-includes/js/jquery/jquery.js?ver=1.12.4

66.96.161.132

200 OK

34 kB

URL HTTP/1.1
www.birtatsut.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text, with very long lines (32077)
Size
34 kB (33766 bytes)
Hash
d417f4d673009b01654915bbf1f4f872
f432ea8e89e5f4ef50e506019899e539a068f415
24560d81ded58e8befabf32ff51f5b6ae6f21eead0a5f87c255e3b47b988d1cc

HTTP Headers

GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: application/x-javascript
Content-Length: 33766
Connection: keep-alive
Server: Apache/2
Last-Modified: Mon, 23 May 2016 09:00:30 GMT
ETag: "17ba0-5337eac1c8780-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=10800
Expires: Sun, 04 Dec 2022 02:03:52 GMT
X-Generated: t=1670108632103679
X-Endurance-Cache-Level: 2
Age: 0

www.birtatsut.com/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1

66.96.161.132

200 OK

16 kB

URL HTTP/1.1
www.birtatsut.com/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text, with very long lines (18732)
Size
16 kB (16441 bytes)
Hash
dd0f53262702f111ddf86f20d1f605d1
a073021fe1aed82f104e7da84fa70bf8815a7d2b
7292e6d1bfe7ed6ee6bb7e9d5cd0483dae1d629955f6efae5c431e928422d1a4

HTTP Headers

GET /wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: text/css
Content-Length: 16441
Connection: keep-alive
Server: Apache/2
Last-Modified: Tue, 16 Jan 2018 18:37:03 GMT
ETag: "6e6a-562e90460ed02-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=21600
Expires: Sun, 04 Dec 2022 05:03:52 GMT
X-Generated: t=1670108632109339
X-Endurance-Cache-Level: 2
Age: 0

www.birtatsut.com/wp-includes/js/wp-embed.min.js?ver=4.9.3

66.96.161.132

200 OK

751 B

URL HTTP/1.1
www.birtatsut.com/wp-includes/js/wp-embed.min.js?ver=4.9.3
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text, with very long lines (1398), with no line terminators
Size
751 B (751 bytes)
Hash
7542039ce963ffd18ad4fb7be13bd2be
8385e433e8e65739fc27b6bd16b1a7ae71b11084
a70bca1336a4ac7592ce631cbb22c9ebb01d60461d221ac7a46f91a4ccfd1255

HTTP Headers

GET /wp-includes/js/wp-embed.min.js?ver=4.9.3 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: application/x-javascript
Content-Length: 751
Connection: keep-alive
Server: Apache/2
Last-Modified: Wed, 23 Nov 2016 13:38:34 GMT
ETag: "576-541f8015b2a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=10800
Expires: Sun, 04 Dec 2022 02:03:52 GMT
X-Generated: t=1670108632235369
X-Endurance-Cache-Level: 2
Age: 0

www.birtatsut.com/wp-content/themes/twentyfifteen/js/functions.js?ver=20150330

66.96.161.132

200 OK

1.9 kB

URL HTTP/1.1
www.birtatsut.com/wp-content/themes/twentyfifteen/js/functions.js?ver=20150330
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text
Size
1.9 kB (1858 bytes)
Hash
fa57059efb6fb51cb9f73b8edaacea5e
fce3fdf37ed32d7ecff2a6e51190b3d03db3e8ed
0831fea53dbd01fd918ffdfb55b55a0afd39ecd4afb76faae56eba01420914bc

HTTP Headers

GET /wp-content/themes/twentyfifteen/js/functions.js?ver=20150330 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: application/x-javascript
Content-Length: 1858
Connection: keep-alive
Server: Apache/2
Last-Modified: Tue, 15 Mar 2016 21:33:28 GMT
ETag: "1720-52e1d25e13a00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=10800
Expires: Sun, 04 Dec 2022 02:03:52 GMT
X-Generated: t=1670108632249946
X-Endurance-Cache-Level: 2
Age: 0

www.birtatsut.com/wp-content/plugins/akismet/_inc/form.js?ver=4.0.2

66.96.161.132

200 OK

318 B

URL HTTP/1.1
www.birtatsut.com/wp-content/plugins/akismet/_inc/form.js?ver=4.0.2
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
ASCII text
Size
318 B (318 bytes)
Hash
9981fd8493ac6b5c99634815c9aef030
15e922eda1c62a37bce0aea182535530889a044e
66780daa2edc073e9067f4b12f75d41c58bea33d1455d788b72b0e1853cca132

