r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12225
Expires: Fri, 03 Feb 2023 22:56:08 GMT
Date: Fri, 03 Feb 2023 19:32:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6853
Expires: Fri, 03 Feb 2023 21:26:36 GMT
Date: Fri, 03 Feb 2023 19:32:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 18:43:35 GMT
content-type: application/json
age: 2928
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6040
Expires: Fri, 03 Feb 2023 21:13:03 GMT
Date: Fri, 03 Feb 2023 19:32:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Y/uhgyxLLgBmKc8g6cppjFeXFxFfVpTp1wdUrO/97VHQUw7adA3roG4uHQyjvgCRllCEwTfA+70=
x-amz-request-id: BC5XV6WASYJZ311R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 18:52:31 GMT
age: 2392
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
iwinclublink.app/blues
188.114.96.1301 Moved Permanently 162 B IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /blues HTTP/1.1
Host: iwinclublink.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 03 Feb 2023 19:32:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://iwinclublink.app/blues
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zwuqM9yRYdm4TVSyNgHxt%2FyyABd5tXuk%2Bq%2FIxf7FM%2Br3KXlfMJmGgzLru%2B0VhawLFjUlVHRiceGA7LRa%2FALS%2FsGjpqWdzthcvja9gMwoKoWrfFuVMQQakpUzKYw40Gw40Zei"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793d979d48540b51-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 19:32:23 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/E7xVTFJJy6k
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/E7xVTFJJy6k
IP 142.250.74.131:0
Hash f8e93a8b203a6a00a73179d35605fecc
aa15f5a37d463345a67eba0968098fb81e866d5a
2aa078a7b1cf9e52ec6b19e907995d4ba8fd294b92e742db78cff834bb2c4562
POST /s/gts1p5/E7xVTFJJy6k HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 19:07:19 GMT
age: 1504
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5630
Expires: Fri, 03 Feb 2023 21:06:14 GMT
Date: Fri, 03 Feb 2023 19:32:24 GMT
Connection: keep-alive
push.services.mozilla.com/
52.37.106.154101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.37.106.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: B0fW50K/XivzZVQF9hKRQw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YUNQXUsXJERJjO9mVZf77SkU4YQ=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11432
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 19:32:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11432
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 19:32:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11432
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 19:32:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11432
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 19:32:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11432
Expires: Fri, 03 Feb 2023 22:42:56 GMT
Date: Fri, 03 Feb 2023 19:32:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:49 GMT
age: 77675
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b7r7phj8i49RMSuWufxF1L34K9udWa0mJ4dY12izM9ofwAuCFBGEZQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 78263
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e706db8a6107758a148463e916f2532d
4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81
673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6791
x-amzn-requestid: 665115ea-728e-4a55-aaf8-b09db3fa67a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffl96FIzIAMFYGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61d25-0abbd7262ca10b7a7d2bf9eb;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:15:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPgaBSGyLJQnN0ofVRFniW2LqzgKVWchSKYSjYCmuPtpL9Ner81ARQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:14:03 GMT
age: 76701
etag: "4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTZJAn0LMAfFtaQ2bN8z58cCsUT5GzxDMnHVB_iw9E_NskHQ-BgbRQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:19:26 GMT
age: 84437
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 78263
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:59:54 GMT
age: 77550
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/E7xVTFJJy6k
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/E7xVTFJJy6k
IP 142.250.74.131:0
Hash f8e93a8b203a6a00a73179d35605fecc
aa15f5a37d463345a67eba0968098fb81e866d5a
2aa078a7b1cf9e52ec6b19e907995d4ba8fd294b92e742db78cff834bb2c4562
POST /s/gts1p5/E7xVTFJJy6k HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 627 B IP 142.250.74.131:0
Hash a94879c37987065828a86959cee9b032
5a75e0f05c8679a12f1d5bd283a28d886930ccf0
566aef7bc321a29a093ce8db2aa52bf36d33ecd373f50d22bb956e32e00af6ba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
iwinclublink.app/
188.114.96.1200 OK 26 kB IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6603), with CRLF, LF line terminators
Hash 103f54418729af6c28697d8a2dd2f093
d7a02becda500a6e8da87d50a4dcda4f56cee0a9
0ce1989864e9c22358462fa994f7e97005ab4bf93f40d887e9aa93f075468369
GET / HTTP/1.1
Host: iwinclublink.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: prli_click_11=blues; prli_visitor=63dd6148ca997
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 19:32:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-litespeed-tag: 797_HTTP.200
link: <https://iwinclublink.app/wp-json/>; rel="https://api.w.org/", <https://iwinclublink.app/wp-json/wp/v2/pages/417>; rel="alternate"; type="application/json", <https://iwinclublink.app/>; rel=shortlink
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zn%2FyFpiP%2FCmHS4E%2FUhAKa52DSSeAdzwc9lpWT%2FIrkd2lKHyopL5EZfrd1gFaDrQqC9emH9CQrCjKbL%2FtihKBqQWgJopjfU9jtktIu5DEFY4XJC2tom69ym6NDBnr%2BIUrJIWp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793d97a88ef51c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 2.4 kB IP 142.250.74.131:0
Hash 7de714cc398ac5f53ea56e0d5695acc3
b32c25f93b114650263680ff128ad9c63ea564b5
b51c78b7024af96899d6d880e756246f74d85830d033bbfdddad8019389d846f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-227715810-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-227715810-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash fad70ca297c649cf55c7cf55b94bfa91
95f170cb0eaf054427b783fa37224c8258dfe2ee
544ceaaafbcba6060ab32e0c2300d4a7f54b8c82a20f627b46870af9c062348a
GET /gtag/js?id=UA-227715810-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://iwinclublink.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 Feb 2023 19:32:26 GMT
expires: Fri, 03 Feb 2023 19:32:26 GMT
cache-control: private, max-age=900
last-modified: Fri, 03 Feb 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43914
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-250242785-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-250242785-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash f548b0a6bed6275b3c86e5808e7d8839
e67e480303b5a30984f1b978f235ffbbce5dad45
165d267bc3b2c433ae18b1cfde0e2012817580b2de9c510c9c5e657b2277a984
GET /gtag/js?id=UA-250242785-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://iwinclublink.app/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 Feb 2023 19:32:26 GMT
expires: Fri, 03 Feb 2023 19:32:26 GMT
cache-control: private, max-age=900
last-modified: Fri, 03 Feb 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43887
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash e5ef8e825458c09fd4b9271db84a017f
4dd1cbb734e5ccf48145e70fed1a4ded08978313
e5c22febf809a4856ba5fd82bb20a329ca4a0b9c6689f95f0910a70c1f8679f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:26 GMT
Server: ECS (amb/6BC8)
Content-Length: 280
iwin.fan/wp-content/uploads/2022/08/banner-win79-17082022-joan-800-100.gif
188.114.97.1200 OK 214 kB URL HTTP/2 iwin.fan/wp-content/uploads/2022/08/banner-win79-17082022-joan-800-100.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 800 x 100\012- data
Size 214 kB (213756 bytes)
Hash e65ec66989aa8190c2296e458772dfdd
dd2b651eaf563ccf9a95da52c95913dacecea81a
c8300cfecadf4a8fa497743b4a69fcc5bdcd3eb375ee038566a0014b5b7ba77a
GET /wp-content/uploads/2022/08/banner-win79-17082022-joan-800-100.gif HTTP/1.1
Host: iwin.fan
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://iwinclublink.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 19:32:26 GMT
content-type: image/gif
content-length: 213756
cache-control: public, max-age=604800
expires: Wed, 08 Feb 2023 22:32:45 GMT
last-modified: Wed, 17 Aug 2022 03:16:02 GMT
etag: "342fc-62fc5d72-4d0a0bc0eba78e97;;;"
platform: hostinger
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 161981
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KWZy4u9lnPHdAGu37wxp87LxpQKQlN6DjcCgCogJWJM49hRhfvUzeKuBQKE50I3bXKkKpbRf3QaAZVDOFyvbm3zEqG7qaQ3eEpM4yNg9WKH%2FG42oc%2F7W5PDaFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 793d97b0fe7eb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash e5ef8e825458c09fd4b9271db84a017f
4dd1cbb734e5ccf48145e70fed1a4ded08978313
e5c22febf809a4856ba5fd82bb20a329ca4a0b9c6689f95f0910a70c1f8679f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:26 GMT
Last-Modified: Fri, 03 Feb 2023 19:32:26 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
iwinclublink.app/blues
188.114.96.1307 Temporary Redirect 885 B IP 188.114.96.1:0
File type gzip compressed data, max compression\012- data
Hash ae059fd414b9213bd9e95503c37217ed
26d0e5e970fe62b95e69b5b906acaa7601d48415