HTTP Headers

GET /wp-content/plugins/akismet/_inc/form.js?ver=4.0.2 HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: application/x-javascript
Content-Length: 318
Connection: keep-alive
Server: Apache/2
Last-Modified: Fri, 05 Jan 2018 07:32:03 GMT
ETag: "2bc-5620271db6bc5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=10800
Expires: Sun, 04 Dec 2022 02:03:52 GMT
X-Generated: t=1670108632253298
X-Endurance-Cache-Level: 2
Age: 0

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:03:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:03:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2

142.250.74.35

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12684, version 1.0\012- data
Size
13 kB (12684 bytes)
Hash
0c235386bcf6af06f67e6c89fd19e434
10720574d4609322023984a761f32f9518c07bc4
c1c30918a861cb6a985ab55d54ad7e861682354197f164cb3b7194f20eed67ac

HTTP Headers

GET /s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://birtatsut.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12684
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 15:42:35 GMT
expires: Wed, 29 Nov 2023 15:42:35 GMT
cache-control: public, max-age=31536000
age: 372077
last-modified: Mon, 09 May 2022 18:28:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2

142.250.74.35

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12860, version 1.0\012- data
Size
13 kB (12860 bytes)
Hash
ab21c24efd75543e16e34807ebc6cdec
eb2562f9729079333fbcbbe94868695669dd3301
88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265

HTTP Headers

GET /s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://birtatsut.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 15:42:34 GMT
expires: Wed, 29 Nov 2023 15:42:34 GMT
cache-control: public, max-age=31536000
age: 372078
last-modified: Mon, 09 May 2022 18:27:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.birtatsut.com/wp-content/uploads/2018/01/cropped-birtat-sut-logo.jpg

66.96.161.132

200 OK

11 kB

URL HTTP/1.1
www.birtatsut.com/wp-content/uploads/2018/01/cropped-birtat-sut-logo.jpg
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 248x248, components 3\012- data
Size
11 kB (11408 bytes)
Hash
f7fd2e98a80b14f7739f40129f5fc55b
34050ff3b36413cd7ca516d422d6c97b33acf0c1
c8a9ee79fd26f3fad01030b55bdf8a97aac4aaea1771165dfa5b1d0a2c040ee8

HTTP Headers

GET /wp-content/uploads/2018/01/cropped-birtat-sut-logo.jpg HTTP/1.1
Host: www.birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: image/jpeg
Content-Length: 11408
Connection: keep-alive
Server: Apache/2
Last-Modified: Fri, 05 Jan 2018 10:05:08 GMT
ETag: "2c90-56204955d8b43"
Accept-Ranges: bytes
Cache-Control: max-age=21600
Expires: Sun, 04 Dec 2022 05:03:52 GMT
Vary: User-Agent
X-Generated: t=1670108632355923
X-Endurance-Cache-Level: 2
Age: 0

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 23:03:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

54.148.77.40

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.77.40:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LU6MYkS/c3rle3A95IhWqw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nSFi+yExtU5Ve+47MJXWJBn4MtI=

birtatsut.com/favicon.ico

66.96.161.132

200 OK

0 B

URL HTTP/1.1
birtatsut.com/favicon.ico
IP
66.96.161.132:0
ASN
#29873 BIZLAND-SD

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: birtatsut.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://birtatsut.com/xvu/corrosion-experiment-weight-loss-method-pdf

HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 23:03:52 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: Apache/2
Cache-Control: max-age=86400
Age: 21158

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10074
Expires: Sun, 04 Dec 2022 01:51:47 GMT
Date: Sat, 03 Dec 2022 23:03:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10074
Expires: Sun, 04 Dec 2022 01:51:47 GMT
Date: Sat, 03 Dec 2022 23:03:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10074
Expires: Sun, 04 Dec 2022 01:51:47 GMT
Date: Sat, 03 Dec 2022 23:03:53 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7503 bytes)
Hash
c1a6f4805f59db44f9d3520d88701a58
6a0258e8c97ce09f1723382c8a16d9682b7dc50c
ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:16:04 GMT
age: 56869
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff60056a5-9ac8-4274-9b3c-814f69985fdf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4377 bytes)
Hash
1bdd9e42d71307b201929c3a38c745c6
8d3a7f830e57e936a1da8a001f3e78108b20c038
6e1063a755d64c8102867cd9b347eb83fca2c69af558f111abc46f523a8294da

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff60056a5-9ac8-4274-9b3c-814f69985fdf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4377
x-amzn-requestid: 33abcd00-02ec-47ba-9302-312453291913
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb29cG53IAMFkGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d1ef-317a802f0f84d73949236b9f;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:58:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I6rq82k7xO6aUJRsx-cb9j-_qk4p9L1WmMIoYyxAxXq6LQ1FlF_kdA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:56:23 GMT
age: 54450
etag: "8d3a7f830e57e936a1da8a001f3e78108b20c038"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16143 bytes)
Hash
14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:26:43 GMT
age: 56230
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30995615-b061-49b7-a1e1-1d39f60e42a2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7454 bytes)
Hash
f76ad58139e6d5bf4402d442ed662f3c
0100b4fdd66d254d48395da715dfd6d760ae6cf6
1c1199744e75a69f9eedfec6ecdcc11e67b735f66fc50c8a0c2d60c40920532c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30995615-b061-49b7-a1e1-1d39f60e42a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7454
x-amzn-requestid: b8250832-ecd8-499b-b292-5110afe2cd84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltkWEMroAMFatw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2e8-6d91fc504703cdd5128e5746;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: goB4ZvabzzX-P9dBf2Zl0g85FkbvKgHEb0S_K78yJwvnTSEX0mx2Qw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 23:00:32 GMT
age: 201
etag: "0100b4fdd66d254d48395da715dfd6d760ae6cf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ef13a87-7179-4643-9f9e-199878f42764.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6344 bytes)
Hash
69411fa7c0f94e7179c2cf84b716e427
188edc080e8a683c3fdc2968ee1e6aae114d75d2
713514c9afaa1953e3387aa1d1b6203fe6387e007f9fb5347558b77dd72425e9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ef13a87-7179-4643-9f9e-199878f42764.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: 1c11b153-5494-4656-ad96-33bc541f93f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgaEAGmooAMFwlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a3b3-1984a9194065807d36f29532;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:05:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xNjdYH9Rb0Sunnv8GTfNikc6WvQogmZP0qUM8BmhGe4h8ETPaZDH9w==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:16:04 GMT
age: 56869
etag: "188edc080e8a683c3fdc2968ee1e6aae114d75d2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5b41d2b-ab64-4a18-814e-d348d7921eca.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4782 bytes)
Hash
6b0065d160e7dbd17cf58f2c837b45a7
0ebefb37db37dcbf1ad421ab0cac2cccdcd83a2f
833c0a39ed1d9dcfa4a22f201d06d085e5131121810e98d5e79dd6f84e8fe436

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5b41d2b-ab64-4a18-814e-d348d7921eca.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4782
x-amzn-requestid: 98b5d5ca-7590-4756-9b92-3fb327ecc97b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsANG8koAMF_Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-546b61a82a8b952f664346b9;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ncXSPf1et6vSgEBmWwY_PperGXmgJGEx0hlLr0lhN6XHi0RLRr6WCA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:05 GMT
age: 4608
etag: "0ebefb37db37dcbf1ad421ab0cac2cccdcd83a2f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

new.weatherplllatform.com/pick.js?v=2.11.2

91.211.91.114

200 OK

1.4 kB

URL HTTP/2
new.weatherplllatform.com/pick.js?v=2.11.2
IP
91.211.91.114:0
ASN
#206638 PE Brezhnev Daniil

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2337), with CRLF line terminators
Size
1.4 kB (1385 bytes)
Hash
ccb218004705cc29a752489e7b154778
9b2e6ffd765b8eaa72b4fcbe7110d53f1a3ded9c
fea5e79f9acac2666bf947bc1c40992dccb3939f413661dd91129988516e85df

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /pick.js?v=2.11.2 HTTP/1.1
Host: new.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://birtatsut.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 23:03:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 27 Oct 2022 17:28:29 GMT
vary: Accept-Encoding
etag: W/"635abfbd-921"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c6023b145490ceb400e224f346425fbe
05368f219ad97d65de8ca6ded2d47b7c94eb684f
47feaf856cdf0f35f82edb63e36145f93fceacb736506e15c9d4654a8bbf5c58