ccf33f81abc2d83c2e7ac8fe33badc26f257c34f894ec37cfadb50805a24f849
GET /blues HTTP/1.1
Host: iwinclublink.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 307 Temporary Redirect
date: Fri, 03 Feb 2023 19:32:25 GMT
content-type: text/html; charset=UTF-8
location: https://iwinclublink.app/
set-cookie: prli_click_11=blues; expires=Sun, 05-Mar-2023 19:32:24 GMT; Max-Age=2592000; path=/
prli_visitor=63dd6148ca997; expires=Sat, 03-Feb-2024 19:32:24 GMT; Max-Age=31536000; path=/
x-robots-tag: noindex, nofollow, sponsored
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Pro 3.2.4 http://prettylink.com
x-redirect-by: WordPress
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoi3TtXa8aznF3EC6hzQPATFTDSAUUnpEsIwhjVQCIGp81sbqXPIhLUEjETJj9hoVvfo6M4QmssCBIIztxPkM4b7VSWSHC8CorCoe0%2FWjxF26ibrbrXoMeu%2BGHqGwkHxfSKA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793d97a158631c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
216.58.207.227200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://iwinclublink.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 10:25:03 GMT
expires: Mon, 29 Jan 2024 10:25:03 GMT
cache-control: public, max-age=31536000
age: 464844
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hK1QN.woff2
216.58.207.227200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hK1QN.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 25672, version 1.0\012- data
Hash fe3e5be2baa0126122ba9367ebab73c8
40bec99106dfab5f3721ed725483eb618a9016cd
8b166007d6f54c33b3ea10ea23572bc3166f55f365840d3cbd6ef7b5dcf6674e
GET /s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hK1QN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://iwinclublink.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 25672
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 10:20:25 GMT
expires: Sun, 28 Jan 2024 10:20:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:12:08 GMT
content-type: font/woff2
age: 551522
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwaPGR_p.woff2
216.58.207.227200 OK 5.4 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwaPGR_p.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 5368, version 1.0\012- data
Hash a48b0f049358d7503c497abb4dcbc4d6
d764e136ada1fba8ec4d99994b179d984d7983b8
4ef7cd3d4ed7de91e7eb3c05a31c6fa1da0b08d07cbfab8ae108c34d5e39cdb9
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwaPGR_p.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://iwinclublink.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 02:10:37 GMT
expires: Sat, 03 Feb 2024 02:10:37 GMT
cache-control: public, max-age=31536000
age: 62510
last-modified: Tue, 26 Apr 2022 15:56:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hJVQNcOM.woff2
216.58.207.227200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hJVQNcOM.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 22164, version 1.0\012- data
Hash 5cc6473203a24708dc461f4a18c79a9a
7fcbae6f3c7e2a31d3989825e70b0c627ddc1add
fd0696ea5d7cd294b7921ddb1b74a7a89de7ff7eedf8cda7ada92ef045004e9f
GET /s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hJVQNcOM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://iwinclublink.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 09:39:42 GMT
expires: Sat, 03 Feb 2024 09:39:42 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:21:08 GMT
content-type: font/woff2
age: 35565
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
xn--r1a.website/s/gameiwinclub
95.216.186.40200 OK 21 kB URL HTTP/1.1 xn--r1a.website/s/gameiwinclub
IP 95.216.186.40:0
ASN #24940 Hetzner Online GmbH
Hash 6f6e128371ca7601da6caf24ad71a936
2c155152f5a47d0dbb4554b23568c23f58c3700b
a69b2a1afd07e80afa3d58ccf1be246c9cffdc32892fcd43338ff707c2c79eec
Analyzer Verdict Alert fortinet Malware
GET /s/gameiwinclub HTTP/1.1
Host: xn--r1a.website
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://iwinclublink.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 19:32:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-control: no-store
Strict-Transport-Security: max-age=35768000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hJFQNcOM.woff2
216.58.207.227200 OK 6.8 kB URL HTTP/2 fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hJFQNcOM.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 6764, version 1.0\012- data
Hash 1743b1f6cc8e6018241c76c5c9cfe5fa
38b2463aef1648ef903aa6567eb39b3d1fa289d0
4300f8b2fe7c4584f81acd4797abeab846f74378ef6d7d6420f6e6fe95b2dd9f
GET /s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hJFQNcOM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://iwinclublink.app
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 6764
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 09:56:33 GMT
expires: Fri, 02 Feb 2024 09:56:33 GMT
cache-control: public, max-age=31536000
age: 120954
last-modified: Mon, 18 Jul 2022 19:21:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/s/player/97ea7458/www-player.css
142.250.74.78200 OK 50 kB URL HTTP/2 www.youtube.com/s/player/97ea7458/www-player.css
IP 142.250.74.78:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 06da032848dee0d02f299eb5d9d0b47b
9328ede00a7daa3c3af4e9a745b2f288a89985e1
1b4032e39d4869ac4d51be6750760b10108ce5d47c357fec81c66dbc90578601
GET /s/player/97ea7458/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/tm56h59FtZc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 49954
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 15:52:28 GMT
expires: Thu, 01 Feb 2024 15:52:28 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 01 Feb 2023 01:21:00 GMT
content-type: text/css
age: 185999
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 21:48:03 GMT
expires: Fri, 02 Feb 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 78264
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 16:40:43 GMT
expires: Fri, 02 Feb 2024 16:40:43 GMT
cache-control: public, max-age=31536000
age: 96704
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.youtube.com/s/player/97ea7458/www-embed-player.vflset/www-embed-player.js
142.250.74.78200 OK 110 kB URL HTTP/2 www.youtube.com/s/player/97ea7458/www-embed-player.vflset/www-embed-player.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (679)
Size 110 kB (110070 bytes)
Hash ebe79d652346a39f78ba70ecfb911269
b996db460e2862473018d11947ac7711bc8ca537
445ae1b45376bf82466aa698c16011ea0781d16f3e25653713d935a9bc39fda9
GET /s/player/97ea7458/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/tm56h59FtZc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 110070
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 15:52:28 GMT
expires: Thu, 01 Feb 2024 15:52:28 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 01 Feb 2023 01:21:00 GMT
content-type: text/javascript
age: 185999
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.youtube.com/s/player/97ea7458/fetch-polyfill.vflset/fetch-polyfill.js
142.250.74.78200 OK 2.8 kB URL HTTP/2 www.youtube.com/s/player/97ea7458/fetch-polyfill.vflset/fetch-polyfill.js
IP 142.250.74.78:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (555)
Hash 80fe2d229007996c8397073b00755dc7
121f82c77bcf2a297a1085e3b092415c463fcafe
033dfa8941482c82d4f1aaa4a9172fb379b9e46a02d5b36297c5476bbbfdea2c
GET /s/player/97ea7458/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/tm56h59FtZc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2786
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 15:52:28 GMT
expires: Thu, 01 Feb 2024 15:52:28 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 01 Feb 2023 01:21:00 GMT
content-type: text/javascript
age: 185999
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.youtube.com/s/player/97ea7458/player_ias.vflset/en_US/base.js
142.250.74.78200 OK 613 kB URL HTTP/2 www.youtube.com/s/player/97ea7458/player_ias.vflset/en_US/base.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (517)
Size 613 kB (612749 bytes)
Hash 83c1c7c77b3e875a13d9caa902b9faa3
3da245b3aa77682c47e0fc016a536bbd827189ad
254753ab92f0e04763ce89d741819cf20ce5281f10ee7ace7444ac8b4d07e98c
GET /s/player/97ea7458/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/tm56h59FtZc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 612749
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 16:02:00 GMT
expires: Thu, 01 Feb 2024 16:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 01 Feb 2023 01:21:00 GMT
content-type: text/javascript
age: 185427
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/xXjSKeIczEo
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/xXjSKeIczEo
IP 142.250.74.131:0
Hash d0d63e626af9847bd7566ea5a8de0ea4
9a50bb232e4d19214d56a4eb5b16932d31c28736
90a31edb1c74b41c38995da17842316729a48da098310d6fe22c501745e1de41
POST /s/gts1d4/xXjSKeIczEo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:27 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 932503153984d660c0b6c49e6eafc4d3
3f8d2956000374be4351d9bd9fa823fa7a6e9ef1
43b3ff1dc42e2daa2d96d96f1248cb2d4e33a06cc97ef605781b47e33f689c6d
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 03 Feb 2023 19:32:27 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 02 Feb 2023 20:42:23 GMT
Expires: Fri, 03 Feb 2023 20:42:23 GMT
ETag: "3f8d2956000374be4351d9bd9fa823fa7a6e9ef1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 932503153984d660c0b6c49e6eafc4d3
3f8d2956000374be4351d9bd9fa823fa7a6e9ef1
43b3ff1dc42e2daa2d96d96f1248cb2d4e33a06cc97ef605781b47e33f689c6d
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 03 Feb 2023 19:32:27 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 02 Feb 2023 20:42:23 GMT
Expires: Fri, 03 Feb 2023 20:42:23 GMT
ETag: "3f8d2956000374be4351d9bd9fa823fa7a6e9ef1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 932503153984d660c0b6c49e6eafc4d3
3f8d2956000374be4351d9bd9fa823fa7a6e9ef1
43b3ff1dc42e2daa2d96d96f1248cb2d4e33a06cc97ef605781b47e33f689c6d
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 03 Feb 2023 19:32:27 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 02 Feb 2023 20:42:23 GMT
Expires: Fri, 03 Feb 2023 20:42:23 GMT
ETag: "3f8d2956000374be4351d9bd9fa823fa7a6e9ef1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 932503153984d660c0b6c49e6eafc4d3
3f8d2956000374be4351d9bd9fa823fa7a6e9ef1
43b3ff1dc42e2daa2d96d96f1248cb2d4e33a06cc97ef605781b47e33f689c6d
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 03 Feb 2023 19:32:27 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 02 Feb 2023 20:42:23 GMT
Expires: Fri, 03 Feb 2023 20:42:23 GMT
ETag: "3f8d2956000374be4351d9bd9fa823fa7a6e9ef1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn5.telegram-cdn.org/file/CU2_6e-5exhECDZhIIAexlsBd5X224v981Ro3Yv9UkZrWjca4XPhzjzqaNtkBiLhByplbAXVoK8ORVnE1BFyukHlQkv2gxGFZwvTY8tPxHq2SvqLIGdOqs9aHG9LTqoMEWGWAbBLdt8xhoe6UiF9L5asNvfN-ekVfN2hpDO-Ay-DM4lo9qL7R5onTqDiaeaErO4qORoPuHF9wLytLtIUHRzZ09GZN3EthpNaB28vi2vcOO5SdjRZ8B8yvkn1WCPc7Ad0OJAMjGBdvYyXnYgUyp4m25OFlEf4AGFhkBJZEhWybdd9iZVwjEZbtzsdlSWDC-Tq5yWIoGK6l_nJt2Deuw.jpg
34.111.108.175200 OK 74 kB URL HTTP/2 cdn5.telegram-cdn.org/file/CU2_6e-5exhECDZhIIAexlsBd5X224v981Ro3Yv9UkZrWjca4XPhzjzqaNtkBiLhByplbAXVoK8ORVnE1BFyukHlQkv2gxGFZwvTY8tPxHq2SvqLIGdOqs9aHG9LTqoMEWGWAbBLdt8xhoe6UiF9L5asNvfN-ekVfN2hpDO-Ay-DM4lo9qL7R5onTqDiaeaErO4qORoPuHF9wLytLtIUHRzZ09GZN3EthpNaB28vi2vcOO5SdjRZ8B8yvkn1WCPc7Ad0OJAMjGBdvYyXnYgUyp4m25OFlEf4AGFhkBJZEhWybdd9iZVwjEZbtzsdlSWDC-Tq5yWIoGK6l_nJt2Deuw.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Hash a5929f22238d2e8aefd77ef2281218c6
80aa7dcd660a8dc101b497ae3bfdcacb14329757
71ea15fce02af367ab8aaa194f7bb9f20f69f1106f742e72ad8c77507cfcb604
GET /file/CU2_6e-5exhECDZhIIAexlsBd5X224v981Ro3Yv9UkZrWjca4XPhzjzqaNtkBiLhByplbAXVoK8ORVnE1BFyukHlQkv2gxGFZwvTY8tPxHq2SvqLIGdOqs9aHG9LTqoMEWGWAbBLdt8xhoe6UiF9L5asNvfN-ekVfN2hpDO-Ay-DM4lo9qL7R5onTqDiaeaErO4qORoPuHF9wLytLtIUHRzZ09GZN3EthpNaB28vi2vcOO5SdjRZ8B8yvkn1WCPc7Ad0OJAMjGBdvYyXnYgUyp4m25OFlEf4AGFhkBJZEhWybdd9iZVwjEZbtzsdlSWDC-Tq5yWIoGK6l_nJt2Deuw.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 73915
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "fdfd436305ac7c4275de1a346d83037ed7fcb761"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F98A5.png
149.154.167.99200 OK 3.1 kB URL HTTP/2 telegram.org/img/emoji/40/F09F98A5.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 2265c281291283002f961a9fd5fa6ef4
b2f3c3ff8db793f08f1343fe4f2b9f665821cf44
2d67d8b7719a59a7a458773ea84efb1d3cc695ebcd99b38b69b733243f69837a
GET /img/emoji/40/F09F98A5.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 3137
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-c41"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F9281E2808DE29982.png
149.154.167.99200 OK 3.0 kB URL HTTP/2 telegram.org/img/emoji/40/F09F9281E2808DE29982.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 74d03cc32af5665b413a97e77105ae1a
370d0e271033bfa922dcc733e924f637a440e8d7
98b87e9894b159739924bdcfb31df58e11fc2c8ce9fac527e968e1fe3eda10fb
GET /img/emoji/40/F09F9281E2808DE29982.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 3008
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-bc0"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09FA7A7.png
149.154.167.99200 OK 2.1 kB URL HTTP/2 telegram.org/img/emoji/40/F09FA7A7.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 0770be5a0d3ca2fba4459a3da8792d9c
fe7074f6abea076018dcaef301ae40ca8ca009c1
b7c82d8fc2387285af5432037b3b303f844c37ee114522a15ba10c2b8ca5da69
GET /img/emoji/40/F09FA7A7.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 2106
last-modified: Fri, 01 Nov 2019 00:04:51 GMT
etag: "5dbb76a3-83a"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/SQjiRB5lV8b1MtROVm4TZPkVzwusTh4x60WXnLLYJpYkvx27BnPl47r397ueYTtT1knJrsGeVRcP-bDx1T_LkJ_zAxcM2KH70HCRxjZ4GgbWP4hrZS3NpkjU2ugzd8BKr5K2EAKtDHXFbIQJ5CrSN29CHiace1MaLgQcxPIxVDWbQgGRhuuym_P7gPzDGpQEyQmH86xm4WAbmTRxCrPGiwAFG_P8DPL-rGw4OKmqYhLfXN-o0O6fRfqp5udRy_ENtpg0fTy-TUh39-oGgXPSNbjqKW2SiZsUxbGgdU5hfScMXN1zfRE2exbfRYCTePNzy4_JP_Psv2tltNpfNmIlNg.jpg
34.111.108.175200 OK 176 kB URL HTTP/2 cdn5.telegram-cdn.org/file/SQjiRB5lV8b1MtROVm4TZPkVzwusTh4x60WXnLLYJpYkvx27BnPl47r397ueYTtT1knJrsGeVRcP-bDx1T_LkJ_zAxcM2KH70HCRxjZ4GgbWP4hrZS3NpkjU2ugzd8BKr5K2EAKtDHXFbIQJ5CrSN29CHiace1MaLgQcxPIxVDWbQgGRhuuym_P7gPzDGpQEyQmH86xm4WAbmTRxCrPGiwAFG_P8DPL-rGw4OKmqYhLfXN-o0O6fRfqp5udRy_ENtpg0fTy-TUh39-oGgXPSNbjqKW2SiZsUxbGgdU5hfScMXN1zfRE2exbfRYCTePNzy4_JP_Psv2tltNpfNmIlNg.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 176 kB (175720 bytes)
Hash 9b633aa2b6c74ba614194270ce616453
0b1f562777b1b95f760d3e6642c1cb39e6bbe4bd
3dd38c2b56b231f51f68cd6ee8ec906c10038f6648f2001a2eb2f02f5090fce6
GET /file/SQjiRB5lV8b1MtROVm4TZPkVzwusTh4x60WXnLLYJpYkvx27BnPl47r397ueYTtT1knJrsGeVRcP-bDx1T_LkJ_zAxcM2KH70HCRxjZ4GgbWP4hrZS3NpkjU2ugzd8BKr5K2EAKtDHXFbIQJ5CrSN29CHiace1MaLgQcxPIxVDWbQgGRhuuym_P7gPzDGpQEyQmH86xm4WAbmTRxCrPGiwAFG_P8DPL-rGw4OKmqYhLfXN-o0O6fRfqp5udRy_ENtpg0fTy-TUh39-oGgXPSNbjqKW2SiZsUxbGgdU5hfScMXN1zfRE2exbfRYCTePNzy4_JP_Psv2tltNpfNmIlNg.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 175720
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "364a7e2489ea7c223affc7266838e75dd8fb44b7"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F93B1.png
149.154.167.99200 OK 2.2 kB URL HTTP/2 telegram.org/img/emoji/40/F09F93B1.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 29fd774f03d371287cac7ba276a6fc02
98f6d293f9da81fde4c0273ae350006e49948883
41bf5a9ee3cf0ff995a577e997425b8c6145d25c871a20f2a3a4c6d9e848da87
GET /img/emoji/40/F09F93B1.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 2242
last-modified: Wed, 31 Oct 2018 14:03:57 GMT
etag: "5bd9b64d-8c2"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/jL4oNZwVnGlbRybz8YZVqPj3TOBHHEDKH8ey01r4NbW3h1SB2KN2eqcd0ZTg9Qb4ZgcTjGNFJ_N8lr11UzqZbAv2Che5-6_ScSJwFIo2BKdohmP6bAyVG2tRIqFzwYRmaP0FdjJHy4SOWGQ7Vqej0f5sTEOXxA7QcXO4TFP85zvRfhZ9SB2WO2Afk1K4o0Sq4czcsavMM-huhliK9VXp9tuMcxWGLG-kL5JdgV4WVFVjB3Qb9nB67hsHxv7Fgjo8Adr1VKjpz4pJwN2zT33y6Ge5RWYl0t0_-TBCImfSkYUwf_shc7gh-XqTceeeh_a_fGGkfN_9BfgYj_nK1rLlJw.jpg
34.111.108.175200 OK 95 kB URL HTTP/2 cdn5.telegram-cdn.org/file/jL4oNZwVnGlbRybz8YZVqPj3TOBHHEDKH8ey01r4NbW3h1SB2KN2eqcd0ZTg9Qb4ZgcTjGNFJ_N8lr11UzqZbAv2Che5-6_ScSJwFIo2BKdohmP6bAyVG2tRIqFzwYRmaP0FdjJHy4SOWGQ7Vqej0f5sTEOXxA7QcXO4TFP85zvRfhZ9SB2WO2Afk1K4o0Sq4czcsavMM-huhliK9VXp9tuMcxWGLG-kL5JdgV4WVFVjB3Qb9nB67hsHxv7Fgjo8Adr1VKjpz4pJwN2zT33y6Ge5RWYl0t0_-TBCImfSkYUwf_shc7gh-XqTceeeh_a_fGGkfN_9BfgYj_nK1rLlJw.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Hash c3fb4130b38886b8e0841794f49c731d
25cbf2aea7cd23015c33784e8331c70d3ab5448d
3d620ef5aff45020bccee32aa9d337247f19a7ab39fd0f5da34291478413eba4
GET /file/jL4oNZwVnGlbRybz8YZVqPj3TOBHHEDKH8ey01r4NbW3h1SB2KN2eqcd0ZTg9Qb4ZgcTjGNFJ_N8lr11UzqZbAv2Che5-6_ScSJwFIo2BKdohmP6bAyVG2tRIqFzwYRmaP0FdjJHy4SOWGQ7Vqej0f5sTEOXxA7QcXO4TFP85zvRfhZ9SB2WO2Afk1K4o0Sq4czcsavMM-huhliK9VXp9tuMcxWGLG-kL5JdgV4WVFVjB3Qb9nB67hsHxv7Fgjo8Adr1VKjpz4pJwN2zT33y6Ge5RWYl0t0_-TBCImfSkYUwf_shc7gh-XqTceeeh_a_fGGkfN_9BfgYj_nK1rLlJw.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 95243
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "d1753b807140c159e2367fad62bbd213e8490cba"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F8EAE.png
149.154.167.99200 OK 3.2 kB URL HTTP/2 telegram.org/img/emoji/40/F09F8EAE.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash a3548a173cdcb000eae794b155a8c30c
0491e76e426b32dbf61123f6a831482ed5a1f2ad
87eef0cf21a7141b0767bb1ff364a119fbc7b44e20cf19436485f7a9304fa490
GET /img/emoji/40/F09F8EAE.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 3183
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-c6f"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/CsCh0t6FQ8D-LjxAi3wECgzOvxH0Ep4GxyH9asSjPhGypn4pyKjEg_5pXcKBczRz6L9oqNIHyTKyyfctojLxT2mxpViN3L1BLyDfcDk0WsY_OKiSrqsvgOtVtcJfO9W-JRKIpnDcVgtMaUDLc4E-p1HLtLGOVXJPOekXHQwspdWoPCUgN4Wds75ahGONLZ5wioYKMmVZL-XecEmHZPlhD3Vd0W7G1-2oMN8fwBWfosc8VJ52jtsZAyFoPfiq3G7XLfzWD93kTd4hO8pVhSYBfrWox0OGmCL3wxQfui7dVA-_zXPsPfXPtkRuHk3eBAit30petQyHvihlg-yWnDm4Hg.jpg
34.111.108.175200 OK 171 kB URL HTTP/2 cdn5.telegram-cdn.org/file/CsCh0t6FQ8D-LjxAi3wECgzOvxH0Ep4GxyH9asSjPhGypn4pyKjEg_5pXcKBczRz6L9oqNIHyTKyyfctojLxT2mxpViN3L1BLyDfcDk0WsY_OKiSrqsvgOtVtcJfO9W-JRKIpnDcVgtMaUDLc4E-p1HLtLGOVXJPOekXHQwspdWoPCUgN4Wds75ahGONLZ5wioYKMmVZL-XecEmHZPlhD3Vd0W7G1-2oMN8fwBWfosc8VJ52jtsZAyFoPfiq3G7XLfzWD93kTd4hO8pVhSYBfrWox0OGmCL3wxQfui7dVA-_zXPsPfXPtkRuHk3eBAit30petQyHvihlg-yWnDm4Hg.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 171 kB (171129 bytes)
Hash 2c4ddfff1383bb06bbea9210039d8a67
06405cdb34dde5f47855f7b353a0a109484da338
e6b3833b27a09aab937c8ad5956adef969ec9340a6f557bac9f7d9ed2b1426d5
GET /file/CsCh0t6FQ8D-LjxAi3wECgzOvxH0Ep4GxyH9asSjPhGypn4pyKjEg_5pXcKBczRz6L9oqNIHyTKyyfctojLxT2mxpViN3L1BLyDfcDk0WsY_OKiSrqsvgOtVtcJfO9W-JRKIpnDcVgtMaUDLc4E-p1HLtLGOVXJPOekXHQwspdWoPCUgN4Wds75ahGONLZ5wioYKMmVZL-XecEmHZPlhD3Vd0W7G1-2oMN8fwBWfosc8VJ52jtsZAyFoPfiq3G7XLfzWD93kTd4hO8pVhSYBfrWox0OGmCL3wxQfui7dVA-_zXPsPfXPtkRuHk3eBAit30petQyHvihlg-yWnDm4Hg.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 171129
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "85777917644e17808eb1c9caeeb530052b4cd828"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F988E.png
149.154.167.99200 OK 3.2 kB URL HTTP/2 telegram.org/img/emoji/40/F09F988E.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 42d1a35370c82d6d5fd518c81de64dfe
c964b7e2216c55d45b424127fe0041d04b56df96
54a642e40b1981ded4cfffa9521fe0cdc5237d4cfdafaface8736db4c912cee5
GET /img/emoji/40/F09F988E.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 3219
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-c93"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/nGEPgOERjimDXfcktLXkwArIUJmDxgOjrpyZvSiu7OzSErVFgZQz9n7bK04w7-R0bYcfd1boP0VhrmsIKc0XKqfSwPixEG7KF1RiYdixVYFER6NxUyZy6JuHMdVau6z1Zu0J0KyTgZjkDMZhRVnjLLy7RTu7SyfmISrD6gJr-DjXRhAH01ZOEx4B_Fxr5rR7bgqRUH9rqwHuHm5bRlOSkG_g9SvGBZkpar6w0hQ-v78h7XHxNpXEqu_YlvDhPiKFuFXPYDHhFQdLP2iPNk6eCzwSXBbQCon22HyJCODLXs2fiwh7k4T8G4FGfKgYfpHHcshwQ6AMU10CSk2vbtIwyQ.jpg
34.111.108.175200 OK 100 kB URL HTTP/2 cdn5.telegram-cdn.org/file/nGEPgOERjimDXfcktLXkwArIUJmDxgOjrpyZvSiu7OzSErVFgZQz9n7bK04w7-R0bYcfd1boP0VhrmsIKc0XKqfSwPixEG7KF1RiYdixVYFER6NxUyZy6JuHMdVau6z1Zu0J0KyTgZjkDMZhRVnjLLy7RTu7SyfmISrD6gJr-DjXRhAH01ZOEx4B_Fxr5rR7bgqRUH9rqwHuHm5bRlOSkG_g9SvGBZkpar6w0hQ-v78h7XHxNpXEqu_YlvDhPiKFuFXPYDHhFQdLP2iPNk6eCzwSXBbQCon22HyJCODLXs2fiwh7k4T8G4FGfKgYfpHHcshwQ6AMU10CSk2vbtIwyQ.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 638x800, components 3\012- data
Hash bf1f8eb01342f496363d1abc875af449
3e0bd5bb49186f47a5c0af14521d97676828c603
6a007f0798cf42f4c539b4508b3acb93ccdc8307c8305d77f805b88aab461901
GET /file/nGEPgOERjimDXfcktLXkwArIUJmDxgOjrpyZvSiu7OzSErVFgZQz9n7bK04w7-R0bYcfd1boP0VhrmsIKc0XKqfSwPixEG7KF1RiYdixVYFER6NxUyZy6JuHMdVau6z1Zu0J0KyTgZjkDMZhRVnjLLy7RTu7SyfmISrD6gJr-DjXRhAH01ZOEx4B_Fxr5rR7bgqRUH9rqwHuHm5bRlOSkG_g9SvGBZkpar6w0hQ-v78h7XHxNpXEqu_YlvDhPiKFuFXPYDHhFQdLP2iPNk6eCzwSXBbQCon22HyJCODLXs2fiwh7k4T8G4FGfKgYfpHHcshwQ6AMU10CSk2vbtIwyQ.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 99815
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "2aaedc1599e7897326ff8ab0ce8798d950121d9e"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/WzobD5fkf0YR7MJ8wY0srCiwtXC3jHR9s02EsGHfnN5D9HDhNeFmwj9dO9n0cm48Hh3dZij13Qjkrdq_tdiXbyyRnFD1zZ2PyqHOAMvWfoQAaRxX6vnwcg5ePNUgkzaxjM4iESoFYHUrf2qAX43tjyqBbmeTHITuiClKl_2JuaIqf7yZQlaCb0ZtYPfX5T7jpIfqrUQ9gl5mq8ZuM4fAP8lOOnNX9hrgfgOvvNSEw2kiUMJQB3LZhqGhg7Du3T5FZzoC3GfGH-rVtQ7jgUauZR1bGoZJsLgXUNovEkMagxaQD-aaotYJCI_Q1F0T-b5i6sbh3fwNYrfa3iiDI7hJyg.jpg
34.111.108.175200 OK 177 kB URL HTTP/2 cdn5.telegram-cdn.org/file/WzobD5fkf0YR7MJ8wY0srCiwtXC3jHR9s02EsGHfnN5D9HDhNeFmwj9dO9n0cm48Hh3dZij13Qjkrdq_tdiXbyyRnFD1zZ2PyqHOAMvWfoQAaRxX6vnwcg5ePNUgkzaxjM4iESoFYHUrf2qAX43tjyqBbmeTHITuiClKl_2JuaIqf7yZQlaCb0ZtYPfX5T7jpIfqrUQ9gl5mq8ZuM4fAP8lOOnNX9hrgfgOvvNSEw2kiUMJQB3LZhqGhg7Du3T5FZzoC3GfGH-rVtQ7jgUauZR1bGoZJsLgXUNovEkMagxaQD-aaotYJCI_Q1F0T-b5i6sbh3fwNYrfa3iiDI7hJyg.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 177 kB (177131 bytes)
Hash 1710307cfa1da9672ab925cf902c8a7b
c21eb304a50bbc42eb10fa7a492bf6dc072be43d
fc744da76d85526beb47995c0955e98acff4cbb3286bb9f0ae16185f172d148e
GET /file/WzobD5fkf0YR7MJ8wY0srCiwtXC3jHR9s02EsGHfnN5D9HDhNeFmwj9dO9n0cm48Hh3dZij13Qjkrdq_tdiXbyyRnFD1zZ2PyqHOAMvWfoQAaRxX6vnwcg5ePNUgkzaxjM4iESoFYHUrf2qAX43tjyqBbmeTHITuiClKl_2JuaIqf7yZQlaCb0ZtYPfX5T7jpIfqrUQ9gl5mq8ZuM4fAP8lOOnNX9hrgfgOvvNSEw2kiUMJQB3LZhqGhg7Du3T5FZzoC3GfGH-rVtQ7jgUauZR1bGoZJsLgXUNovEkMagxaQD-aaotYJCI_Q1F0T-b5i6sbh3fwNYrfa3iiDI7hJyg.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 177131
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "69c948ff993288d0484a99e97d0e095702c564d0"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F9881.png
149.154.167.99200 OK 3.2 kB URL HTTP/2 telegram.org/img/emoji/40/F09F9881.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 53d1173ef8d9173d945b1e1819405bcc
90410f9240b696d2ae130ab4cbd4569dd0705829
dfa3b98b8c5b972453d8fa4c42ac06369a0d6b421d70f48c4fdeff37054dbe50
GET /img/emoji/40/F09F9881.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 3180
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-c6c"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/YiEIO6hKZqSbvHhU_imVvyxcld2XEnxYwaHkKIqAvzk-D7Lj90g5rilLW_haSAXXxHaxLLVhHZ7hV02z8TPcJh7H6CfRY4FWF-S9vgLSJK3nDyolxLMplwaK0BOvmv61nEPmPdjXlHRHA4rL6xAA4AGonJBnZhbL25hh3_oPJ9HLi-sDLrNM_F5W1Oj1xmlB5AWYzTOqJFaVvN83DhNrfu_aLjXALhFSWKQjAvLAj6H5w8rH7dSXPSL0QHfPQqRkKoGNA2q5QZLXQElh7QhwK0DLwU7DLi90fuXbhTcJX9M33jOZrT56gmFpa-1OQtV1JHaFGMADv6dXpUgov-bHdw.jpg
34.111.108.175200 OK 100 kB URL HTTP/2 cdn5.telegram-cdn.org/file/YiEIO6hKZqSbvHhU_imVvyxcld2XEnxYwaHkKIqAvzk-D7Lj90g5rilLW_haSAXXxHaxLLVhHZ7hV02z8TPcJh7H6CfRY4FWF-S9vgLSJK3nDyolxLMplwaK0BOvmv61nEPmPdjXlHRHA4rL6xAA4AGonJBnZhbL25hh3_oPJ9HLi-sDLrNM_F5W1Oj1xmlB5AWYzTOqJFaVvN83DhNrfu_aLjXALhFSWKQjAvLAj6H5w8rH7dSXPSL0QHfPQqRkKoGNA2q5QZLXQElh7QhwK0DLwU7DLi90fuXbhTcJX9M33jOZrT56gmFpa-1OQtV1JHaFGMADv6dXpUgov-bHdw.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Hash c8b1d992b771e0df686848af2c51790f
3d7f882965d1f1ce8cce8ec4e1e753816e7ceaee
0e77b186ac3054625a90ce51df7c4a28869c01fa2475212720c4a7304249544a
GET /file/YiEIO6hKZqSbvHhU_imVvyxcld2XEnxYwaHkKIqAvzk-D7Lj90g5rilLW_haSAXXxHaxLLVhHZ7hV02z8TPcJh7H6CfRY4FWF-S9vgLSJK3nDyolxLMplwaK0BOvmv61nEPmPdjXlHRHA4rL6xAA4AGonJBnZhbL25hh3_oPJ9HLi-sDLrNM_F5W1Oj1xmlB5AWYzTOqJFaVvN83DhNrfu_aLjXALhFSWKQjAvLAj6H5w8rH7dSXPSL0QHfPQqRkKoGNA2q5QZLXQElh7QhwK0DLwU7DLi90fuXbhTcJX9M33jOZrT56gmFpa-1OQtV1JHaFGMADv6dXpUgov-bHdw.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 99559
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "1fb0d912ea2fedc3ea4c4950cc501d1d799e1d4f"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/cZ569v1A5J_IIwMEn92UmaIqYk2HWX8NfGWulJlsMmG5xC35YRl12-sV8lQxiG2Gvdv-6KGoo9dtgtffeYGrOdgaOXfFbDh2Jki3U1kcykEX1rBQO74c1rm6V797Wo2rEuXSLUELinyi79KsP34iPcl7D5GvF7n9CZCXjOGkb6A4AdKoFuGti4plTRaMz8Ml_sJEr-XKAMGKOmNpbzhlaYpn0baTvq0XfcL0WizLtZkj_kcsdFqX3bx3tDvl2OfkisHy69goNsXs2hbFABEOPSWd4dpRbdrPtiQbF0R8VWWb0nJAx-GWHZD_dx2Lv2MeJZDNzSgY8lYIO8Jumm6aHQ.jpg
34.111.108.175200 OK 91 kB URL HTTP/2 cdn5.telegram-cdn.org/file/cZ569v1A5J_IIwMEn92UmaIqYk2HWX8NfGWulJlsMmG5xC35YRl12-sV8lQxiG2Gvdv-6KGoo9dtgtffeYGrOdgaOXfFbDh2Jki3U1kcykEX1rBQO74c1rm6V797Wo2rEuXSLUELinyi79KsP34iPcl7D5GvF7n9CZCXjOGkb6A4AdKoFuGti4plTRaMz8Ml_sJEr-XKAMGKOmNpbzhlaYpn0baTvq0XfcL0WizLtZkj_kcsdFqX3bx3tDvl2OfkisHy69goNsXs2hbFABEOPSWd4dpRbdrPtiQbF0R8VWWb0nJAx-GWHZD_dx2Lv2MeJZDNzSgY8lYIO8Jumm6aHQ.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Hash 3fce0f939bb2b3bc8dfd8d9fa0439f0b
558ed6db421efb237c2e6154d4af9710893dd32c
c4d62dba15df864e36ce66df00f9fd865c84e47c4e99c670c1d8f3310d147974
GET /file/cZ569v1A5J_IIwMEn92UmaIqYk2HWX8NfGWulJlsMmG5xC35YRl12-sV8lQxiG2Gvdv-6KGoo9dtgtffeYGrOdgaOXfFbDh2Jki3U1kcykEX1rBQO74c1rm6V797Wo2rEuXSLUELinyi79KsP34iPcl7D5GvF7n9CZCXjOGkb6A4AdKoFuGti4plTRaMz8Ml_sJEr-XKAMGKOmNpbzhlaYpn0baTvq0XfcL0WizLtZkj_kcsdFqX3bx3tDvl2OfkisHy69goNsXs2hbFABEOPSWd4dpRbdrPtiQbF0R8VWWb0nJAx-GWHZD_dx2Lv2MeJZDNzSgY8lYIO8Jumm6aHQ.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 91326
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "060a388c411cc23abe84182bac8a91377d5138fd"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F92A5.png
149.154.167.99200 OK 2.6 kB URL HTTP/2 telegram.org/img/emoji/40/F09F92A5.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 74ee1623162e4f04072f127a32c51a35
621760079b85f56a9e971fb52f28a66bd22b630b
b5ee085355e63b5b1f56fffdb00d968baf53333941b022e775df0e87de3f1362
GET /img/emoji/40/F09F92A5.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 2640
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-a50"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/dg743IyM1j0gaE2lE7YeiAXsIHkU4AHXoAcqlV67BSaPXDBWbxsiZFClbJ2bEyhECZvZhXNQf4CXPY-Kb6U1aO7tsaz-LA1M08p5SIWGRVPnTWoK8mSSv6ms1md-Ef_Dpqi_rjuTYZrSkLQ2ReGYDi30HNFIwX9x07vGohS6v5lXhMuULxBMYgUWDk1s0eBpmNJP1lhz7Sr1IORKDWn8y382pRRJuU-TycIfMTOJOjejVVmX_eZEFHpxqLPgBY1GiubpyQPKdM4OI-M1HZGoXlAdWQ2doXd4pRN0mOromZed0UkRO1yeKhYPMifB2ct6Pji8VZsdqbhlctier99uZQ.jpg
34.111.108.175200 OK 174 kB URL HTTP/2 cdn5.telegram-cdn.org/file/dg743IyM1j0gaE2lE7YeiAXsIHkU4AHXoAcqlV67BSaPXDBWbxsiZFClbJ2bEyhECZvZhXNQf4CXPY-Kb6U1aO7tsaz-LA1M08p5SIWGRVPnTWoK8mSSv6ms1md-Ef_Dpqi_rjuTYZrSkLQ2ReGYDi30HNFIwX9x07vGohS6v5lXhMuULxBMYgUWDk1s0eBpmNJP1lhz7Sr1IORKDWn8y382pRRJuU-TycIfMTOJOjejVVmX_eZEFHpxqLPgBY1GiubpyQPKdM4OI-M1HZGoXlAdWQ2doXd4pRN0mOromZed0UkRO1yeKhYPMifB2ct6Pji8VZsdqbhlctier99uZQ.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 174 kB (173904 bytes)
Hash 6af93ff436220844b061abf330f15e0c
94dcaa4b20abe8d369d2e8f5e9580b2521406e2a
76724126354a48dea92924943c6a44692b0826eb542dd5aa30e875adcef41b17
GET /file/dg743IyM1j0gaE2lE7YeiAXsIHkU4AHXoAcqlV67BSaPXDBWbxsiZFClbJ2bEyhECZvZhXNQf4CXPY-Kb6U1aO7tsaz-LA1M08p5SIWGRVPnTWoK8mSSv6ms1md-Ef_Dpqi_rjuTYZrSkLQ2ReGYDi30HNFIwX9x07vGohS6v5lXhMuULxBMYgUWDk1s0eBpmNJP1lhz7Sr1IORKDWn8y382pRRJuU-TycIfMTOJOjejVVmX_eZEFHpxqLPgBY1GiubpyQPKdM4OI-M1HZGoXlAdWQ2doXd4pRN0mOromZed0UkRO1yeKhYPMifB2ct6Pji8VZsdqbhlctier99uZQ.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 173904
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "125086d27aee7e10c1984b24ea086fb46b7599af"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/GMbhOpwrzDajlBQSdrdetwo0Dnd_f1zAZg8oigZRC4RdrySAxtzkcXla-Jg-2xtrUy0sSVEH6B65_-tyolbbzY6PecmCXR9BEBYAIIMK_hqGvawYHZYxrPXJfl8n9PG74y-TyL7oaI1kkZSwX7u73f4x_saKH4FlAM_kL5cjQg-tnVCq2Cl5wxX22kuwOH990TJidWb9EJk5lPhTHL6i_IuvsiCarukIEfF3CzZi4y8Pqe-XKFhOpkwgj0C-C5MY47YgOB9vqcQKo7EI-INgWJXf_SS6ikIAkk6klI6_H-4ESnSPWzUOvL-9jUqvjyXjaJKODfL5NFB4UM_j3Q8gwg.jpg
34.111.108.175200 OK 179 kB URL HTTP/2 cdn5.telegram-cdn.org/file/GMbhOpwrzDajlBQSdrdetwo0Dnd_f1zAZg8oigZRC4RdrySAxtzkcXla-Jg-2xtrUy0sSVEH6B65_-tyolbbzY6PecmCXR9BEBYAIIMK_hqGvawYHZYxrPXJfl8n9PG74y-TyL7oaI1kkZSwX7u73f4x_saKH4FlAM_kL5cjQg-tnVCq2Cl5wxX22kuwOH990TJidWb9EJk5lPhTHL6i_IuvsiCarukIEfF3CzZi4y8Pqe-XKFhOpkwgj0C-C5MY47YgOB9vqcQKo7EI-INgWJXf_SS6ikIAkk6klI6_H-4ESnSPWzUOvL-9jUqvjyXjaJKODfL5NFB4UM_j3Q8gwg.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 179 kB (178690 bytes)
Hash 8555bc5577bb5f16c961e26cc346ac18
e39f05c16d96df2765ff1aad0f1ba515aadaa4d9
d0d1ad0e70b45b4d17a35f6b8e43fd38201ecd4ec8aa44590ceb2f3a53d9b6c5
GET /file/GMbhOpwrzDajlBQSdrdetwo0Dnd_f1zAZg8oigZRC4RdrySAxtzkcXla-Jg-2xtrUy0sSVEH6B65_-tyolbbzY6PecmCXR9BEBYAIIMK_hqGvawYHZYxrPXJfl8n9PG74y-TyL7oaI1kkZSwX7u73f4x_saKH4FlAM_kL5cjQg-tnVCq2Cl5wxX22kuwOH990TJidWb9EJk5lPhTHL6i_IuvsiCarukIEfF3CzZi4y8Pqe-XKFhOpkwgj0C-C5MY47YgOB9vqcQKo7EI-INgWJXf_SS6ikIAkk6klI6_H-4ESnSPWzUOvL-9jUqvjyXjaJKODfL5NFB4UM_j3Q8gwg.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 178690
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "5d207ee40420f2b311682946fcb947ea30bb440c"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/jW-A-iO8lG_OxDSWVUIvsJxy7L0KKurCNXrylhFDiqp3b9kIdNxldDueouMHAufMClXQQfr7p_Z0jYuNY4r6m5aVT_2m7yzgjPb3O9mFy6zfWmEY7lOSwPA2kQn-QsBrsMEK6AbOVSmP6t6_BSSPq_tRbZP-jDzxVFdzuWcPK3xcqSyvB0yYbFxugvVEA24hkIu4JY2Q-P38rCR4SIXBHbxUBbqXk5dOUnJ6w_t0X8_al1PdKjO3x5dUhlGoEwWUHBsUAWwOY9ks8LYVqAQl11OifoaxP3o-Wi6HxZkexeDzBGA8ooD-8v6NPLtpoQnJxl3tt8ILuRtA463MUxhNlQ.jpg
34.111.108.175200 OK 142 kB URL HTTP/2 cdn5.telegram-cdn.org/file/jW-A-iO8lG_OxDSWVUIvsJxy7L0KKurCNXrylhFDiqp3b9kIdNxldDueouMHAufMClXQQfr7p_Z0jYuNY4r6m5aVT_2m7yzgjPb3O9mFy6zfWmEY7lOSwPA2kQn-QsBrsMEK6AbOVSmP6t6_BSSPq_tRbZP-jDzxVFdzuWcPK3xcqSyvB0yYbFxugvVEA24hkIu4JY2Q-P38rCR4SIXBHbxUBbqXk5dOUnJ6w_t0X8_al1PdKjO3x5dUhlGoEwWUHBsUAWwOY9ks8LYVqAQl11OifoaxP3o-Wi6HxZkexeDzBGA8ooD-8v6NPLtpoQnJxl3tt8ILuRtA463MUxhNlQ.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 142 kB (142451 bytes)
Hash 85aca147ebaed2e127c339a1dc29c117
42e75141177a24b76f81e8e3afd5d7a95219a854
8d25578a4773af020a6bde5a8b692a04690f09eb8bfd4ddcecf750f27c0782e9
GET /file/jW-A-iO8lG_OxDSWVUIvsJxy7L0KKurCNXrylhFDiqp3b9kIdNxldDueouMHAufMClXQQfr7p_Z0jYuNY4r6m5aVT_2m7yzgjPb3O9mFy6zfWmEY7lOSwPA2kQn-QsBrsMEK6AbOVSmP6t6_BSSPq_tRbZP-jDzxVFdzuWcPK3xcqSyvB0yYbFxugvVEA24hkIu4JY2Q-P38rCR4SIXBHbxUBbqXk5dOUnJ6w_t0X8_al1PdKjO3x5dUhlGoEwWUHBsUAWwOY9ks8LYVqAQl11OifoaxP3o-Wi6HxZkexeDzBGA8ooD-8v6NPLtpoQnJxl3tt8ILuRtA463MUxhNlQ.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 142451
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "d9be99da7530e21ad66e469124a8527e5cee0e9e"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/jwIP3qcqbdH1W3o6esHEzAbD-r6mhn-ePTmGUlAOMZHYMtZNnxZkVEeMR-pj2xP_rJrXIvzUiMoBQhJojlJm0mqkhAZiWv6S8l6PbFk8i-uzLEyG2NBKkkSmZ4EDWr7Hkzp7fTkylwTpDl8plTe9VLkI1Ew7csrHFDQ1cNFtznKNrPmitonysDY3Eu5FhlyvPmhIiv3Dkp6p6u3v8nXadclxsB-oT-EGyVcp6zIre2S0CeOjFtrce7mxIU4qVwrwpHBrU7sgbo8l45uhNkJFu8F7HbCpTiGennSnfNuFhmNWrSjFsgvnlg_bH2VP7diV-Bw_kkkYkDePe5CuRVKQzw.jpg
34.111.108.175200 OK 108 kB URL HTTP/2 cdn5.telegram-cdn.org/file/jwIP3qcqbdH1W3o6esHEzAbD-r6mhn-ePTmGUlAOMZHYMtZNnxZkVEeMR-pj2xP_rJrXIvzUiMoBQhJojlJm0mqkhAZiWv6S8l6PbFk8i-uzLEyG2NBKkkSmZ4EDWr7Hkzp7fTkylwTpDl8plTe9VLkI1Ew7csrHFDQ1cNFtznKNrPmitonysDY3Eu5FhlyvPmhIiv3Dkp6p6u3v8nXadclxsB-oT-EGyVcp6zIre2S0CeOjFtrce7mxIU4qVwrwpHBrU7sgbo8l45uhNkJFu8F7HbCpTiGennSnfNuFhmNWrSjFsgvnlg_bH2VP7diV-Bw_kkkYkDePe5CuRVKQzw.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 108 kB (108257 bytes)
Hash af63c3ba74f927b012f9c74c74008292
3f1a3c501c5c9a3d5ebc87866f84d5b3769b7747
b854343fc55b6f254b506e8ec52308e3a30dc712881d55490b00b7211ee9bf89
GET /file/jwIP3qcqbdH1W3o6esHEzAbD-r6mhn-ePTmGUlAOMZHYMtZNnxZkVEeMR-pj2xP_rJrXIvzUiMoBQhJojlJm0mqkhAZiWv6S8l6PbFk8i-uzLEyG2NBKkkSmZ4EDWr7Hkzp7fTkylwTpDl8plTe9VLkI1Ew7csrHFDQ1cNFtznKNrPmitonysDY3Eu5FhlyvPmhIiv3Dkp6p6u3v8nXadclxsB-oT-EGyVcp6zIre2S0CeOjFtrce7mxIU4qVwrwpHBrU7sgbo8l45uhNkJFu8F7HbCpTiGennSnfNuFhmNWrSjFsgvnlg_bH2VP7diV-Bw_kkkYkDePe5CuRVKQzw.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 108257
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "df65bed216f23615df862e69e296d5d91451131e"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/xXjSKeIczEo
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/xXjSKeIczEo
IP 142.250.74.131:0
Hash d0d63e626af9847bd7566ea5a8de0ea4
9a50bb232e4d19214d56a4eb5b16932d31c28736
90a31edb1c74b41c38995da17842316729a48da098310d6fe22c501745e1de41
POST /s/gts1d4/xXjSKeIczEo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:28 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn5.telegram-cdn.org/file/lEzHYFAfdBM6boVMoi7-FBVclvdEZyabu--2uJTQkqTQJOZzk0wNavqAbMQbnjiNaJ7vBFFnSK1Bv1eLD8WLsaPrecVREx6rZbpjjfLlnuKvSf8aC37X-tnXalww9MdhJbWoMe6eNA2DrjGDxqepcyjrF7owpP18Iedg3FU9qR-a_9wE1H0S9382K7KvYxkSX9b3IaFJh8bw8d5hgzoQeM-pMoCVjTjZGCR3VJ1YWQfq4hkI6FtJ3Qy63vaigrVopBu9a26NxAn7CHEzlI5tbo1G8bkYg4NPHXiXuM8J7Hxk6iGSh8VHr5kPK8qEjF6_wclHLvA2RuiqUQcBKVyzlw.jpg
34.111.108.175200 OK 220 kB URL HTTP/2 cdn5.telegram-cdn.org/file/lEzHYFAfdBM6boVMoi7-FBVclvdEZyabu--2uJTQkqTQJOZzk0wNavqAbMQbnjiNaJ7vBFFnSK1Bv1eLD8WLsaPrecVREx6rZbpjjfLlnuKvSf8aC37X-tnXalww9MdhJbWoMe6eNA2DrjGDxqepcyjrF7owpP18Iedg3FU9qR-a_9wE1H0S9382K7KvYxkSX9b3IaFJh8bw8d5hgzoQeM-pMoCVjTjZGCR3VJ1YWQfq4hkI6FtJ3Qy63vaigrVopBu9a26NxAn7CHEzlI5tbo1G8bkYg4NPHXiXuM8J7Hxk6iGSh8VHr5kPK8qEjF6_wclHLvA2RuiqUQcBKVyzlw.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 220 kB (219867 bytes)
Hash 377c478d53a458269a422f7bbdbf243c
66e7c163c947e4b8ebde29dd91eba33dde43b6d6
d233a8fb6ec0f1a6c908672429d3565a639c70dac32bfe49d2be4362528fe82c
GET /file/lEzHYFAfdBM6boVMoi7-FBVclvdEZyabu--2uJTQkqTQJOZzk0wNavqAbMQbnjiNaJ7vBFFnSK1Bv1eLD8WLsaPrecVREx6rZbpjjfLlnuKvSf8aC37X-tnXalww9MdhJbWoMe6eNA2DrjGDxqepcyjrF7owpP18Iedg3FU9qR-a_9wE1H0S9382K7KvYxkSX9b3IaFJh8bw8d5hgzoQeM-pMoCVjTjZGCR3VJ1YWQfq4hkI6FtJ3Qy63vaigrVopBu9a26NxAn7CHEzlI5tbo1G8bkYg4NPHXiXuM8J7Hxk6iGSh8VHr5kPK8qEjF6_wclHLvA2RuiqUQcBKVyzlw.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 219867
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "f82513e5c5c8129f360b9a2b51f0d866469dd485"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F9189.png
149.154.167.99200 OK 1.4 kB URL HTTP/2 telegram.org/img/emoji/40/F09F9189.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash b26a6176db417cd19b98056ead589fae
c30be0a0ca7f1365fa9d0931c9abcbe61e481237
c7f78f11f3283301caeb7fb8a1e73a304c01ff557ed722d5120274b7b64f568d
GET /img/emoji/40/F09F9189.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 1418
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-58a"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09FA4A9.png
149.154.167.99200 OK 3.6 kB URL HTTP/2 telegram.org/img/emoji/40/F09FA4A9.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e97057bbe3ae93547cae351b87c9cbc
9e06e79320b28881e07cab892d91d0e475c8f6e1
64883c6bed935bfc108ab7afa20e75e1f2b386be41e0c3b44a06366cc90281d2
GET /img/emoji/40/F09FA4A9.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 3554
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-de2"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/FG5Q-4w6hQU-HAUYGcZAmWrYVAX7sRe8ljDv0RM48HXg22BWnSM8CsFxpFtvQ1h-a8CsRWCjhSMavzf38R-6evSImQFHZdrPK_vElF3UGt6wAfC_PQKEV_pfqOsyT8FbcqNGtNk1fhaR1UdGqfRqoQ_b9eCKjIK_E6-hswrCX4X2kTBjI8ZXfQXt0n9Vfz2XMb0NVqXOgEtrixNBBB5y8jt08Haqcrks05hAA9GalmB0W4yB0l5JxlGBzgHXrGO0QfK9G5qdXEZT48OxdrBSVlxmAjdMBw0WPz9_oEZNhcL1-izmhXwiKfwtUSYs6VEXrlQp7xDnvWrovFpz63YyYQ.jpg
34.111.108.175200 OK 111 kB URL HTTP/2 cdn5.telegram-cdn.org/file/FG5Q-4w6hQU-HAUYGcZAmWrYVAX7sRe8ljDv0RM48HXg22BWnSM8CsFxpFtvQ1h-a8CsRWCjhSMavzf38R-6evSImQFHZdrPK_vElF3UGt6wAfC_PQKEV_pfqOsyT8FbcqNGtNk1fhaR1UdGqfRqoQ_b9eCKjIK_E6-hswrCX4X2kTBjI8ZXfQXt0n9Vfz2XMb0NVqXOgEtrixNBBB5y8jt08Haqcrks05hAA9GalmB0W4yB0l5JxlGBzgHXrGO0QfK9G5qdXEZT48OxdrBSVlxmAjdMBw0WPz9_oEZNhcL1-izmhXwiKfwtUSYs6VEXrlQp7xDnvWrovFpz63YyYQ.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 111 kB (110956 bytes)
Hash 7f9bcce365edf214f8a513a988cf3dea
ffc277843d184729dc0ffdf117e9f6f1705b3ab6
cf0248eeb4e68f9b8574e30b15d0afdef52613c0399e9852ffb98fc632daa478
GET /file/FG5Q-4w6hQU-HAUYGcZAmWrYVAX7sRe8ljDv0RM48HXg22BWnSM8CsFxpFtvQ1h-a8CsRWCjhSMavzf38R-6evSImQFHZdrPK_vElF3UGt6wAfC_PQKEV_pfqOsyT8FbcqNGtNk1fhaR1UdGqfRqoQ_b9eCKjIK_E6-hswrCX4X2kTBjI8ZXfQXt0n9Vfz2XMb0NVqXOgEtrixNBBB5y8jt08Haqcrks05hAA9GalmB0W4yB0l5JxlGBzgHXrGO0QfK9G5qdXEZT48OxdrBSVlxmAjdMBw0WPz9_oEZNhcL1-izmhXwiKfwtUSYs6VEXrlQp7xDnvWrovFpz63YyYQ.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 110956
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "1290a1c3cda1eef666a7dde6f4234464f1f11b06"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F94A5.png
149.154.167.99200 OK 2.6 kB URL HTTP/2 telegram.org/img/emoji/40/F09F94A5.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 77d1231b7757d5152d247457e3c14952
d94776b0a2173b6e23003d1d093aa15fc802de96
90b4abfa7281f9465c5d65947c7a035d414ec1add2729ad1a2a5dc2bb7bf9878
GET /img/emoji/40/F09F94A5.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 2581
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-a15"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F8CB8.png
149.154.167.99200 OK 3.7 kB URL HTTP/2 telegram.org/img/emoji/40/F09F8CB8.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash e07e0d94542ec9ef9b505b75133da2e2
4e5585c24a125abc2414a838c8f77885bca43323
b18daa088cf163c33ada0f212f9e85899dbd5a04d504d4a2829c2306ca3dd243
GET /img/emoji/40/F09F8CB8.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 3656
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-e48"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/LV1HshvjmkvJmetuZykHtUo81bckPCFyAfUGK48RmLK1CzXcCvoaV9x5yKbdayr-Zf2ywm2V42CmAWtTpu9xel3BVPayPXuvAhMj5KtWMR8EMrE4PE-Q-9Kpu4uB7dIC1PeSJTiHQOx5wocYv-ceDHlvo-RKwY0fCy6CSdC12VaMYdz3ooEQx3Wkz48N9vhIgb9fNFQfbjk_Jtrg-K2iorLpFUKwlhmv_2v3_hidRJhOv7uADJ26nIC4Gb4ArHa5lvvtcyoBgugj-k2UHpQqUgHC2CLkpLoJYDAkL8fd5XJXi5QPpWR-pFKLCkgITKW-QNR_xINbFvCG1OAOR5h87Q.jpg
34.111.108.175200 OK 108 kB URL HTTP/2 cdn5.telegram-cdn.org/file/LV1HshvjmkvJmetuZykHtUo81bckPCFyAfUGK48RmLK1CzXcCvoaV9x5yKbdayr-Zf2ywm2V42CmAWtTpu9xel3BVPayPXuvAhMj5KtWMR8EMrE4PE-Q-9Kpu4uB7dIC1PeSJTiHQOx5wocYv-ceDHlvo-RKwY0fCy6CSdC12VaMYdz3ooEQx3Wkz48N9vhIgb9fNFQfbjk_Jtrg-K2iorLpFUKwlhmv_2v3_hidRJhOv7uADJ26nIC4Gb4ArHa5lvvtcyoBgugj-k2UHpQqUgHC2CLkpLoJYDAkL8fd5XJXi5QPpWR-pFKLCkgITKW-QNR_xINbFvCG1OAOR5h87Q.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 108 kB (107723 bytes)
Hash 8b2f09d1f29d593b6f21b67f240291b4
fade20fe4466fa1ffc434a0fe328fc3f6b0939ee
2bc5c8ab2fe0cc4448a4dd2f45deb164819f5a907271ac43993c99b2ef05c166
GET /file/LV1HshvjmkvJmetuZykHtUo81bckPCFyAfUGK48RmLK1CzXcCvoaV9x5yKbdayr-Zf2ywm2V42CmAWtTpu9xel3BVPayPXuvAhMj5KtWMR8EMrE4PE-Q-9Kpu4uB7dIC1PeSJTiHQOx5wocYv-ceDHlvo-RKwY0fCy6CSdC12VaMYdz3ooEQx3Wkz48N9vhIgb9fNFQfbjk_Jtrg-K2iorLpFUKwlhmv_2v3_hidRJhOv7uADJ26nIC4Gb4ArHa5lvvtcyoBgugj-k2UHpQqUgHC2CLkpLoJYDAkL8fd5XJXi5QPpWR-pFKLCkgITKW-QNR_xINbFvCG1OAOR5h87Q.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 107723
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:12 GMT
etag: "fa08b959505b767740ab425bbdbbf6adff14e18d"
content-type: image/jpeg
age: 6496
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F98B8.png
149.154.167.99200 OK 3.1 kB URL HTTP/2 telegram.org/img/emoji/40/F09F98B8.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 89b837805f00f8dc2f2f5d529f4cd999
522fb14f884c3de1bf0b31a0dfea861982f3d471
d2c4debff1ab55a239406cbe904025e427e5c0855a842e10bb910b5af6e212cc
GET /img/emoji/40/F09F98B8.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/png
content-length: 3064
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-bf8"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/WLiGmKNPZsBeZuz9ExJAJARwXW_p4HtemzsR6hz4J3jbQkDl-0GyLQDaD7birMb15MUzhj6GEZfnrgYO4YZZ54RyIdorkRMtrh9-DVqbX2o3fphmS-rwhsHdJuJnPkWXZ5x810VbKGUvgxv5sRV9eE0N10U0A6vyVY9n3o6qNeFt9UHiJ4CJbsjR5e9i0hofbD3KssEKXNf4351eUjB-LljV3Jah5GTEIqAC_vFCsVkPx5BSNeRjuDkBVBwGou1qpsQnjdj2Nsh4LCpO4MJmsy54T6iLfVfPcenxhcCcsYcQqHk85P3A9GPOiUs1W-LDJKsT2yMAwlHU9MDASF5y0Q.jpg
34.111.108.175200 OK 75 kB URL HTTP/2 cdn5.telegram-cdn.org/file/WLiGmKNPZsBeZuz9ExJAJARwXW_p4HtemzsR6hz4J3jbQkDl-0GyLQDaD7birMb15MUzhj6GEZfnrgYO4YZZ54RyIdorkRMtrh9-DVqbX2o3fphmS-rwhsHdJuJnPkWXZ5x810VbKGUvgxv5sRV9eE0N10U0A6vyVY9n3o6qNeFt9UHiJ4CJbsjR5e9i0hofbD3KssEKXNf4351eUjB-LljV3Jah5GTEIqAC_vFCsVkPx5BSNeRjuDkBVBwGou1qpsQnjdj2Nsh4LCpO4MJmsy54T6iLfVfPcenxhcCcsYcQqHk85P3A9GPOiUs1W-LDJKsT2yMAwlHU9MDASF5y0Q.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Hash e4d2522abff1abbafd0f219da72b4ba9
028fc389efa1505a01b9f8769ce2c2ad6d34d069
899f36eb9426e7dac553f1696ca7ec078901c67ff6f86e5a0b34128a4f058c84
GET /file/WLiGmKNPZsBeZuz9ExJAJARwXW_p4HtemzsR6hz4J3jbQkDl-0GyLQDaD7birMb15MUzhj6GEZfnrgYO4YZZ54RyIdorkRMtrh9-DVqbX2o3fphmS-rwhsHdJuJnPkWXZ5x810VbKGUvgxv5sRV9eE0N10U0A6vyVY9n3o6qNeFt9UHiJ4CJbsjR5e9i0hofbD3KssEKXNf4351eUjB-LljV3Jah5GTEIqAC_vFCsVkPx5BSNeRjuDkBVBwGou1qpsQnjdj2Nsh4LCpO4MJmsy54T6iLfVfPcenxhcCcsYcQqHk85P3A9GPOiUs1W-LDJKsT2yMAwlHU9MDASF5y0Q.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 75279
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "f4bb06edd33b3ff357bbc65680bfbcf336ff9b8c"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/fCxI6cxIRm38ItgJEMNQKpS1yWE6MPPBoQJQn8Hhbzf1fIuTwg5vr8AhJuvRj_nchmcNu4d2his0It21hgWe42hanHYqQXaFxXCI3N5hs7wmdx0CgYBn2CaLYv6b92bgmeIvBvl2vVwQU3d5Jjxj-Fl__XKZFWg-wT20qkvB7MaISsf9vI77k7uVVqqDBZEIKCBTgDlrC07Ht9oWvviN4Sx46w0WSqrMlAHcygr6XY3pZKHjIhr0TVbcDBLIT8XF0t1FmOyIYRovwtcM0PKSjlnfmKy40B_T3yJ0YANnQpwSriEBN_ic4xOkeNcGkZs64c35QiubGiP7c_nIlQjCfw.jpg
34.111.108.175200 OK 188 kB URL HTTP/2 cdn5.telegram-cdn.org/file/fCxI6cxIRm38ItgJEMNQKpS1yWE6MPPBoQJQn8Hhbzf1fIuTwg5vr8AhJuvRj_nchmcNu4d2his0It21hgWe42hanHYqQXaFxXCI3N5hs7wmdx0CgYBn2CaLYv6b92bgmeIvBvl2vVwQU3d5Jjxj-Fl__XKZFWg-wT20qkvB7MaISsf9vI77k7uVVqqDBZEIKCBTgDlrC07Ht9oWvviN4Sx46w0WSqrMlAHcygr6XY3pZKHjIhr0TVbcDBLIT8XF0t1FmOyIYRovwtcM0PKSjlnfmKy40B_T3yJ0YANnQpwSriEBN_ic4xOkeNcGkZs64c35QiubGiP7c_nIlQjCfw.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 188 kB (187873 bytes)
Hash 0dd629914ac3b8e47de606cf16b6399e
fe48a995bff5e58861342f801449ed85f19bc92c
632149fe4ee7e327da06e653413adc032265bbee506e1edffcfe91c3dbbdb86f
GET /file/fCxI6cxIRm38ItgJEMNQKpS1yWE6MPPBoQJQn8Hhbzf1fIuTwg5vr8AhJuvRj_nchmcNu4d2his0It21hgWe42hanHYqQXaFxXCI3N5hs7wmdx0CgYBn2CaLYv6b92bgmeIvBvl2vVwQU3d5Jjxj-Fl__XKZFWg-wT20qkvB7MaISsf9vI77k7uVVqqDBZEIKCBTgDlrC07Ht9oWvviN4Sx46w0WSqrMlAHcygr6XY3pZKHjIhr0TVbcDBLIT8XF0t1FmOyIYRovwtcM0PKSjlnfmKy40B_T3yJ0YANnQpwSriEBN_ic4xOkeNcGkZs64c35QiubGiP7c_nIlQjCfw.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 187873
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "1badcd9074e36805794d67e9e6e8cd7e17b638ec"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/EAAb5iyd4TVkWOfLwyhRMHsWMYPeKuW59PNSAUPx7xFatnH0Hs0-gilN0u4w9IsSzzXe4RAemIPX_vEe1X6DttjOANis-S3KQOc1iBRd41kKOdFN1jrpoJQpVpQKLieCfepRtUFhTH7_ILtwurlCWhkidr-VZpiGBfNfwKIpXFl9x8ndv1Riksw35N9td0KjOG7wL9vlcljUJbYFtpsY3eGx7jQewyH7TFwIfNe2R8NS-ZAa2jd3hv7NrP4egSDYODpUW7XWAM1IkuKuKNAlVG8gk1ooPjD_6yQrackuLlP4OPzIpOkzUmqSjqsmy750hDOv1d2vjC_3HHaMmJh_jg.jpg
34.111.108.175200 OK 193 kB URL HTTP/2 cdn5.telegram-cdn.org/file/EAAb5iyd4TVkWOfLwyhRMHsWMYPeKuW59PNSAUPx7xFatnH0Hs0-gilN0u4w9IsSzzXe4RAemIPX_vEe1X6DttjOANis-S3KQOc1iBRd41kKOdFN1jrpoJQpVpQKLieCfepRtUFhTH7_ILtwurlCWhkidr-VZpiGBfNfwKIpXFl9x8ndv1Riksw35N9td0KjOG7wL9vlcljUJbYFtpsY3eGx7jQewyH7TFwIfNe2R8NS-ZAa2jd3hv7NrP4egSDYODpUW7XWAM1IkuKuKNAlVG8gk1ooPjD_6yQrackuLlP4OPzIpOkzUmqSjqsmy750hDOv1d2vjC_3HHaMmJh_jg.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 193 kB (192732 bytes)
Hash 7c58ddcd8f9e7c601157c61ea14976de
997a4d9a429d80704269f880b279b639da3b6e26
3b58a9ffce83e58e7d3bcfe8562e8d64e0ede20179a28ed25c62a3a8d96df530
GET /file/EAAb5iyd4TVkWOfLwyhRMHsWMYPeKuW59PNSAUPx7xFatnH0Hs0-gilN0u4w9IsSzzXe4RAemIPX_vEe1X6DttjOANis-S3KQOc1iBRd41kKOdFN1jrpoJQpVpQKLieCfepRtUFhTH7_ILtwurlCWhkidr-VZpiGBfNfwKIpXFl9x8ndv1Riksw35N9td0KjOG7wL9vlcljUJbYFtpsY3eGx7jQewyH7TFwIfNe2R8NS-ZAa2jd3hv7NrP4egSDYODpUW7XWAM1IkuKuKNAlVG8gk1ooPjD_6yQrackuLlP4OPzIpOkzUmqSjqsmy750hDOv1d2vjC_3HHaMmJh_jg.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 192732
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "85c860426620cb1800d589d96f3e241b7b1e3325"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/uVBewozF4ctTyD05WFRYu_dQXUCqHwZwVtxLm1J4cSx7H0KZX2LcevGyobUYMsqSGQJZEeNSR4MnS7bCc9lNhh4adEyXh2MRLd43RNFCh33RPgFUjZ5LqiMZpv2hyrnT1Jta0Xex6WmdQphjShBkvqaXJ7BuV2_3j_4afUUsdEgrJWmtC74b50QxcrwhZiqZPisyXCzyNJo4scQCG0XpQmgOgxVlZVoLzlP-6-S8YTgw2iMiU8MJMV7g7ovrwd1wjRnjPp4uvQ3x35BEryFWIRPTTjmolMoYqvxQkXZ_RZbRNxvtEyAwudDaC07N754MD0WC5sq5AmmdGTLely49FQ.jpg
34.111.108.175200 OK 127 kB URL HTTP/2 cdn5.telegram-cdn.org/file/uVBewozF4ctTyD05WFRYu_dQXUCqHwZwVtxLm1J4cSx7H0KZX2LcevGyobUYMsqSGQJZEeNSR4MnS7bCc9lNhh4adEyXh2MRLd43RNFCh33RPgFUjZ5LqiMZpv2hyrnT1Jta0Xex6WmdQphjShBkvqaXJ7BuV2_3j_4afUUsdEgrJWmtC74b50QxcrwhZiqZPisyXCzyNJo4scQCG0XpQmgOgxVlZVoLzlP-6-S8YTgw2iMiU8MJMV7g7ovrwd1wjRnjPp4uvQ3x35BEryFWIRPTTjmolMoYqvxQkXZ_RZbRNxvtEyAwudDaC07N754MD0WC5sq5AmmdGTLely49FQ.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Size 127 kB (127062 bytes)
Hash 26a0ae3f28144e1ba724272035fa8cbe
c10b7f828c00cfc286a414cd68d54a2183a07a76
c92a9c574272be7cae0a60c8ddfdfd5a9bb56908f3d14d1d68638b2ae289ba93
GET /file/uVBewozF4ctTyD05WFRYu_dQXUCqHwZwVtxLm1J4cSx7H0KZX2LcevGyobUYMsqSGQJZEeNSR4MnS7bCc9lNhh4adEyXh2MRLd43RNFCh33RPgFUjZ5LqiMZpv2hyrnT1Jta0Xex6WmdQphjShBkvqaXJ7BuV2_3j_4afUUsdEgrJWmtC74b50QxcrwhZiqZPisyXCzyNJo4scQCG0XpQmgOgxVlZVoLzlP-6-S8YTgw2iMiU8MJMV7g7ovrwd1wjRnjPp4uvQ3x35BEryFWIRPTTjmolMoYqvxQkXZ_RZbRNxvtEyAwudDaC07N754MD0WC5sq5AmmdGTLely49FQ.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 127062
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "a430a7bf51632e75847bd8e150a47cb0986f4c8f"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn5.telegram-cdn.org/file/mUwUHKcVNr5gZHhbWexpxeOch27Qc7eykCZhkM45us9LT9-8fEJd6443myZYPbyreN02pUHEoKxvS_e-OGeI1E1moIwbATZgGHcGUVpK1zbvYaIu0G9MBbsu8WcXirdgoGblvhl_lq6sA6cfuFuTyenbg7v2MrbmIoFPZJ_DZeN0aAM2FZJIpYUPUI7TOX_7iJCe7JGTOAuxmJnfktvQl-n4D8nPDmLoGjj6YtT3azXoOC_uSCLjeQdrANwjOXZ6uMzP8L2XgvYbxXfHs-tvVKSH326w9_-b-Wmjb4iJJMRxBprKSAH8U2R7L-QeiYBuqdOMWfdEXKEG1sCc6WbPBA.jpg
34.111.108.175200 OK 90 kB URL HTTP/2 cdn5.telegram-cdn.org/file/mUwUHKcVNr5gZHhbWexpxeOch27Qc7eykCZhkM45us9LT9-8fEJd6443myZYPbyreN02pUHEoKxvS_e-OGeI1E1moIwbATZgGHcGUVpK1zbvYaIu0G9MBbsu8WcXirdgoGblvhl_lq6sA6cfuFuTyenbg7v2MrbmIoFPZJ_DZeN0aAM2FZJIpYUPUI7TOX_7iJCe7JGTOAuxmJnfktvQl-n4D8nPDmLoGjj6YtT3azXoOC_uSCLjeQdrANwjOXZ6uMzP8L2XgvYbxXfHs-tvVKSH326w9_-b-Wmjb4iJJMRxBprKSAH8U2R7L-QeiYBuqdOMWfdEXKEG1sCc6WbPBA.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x800, components 3\012- data
Hash afc879350f6e804cbdfe51b925e4bad0
1895765a20fac27ed667d69750562a392513e7bf
b72be6785e6edee43fe912bd8716dd6f3052b68798cee41a69704ae53de46676
GET /file/mUwUHKcVNr5gZHhbWexpxeOch27Qc7eykCZhkM45us9LT9-8fEJd6443myZYPbyreN02pUHEoKxvS_e-OGeI1E1moIwbATZgGHcGUVpK1zbvYaIu0G9MBbsu8WcXirdgoGblvhl_lq6sA6cfuFuTyenbg7v2MrbmIoFPZJ_DZeN0aAM2FZJIpYUPUI7TOX_7iJCe7JGTOAuxmJnfktvQl-n4D8nPDmLoGjj6YtT3azXoOC_uSCLjeQdrANwjOXZ6uMzP8L2XgvYbxXfHs-tvVKSH326w9_-b-Wmjb4iJJMRxBprKSAH8U2R7L-QeiYBuqdOMWfdEXKEG1sCc6WbPBA.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
content-length: 90154
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Fri, 03 Feb 2023 17:44:11 GMT
etag: "9b88055dcd9b3953d6f88ec43a80f6cecd7181b1"
content-type: image/jpeg
age: 6497
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
149.154.167.99200 OK 11 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 11028, version 1.0\012- data
Hash 1f6d3cf6d38f25d83d95f5a800b8cac3
279f300ca2cbbdf9f5036ef2f438607fbf377daa
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: application/octet-stream
content-length: 11028
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b14"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
149.154.167.99200 OK 11 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 11072, version 1.0\012- data
Hash e7df3d0942815909add8f9d0c40d00d9
cf5032eea3399a58870e8a05e629b006a8c7c3c7
bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875
GET /fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: application/octet-stream
content-length: 11072
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b40"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2
149.154.167.99200 OK 7.7 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 7676, version 1.0\012- data
Hash 90687dc5a4b6b6271c9f1c1d4986ca10
d21bd154ee1c06a125f08c306c24978db497ca1e
9cfe0546be6c8e0e13beeae9b8814f1e7bf0ff31fe4d286bf9ea12239a0abbd9
GET /fonts/Roboto/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: application/octet-stream
content-length: 7676
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-1dfc"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2
149.154.167.99200 OK 7.7 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 7736, version 1.0\012- data
Hash 93dcb0c222437699e9dd591d8b5a6b85
fad0a82ab491e6ee403e116475dd6ea9a4cd8733
582ca1c5738fa2697949cc4a495418e42df462e2bc3fc62bdae126bf159b6af5
GET /fonts/Roboto/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: application/octet-stream
content-length: 7736
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-1e38"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d2e174531b474d26a32c11aaa9965c69
6356e52468c57397bd01afe8c7cb861b4fe931ee
5eefef5a21ca2e611d0904b3adcff0005053a0d1f23a024808b436141cadd6b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.134200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.134:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 19:28:12 GMT
expires: Fri, 03 Feb 2023 19:43:12 GMT
cache-control: public, max-age=900
age: 256
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-P0CEZC2MB2>m=45je3210&_p=75854602&gdid=dZTNiMT&cid=1001528892.1675452780&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675452780&sct=1&seg=0&dl=https%3A%2F%2Fiwinclublink.app%2F&dt=Link%20Download%20Game%20IWIN%20CLUB%20%E2%80%93%20S%C3%B2ng%20B%E1%BA%A1c%20Th%C6%B0%E1%BB%A3ng%20L%C6%B0u%20%E2%80%93%202022%20-%20IWIN%20CLUB&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-P0CEZC2MB2>m=45je3210&_p=75854602&gdid=dZTNiMT&cid=1001528892.1675452780&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675452780&sct=1&seg=0&dl=https%3A%2F%2Fiwinclublink.app%2F&dt=Link%20Download%20Game%20IWIN%20CLUB%20%E2%80%93%20S%C3%B2ng%20B%E1%BA%A1c%20Th%C6%B0%E1%BB%A3ng%20L%C6%B0u%20%E2%80%93%202022%20-%20IWIN%20CLUB&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-P0CEZC2MB2>m=45je3210&_p=75854602&gdid=dZTNiMT&cid=1001528892.1675452780&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675452780&sct=1&seg=0&dl=https%3A%2F%2Fiwinclublink.app%2F&dt=Link%20Download%20Game%20IWIN%20CLUB%20%E2%80%93%20S%C3%B2ng%20B%E1%BA%A1c%20Th%C6%B0%E1%BB%A3ng%20L%C6%B0u%20%E2%80%93%202022%20-%20IWIN%20CLUB&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://iwinclublink.app
Connection: keep-alive
Referer: https://iwinclublink.app/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://iwinclublink.app
date: Fri, 03 Feb 2023 19:32:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.162302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Fri, 03 Feb 2023 19:32:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fCxc4AMP6lbBP.woff2
149.154.167.99200 OK 3.5 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fCxc4AMP6lbBP.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 3472, version 1.0\012- data
Hash 4d1e5298f2c7e19ba39a6ac8d88e91bd
b2b509897d53c2bc727b1d669cd8bcc9386f56b3
dab91182a5ab309ff749748ef255493eb4336822c3dc2d72ae47db6ed6764e1c
GET /fonts/Roboto/KFOlCnqEu92Fr1MmEU9fCxc4AMP6lbBP.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: application/octet-stream
content-length: 3472
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-d90"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 636897389814ca4d23aa4009b8fb1458
14394dbd8f0e226b71e1bd35c6da2278828feae4
85bcc6e816cf5ea2028e9dc4862f3de068d0606949b3fef3fcc5b32fab37ad86
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xn--r1a.website/v/
95.216.186.40200 OK 24 B IP 95.216.186.40:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 01e9a6bdf6f882e64253608f6b3d65f3
b25d1264aeffa89799841518a2bccbb408b4437b
5191dd01952ad22c138d1fb8b253c4ba28ed0b823ac46648b4c033c605983ab9
Analyzer Verdict Alert fortinet Malware
POST /v/ HTTP/1.1
Host: xn--r1a.website
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 93
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://xn--r1a.website/s/gameiwinclub
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Feb 2023 19:32:28 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: stel_ssid=60aef48809af97af72_11908135336852788740; expires=Sat, 04 Feb 2023 19:32:28 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
Strict-Transport-Security: max-age=35768000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2
149.154.167.99200 OK 3.5 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 3496, version 1.0\012- data
Hash e64969a373d0acf2586d1fd4224abb90
c654a76bf4dd81fb918d3e08461c7123e5be1993
4f393c516f720fc9745e48f9e2662ba069eb70e43bc95fe327225d47d5c89fef
GET /fonts/Roboto/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: application/octet-stream
content-length: 3496
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-da8"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.138200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.138200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.138:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 7bc63d420af131696a69f6678fd35d47
5ad848319bd40f90a1c3ef0e7e90235c0a8925ce
08d4a44a55e532c02c230deca8d1fe30bcff42140d613c7399b3dbf2b527ad91
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 03 Feb 2023 19:32:28 GMT
server: ESF
cache-control: private
content-length: 30958
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn5.telegram-cdn.org/file/JMnw9f7la8kk9CBSdLvtNMjbh_vwTddfXOGCekItH6u8pCsI2O8rHjpEjf4oZogZZW9MWyIDCJlBa-6iOA9CSbDp-tDK5r_ARzoLMRNdpIq52QIq01V3PXOTTDewb2CDpGP1i-ZX2uq1TqPhyA6tmE4iFJlX_jS665lt38VEkZI4hryrXWKGsUkLlVrFNo_TQJmehwheQo7gFPsGMQI8Kb_1u9BK_GVSasnn_wBMkAeDv-F48NK3x6D2wZ6qaQSnUeGBCZR0JnRYMJ1sL2EwXFwEE_lW7YoEUY3KHrqQp1T72YiSZWpMI7FzYY--1OWYeS8VgbD38NRae0IdX-TLww.jpg
34.111.108.175200 OK 18 kB URL HTTP/2 cdn5.telegram-cdn.org/file/JMnw9f7la8kk9CBSdLvtNMjbh_vwTddfXOGCekItH6u8pCsI2O8rHjpEjf4oZogZZW9MWyIDCJlBa-6iOA9CSbDp-tDK5r_ARzoLMRNdpIq52QIq01V3PXOTTDewb2CDpGP1i-ZX2uq1TqPhyA6tmE4iFJlX_jS665lt38VEkZI4hryrXWKGsUkLlVrFNo_TQJmehwheQo7gFPsGMQI8Kb_1u9BK_GVSasnn_wBMkAeDv-F48NK3x6D2wZ6qaQSnUeGBCZR0JnRYMJ1sL2EwXFwEE_lW7YoEUY3KHrqQp1T72YiSZWpMI7FzYY--1OWYeS8VgbD38NRae0IdX-TLww.jpg
IP 34.111.108.175:0
Hash 4de3b69f11d1d61068a559a0996f3e3f
0d20878d2f4ad6cdea58594a7c310e56157eda49
bb34a88c3b4b7d17627f9e307aec5c52d0c95eca644c470b23687f1b70ecdf73
GET /file/JMnw9f7la8kk9CBSdLvtNMjbh_vwTddfXOGCekItH6u8pCsI2O8rHjpEjf4oZogZZW9MWyIDCJlBa-6iOA9CSbDp-tDK5r_ARzoLMRNdpIq52QIq01V3PXOTTDewb2CDpGP1i-ZX2uq1TqPhyA6tmE4iFJlX_jS665lt38VEkZI4hryrXWKGsUkLlVrFNo_TQJmehwheQo7gFPsGMQI8Kb_1u9BK_GVSasnn_wBMkAeDv-F48NK3x6D2wZ6qaQSnUeGBCZR0JnRYMJ1sL2EwXFwEE_lW7YoEUY3KHrqQp1T72YiSZWpMI7FzYY--1OWYeS8VgbD38NRae0IdX-TLww.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/jpeg
content-length: 16243
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
etag: "5c3ad7462243eec6030320bef5ee53403589616a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/js/th/wBNXk7Q6V2dkHawik5TUb6id0fydDqlxfrWFyJdQ6Xw.js
216.58.211.4200 OK 14 kB URL HTTP/2 www.google.com/js/th/wBNXk7Q6V2dkHawik5TUb6id0fydDqlxfrWFyJdQ6Xw.js
IP 216.58.211.4:0
File type ASCII text, with very long lines (36000)
Hash b40bdd235c7883921e2b18743b3aea21
9aaa96e2ec231327ba976911513989568c56c7c1
8b00f3a7d9b7acabf6b991926d7543944771ce1431efd342dea743192ec667e3
GET /js/th/wBNXk7Q6V2dkHawik5TUb6id0fydDqlxfrWFyJdQ6Xw.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14173
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 09:38:54 GMT
expires: Sat, 03 Feb 2024 09:38:54 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Jan 2023 15:00:00 GMT
content-type: text/javascript
age: 35614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e16924e677b1cf77abc2c90c36b01b58
7608b4371357596c60d3ff2aed7fa181a3e8fefc
485a64335baac7fd3bfcc0063493c27ab58a8fe46e0873fc64f619c19cd8c59b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/tm56h59FtZc/sddefault.jpg
216.58.207.246200 OK 34 kB URL HTTP/2 i.ytimg.com/vi/tm56h59FtZc/sddefault.jpg
IP 216.58.207.246:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash 6608769fea16acbd879d7bfe889ebb6f
742fe1fc47b7c6d5d8102a70a2f05ffb9d09ae70
27a3a210f62231129594359b8317b6dbd53e16a027ac7e439430a333450b25af
GET /vi/tm56h59FtZc/sddefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 34159
date: Fri, 03 Feb 2023 19:32:29 GMT
expires: Fri, 03 Feb 2023 21:32:29 GMT
cache-control: public, max-age=7200
etag: "1611238571"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 02d83a5dc4bad0d50a6c68393635d572
837e7316f3b08e27afc73a5127caf47c5c4de52f
e91ae30b11beba601958e6af1d3fdb8cf9e08dd372eb87c6f0c5b76dc81066ae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1c56c7c141fbb2647e4909546c5ee1ac
bf1479b20c78d135ce6397b0bff0e6573a3bcbef
30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AL5GRJVdqGS51s7GhuInpaeCR1hO1wybKRzkYfvBUemMJA=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.6 kB URL HTTP/2 yt3.ggpht.com/ytc/AL5GRJVdqGS51s7GhuInpaeCR1hO1wybKRzkYfvBUemMJA=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash fd7ad07b504ffe100250b3aa2b540a2a
6471f95162969f70ca3ebf88b00aacca66cd0810
90b43d9e8ed644f905810ca0e93aa2d48b9eb6b020631bdb20a1deed03f3ab07
GET /ytc/AL5GRJVdqGS51s7GhuInpaeCR1hO1wybKRzkYfvBUemMJA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 3623
x-xss-protection: 0
date: Fri, 03 Feb 2023 17:48:17 GMT
expires: Tue, 24 Jan 2023 02:45:30 GMT
cache-control: public, max-age=86400, no-transform
age: 6252
etag: "v255"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1c56c7c141fbb2647e4909546c5ee1ac
bf1479b20c78d135ce6397b0bff0e6573a3bcbef
30cd3ac555fa6d8d5a5a1165b9ff3b78336c0c3c44e22f034879869a99f61043
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 19:32:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.138200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 03 Feb 2023 19:32:29 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.138200 OK 110 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.138:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7415271d910a8ff479f3ba372a9727e6
ef5a48cecd4019cb0cad0f3194f3e55d2593a14e
bb924b273fe90d3734835ae48a3169d3c3324644358913e640be10602fda5465
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1222
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 03 Feb 2023 19:32:29 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 114e345e134986d7451148fcea31b29d
541e878afee68c8802bb52b0cbbe5a5a0a185392
5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8211
x-amzn-requestid: 6a1fd567-b34d-4787-aa05-5b7db3fc51c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fflRBHU4IAMFnsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61c06-2d1ec3206d2ebeb4780a84b4;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:11:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUloQ6xaRWpnvMRh7kFvFIWhFotmILLZHfD_YK01RmrQ2vmYKVh46w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 03:08:32 GMT
age: 59039
etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
telegram.org/css/font-roboto.css?1
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/css/font-roboto.css?1
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /css/font-roboto.css?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:27 GMT
content-type: text/css
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: W/"63512b7d-1816"
expires: Tue, 07 Feb 2023 19:32:27 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/js/tgwallpaper.min.js?3
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/js/tgwallpaper.min.js?3
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /js/tgwallpaper.min.js?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:27 GMT
content-type: application/javascript
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
etag: W/"62211da5-ba3"
expires: Tue, 07 Feb 2023 19:32:27 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/js/jquery.min.js
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/js/jquery.min.js
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /js/jquery.min.js HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:27 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-1762a"
expires: Tue, 07 Feb 2023 19:32:27 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/img/tgme/pattern.svg?1
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/img/tgme/pattern.svg?1
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /img/tgme/pattern.svg?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://telegram.org/css/telegram-web.css?37
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:28 GMT
content-type: image/svg+xml
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-3891a"
expires: Tue, 07 Feb 2023 19:32:28 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/js/tgsticker.js?29
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/js/tgsticker.js?29
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /js/tgsticker.js?29 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:27 GMT
content-type: application/javascript
last-modified: Wed, 29 Jun 2022 21:52:44 GMT
etag: W/"62bcc9ac-5faf"
expires: Tue, 07 Feb 2023 19:32:27 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/js/telegram-web.js?14
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/js/telegram-web.js?14
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /js/telegram-web.js?14 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:27 GMT
content-type: application/javascript
last-modified: Fri, 18 Mar 2022 10:32:52 GMT
etag: W/"62345fd4-2e63"
expires: Tue, 07 Feb 2023 19:32:27 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/js/widget-frame.js?60
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/js/widget-frame.js?60
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /js/widget-frame.js?60 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:27 GMT
content-type: application/javascript
last-modified: Sat, 08 Oct 2022 23:46:30 GMT
etag: W/"63420bd6-16c85"
expires: Tue, 07 Feb 2023 19:32:27 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/css/telegram-web.css?37
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/css/telegram-web.css?37
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /css/telegram-web.css?37 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:27 GMT
content-type: text/css
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-6b31"
expires: Tue, 07 Feb 2023 19:32:27 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/css/widget-frame.css?64
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/css/widget-frame.css?64
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /css/widget-frame.css?64 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:27 GMT
content-type: text/css
last-modified: Mon, 21 Nov 2022 12:06:59 GMT
etag: W/"637b69e3-14544"
expires: Tue, 07 Feb 2023 19:32:27 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
www.youtube.com/embed/tm56h59FtZc
142.250.74.78200 OK 0 B URL HTTP/2 www.youtube.com/embed/tm56h59FtZc
IP 142.250.74.78:0
GET /embed/tm56h59FtZc HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://iwinclublink.app/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Feb 2023 19:32:27 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=V4Sj56qXDRA; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=hmVGCLORQ8A; Domain=.youtube.com; Expires=Wed, 02-Aug-2023 19:32:27 GMT; Path=/; Secure; HttpOnly; SameSite=none
DEVICE_INFO=ChxOekU1TmpBeE5EYzFORGs0T0RjME1UQTNNdz09EMvC9Z4GGMvC9Z4G; Domain=.youtube.com; Expires=Wed, 02-Aug-2023 19:32:27 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+926; expires=Sun, 02-Feb-2025 19:32:27 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/js/jquery-ui.min.js
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/js/jquery-ui.min.js
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /js/jquery-ui.min.js HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 03 Feb 2023 19:32:27 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-181a9"
expires: Tue, 07 Feb 2023 19:32:27 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2