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47FEAF856CDF0F35F82EDB63E36145F93FCEACB736506E15C9D4654A8BBF5C58"
Last-Modified: Thu, 01 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11671
Expires: Sun, 04 Dec 2022 02:18:25 GMT
Date: Sat, 03 Dec 2022 23:03:54 GMT
Connection: keep-alive

greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed18

185.177.94.152

200 OK

18 kB

URL HTTP/2
greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed18
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7734)
Size
18 kB (18237 bytes)
Hash
a2736339a4833cc562fa684056b8e343
7afba8cfeb224a04cbfe70fdebdbf8444b176d55
c834a54660ff72e12b6dbffd70309659d8ea5b74c9525c3261d0edf4e62e4c3a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed18 HTTP/1.1
Host: greenskymotions.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.cdnbestplatform.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 23:03:54 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=928d8e54-f841-4b2b-b60b-8e9e780ae4c3; expires=Mon, 02-Jan-2023 23:03:54 GMT; Max-Age=2592000; path=/; domain=greenskymotions.net
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

greenskymotions.net/favicon.ico

185.177.94.152

204 No Content

0 B

URL HTTP/2
greenskymotions.net/favicon.ico
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: greenskymotions.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed18
Cookie: uuid=928d8e54-f841-4b2b-b60b-8e9e780ae4c3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 23:03:55 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ec6250b75b2cd4542131fb86b4fd0ff7
c8090ccaab39c0cd7c5fdce4d8ce37d3294fef15
e6fef94bb48da714d8b7b376f9914bb1989379058b09baa175b1194f6311ac47

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6FEF94BB48DA714D8B7B376F9914BB1989379058B09BAA175B1194F6311AC47"
Last-Modified: Fri, 02 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3406
Expires: Sun, 04 Dec 2022 00:00:41 GMT
Date: Sat, 03 Dec 2022 23:03:55 GMT
Connection: keep-alive

broworker4s.com/sw/bro.js

212.129.18.219

200 OK

55 kB

URL HTTP/2
broworker4s.com/sw/bro.js
IP
212.129.18.219:0
ASN
#12876 Online S.a.s.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334)
Size
55 kB (54569 bytes)
Hash
fc153d776f101ca17c8a3843d67a10df
a0783a29844240b4c7fde8c4e53995db19c31ead
a79aa86bd60547987db4e7ba5f488162b391bebce21df40cacc12493d5c9949a

HTTP Headers

GET /sw/bro.js HTTP/1.1
Host: broworker4s.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 23:03:55 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Dec 2023 23:03:55 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

0.greenskymotions.net/favicon.ico

185.177.94.152

204 No Content

0 B

URL HTTP/2
0.greenskymotions.net/favicon.ico
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 0.greenskymotions.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.greenskymotions.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed18
Cookie: uuid=928d8e54-f841-4b2b-b60b-8e9e780ae4c3; uuid=928d8e54-f841-4b2b-b60b-8e9e780ae4c3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 23:03:56 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9c55875d8dd29368d02fc1247585a53a
e7150a6b965ede7d949e27897f237377408b4b2f
fddaf1af56a15aff74402d16dc3a9146a9bb7ac93f07a4cb7127a7f205a302d4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FDDAF1AF56A15AFF74402D16DC3A9146A9BB7AC93F07A4CB7127A7F205A302D4"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2487
Expires: Sat, 03 Dec 2022 23:45:24 GMT
Date: Sat, 03 Dec 2022 23:03:57 GMT
Connection: keep-alive

di4.biz/favicon.ico

185.177.92.179

204 No Content

0 B

URL HTTP/2
di4.biz/favicon.ico
IP
185.177.92.179:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: di4.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://di4.biz/?auf=haytemzrmi5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrxgaytaobwgm3a&p=b&sub1=&sub2=dfastspeed18&sub3=&sub4=&cpc=0&cpm=0
Cookie: uuid=c86dc69e-41a0-463f-8a49-812f5638519f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 03 Dec 2022 23:03:57 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

broworker4s.com/sw/bro.js

212.129.18.219

200 OK

0 B

URL HTTP/2
broworker4s.com/sw/bro.js
IP
212.129.18.219:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw/bro.js HTTP/1.1
Host: broworker4s.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.greenskymotions.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 23:03:57 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Dec 2023 23:03:57 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations