firefox.settings.services.mozilla.com/v1/
54.230.111.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: T6_cygqH2YYB-Nqwi_ja2jcy8vPHMRuc9gf-hd6CmV0YW4jgc9fE3A==
Age: 196317
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
139.177.198.172200 OK 25 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
IP 139.177.198.172:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Non-ISO extended-ASCII text, with very long lines (2059)
Hash 3025114ae85d9c2dea7aea2731c3b263
3dc18a0b4871acd511ccf011734e4aa2a81e808c
936e8cb7e06810139eedf1eb60ecd96a433efb40923f64d3065d2d3d7b3c875a
GET /8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:15 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1273d41c84b2b39f78a8033130d00282
556757697b70e019ed502585fcc888e2403f3229
ee3c03cc0a659fbc43d34feaa79a8ad6627b9c525d675956cdb434c1590db89e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE3C03CC0A659FBC43D34FEAA79A8AD6627B9C525D675956CDB434C1590DB89E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3516
Expires: Fri, 07 Oct 2022 23:17:52 GMT
Date: Fri, 07 Oct 2022 22:19:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17407
Expires: Sat, 08 Oct 2022 03:09:23 GMT
Date: Fri, 07 Oct 2022 22:19:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: UF4QAOtr9CCOp08sNkEn8yTgWtn9oIG6XSkzC6Njc3UL/0Qc6l2Ch4mLWQAvGDkmqmUAURgFqto=
x-amz-request-id: 4FBB67CE8K0PAWHT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 07 Oct 2022 21:31:22 GMT
age: 2874
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 07 Oct 2022 22:19:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/jquery-ui-1.10.3.custom.min.css
139.177.198.172200 OK 22 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/jquery-ui-1.10.3.custom.min.css
IP 139.177.198.172:0
File type ASCII text, with very long lines (1404)
Hash 75c7f7f34cb3c6deb89891e022266252
4ba3a397da8746f97b53186e6ec14e704bda003a
daa294bf8eaa7ddd13aeb7d3d462fb53f0c8b080ed1abe2531360892408327cf
GET /8679f981a910e38ba93226b0f396a0a4/css/jquery-ui-1.10.3.custom.min.css HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 22332
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/flows.css
139.177.198.172200 OK 8.9 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/flows.css
IP 139.177.198.172:0
Hash 63b00c36f13f7bd0112c5d3c6e0d1ad0
f5ea43b50ab8c8d12317dcd56d953cd640ec0133
785818872f719d6d46b9e00e9cdb942779f111aec0421d983ad2a6e02b0e8c3a
GET /8679f981a910e38ba93226b0f396a0a4/css/flows.css HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 8900
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/ad-containers.css
139.177.198.172200 OK 7.6 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/ad-containers.css
IP 139.177.198.172:0
Hash 10cf523dd8bc660eb53f3c56783f5fed
9f6df41bda3d811f4d774544f15573023e25eca8
27fd729324c41d300a6f74a95b20b54feca49388cbffeb89933bb18b5764a7b5
GET /8679f981a910e38ba93226b0f396a0a4/css/ad-containers.css HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 7585
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/citizensns.min.44438.css
139.177.198.172200 OK 5.8 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/citizensns.min.44438.css
IP 139.177.198.172:0
Hash d9cd3279c50bebdf7371f4c6db6d0d1d
74c0f0bf7786f8bc6d33b831a7d92897fe321fd0
f832c2f83056bbd60a50417f461897bfa4e783df933cafeb7fe91ddf81f6ae33
GET /8679f981a910e38ba93226b0f396a0a4/css/citizensns.min.44438.css HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 5849
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/cp_challenge/sec-3-5.css
139.177.198.172200 OK 2.3 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/cp_challenge/sec-3-5.css
IP 139.177.198.172:0
Hash a8d7730ebae7d5a0f9f1b28705910c82
8c2a3f4543d2326f5803e32ceda9ce60572cafc6
e094fbcf1596ac0af1fe05cd7d6b8724b77dc71c9219deb63738ccae1fdeb2ad
GET /8679f981a910e38ba93226b0f396a0a4/cp_challenge/sec-3-5.css HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 2277
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/normalize.css
139.177.198.172200 OK 9.7 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/normalize.css
IP 139.177.198.172:0
Hash ebb479dd9f58736c30739ce9e551010d
f9751153a26e815f3161abd77e1a2a3f97a02ae6
90cb33de6ced42c1ce82fd4a3a0b014f2ce29179ab85e24ebfa7abd73fabd9d8
GET /8679f981a910e38ba93226b0f396a0a4/css/normalize.css HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 9696
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/main.css
139.177.198.172200 OK 61 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/main.css
IP 139.177.198.172:0
Hash 5c037b9fa5c1436afc0beef12818a53a
e3208a8dd6d2bbd84631b9a59a044653ebd766f0
3e1e20f8191f692da7ac00c865c48320c19e71585d471a02e2b93e3b3c0b1fc3
GET /8679f981a910e38ba93226b0f396a0a4/css/main.css HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 60617
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
customermessage.blogdns.org/efs/efs/grafx/flows-tooltip.png
139.177.198.172404 Not Found 315 B URL HTTP/1.1 customermessage.blogdns.org/efs/efs/grafx/flows-tooltip.png
IP 139.177.198.172:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /efs/efs/grafx/flows-tooltip.png HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/flows.css
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 07 Oct 2022 21:29:41 GMT
Expires: Fri, 07 Oct 2022 22:20:45 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -_aMBcwONqOFy1N0kmO_BEiDGCn9lWEO4BA5CmL9SRKL8cQXsJLF8A==
Age: 2975
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/fdicFooter.gif
139.177.198.172200 OK 2.2 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/fdicFooter.gif
IP 139.177.198.172:0
File type GIF image data, version 89a, 56 x 24\012- data
Hash a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
GET /8679f981a910e38ba93226b0f396a0a4/img/fdicFooter.gif HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 2245
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif
customermessage.blogdns.org/efs/efs/grafx/icon-secure.png
139.177.198.172404 Not Found 315 B URL HTTP/1.1 customermessage.blogdns.org/efs/efs/grafx/icon-secure.png
IP 139.177.198.172:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /efs/efs/grafx/icon-secure.png HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/flows.css
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/CTZ_Green-01.png
139.177.198.172200 OK 5.3 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/CTZ_Green-01.png
IP 139.177.198.172:0
File type PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
GET /8679f981a910e38ba93226b0f396a0a4/img/CTZ_Green-01.png HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 5277
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/lock.png
139.177.198.172200 OK 349 B URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/lock.png
IP 139.177.198.172:0
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 6f9f05d66a5410b90817d0cc6db92b03
891273e368982cdd9ce5408dda3877c52fe72a2e
9b87191a74f704fe3c917fe2a2f17fa3ac20da84f1c361cd3f41802a437f61d5
GET /8679f981a910e38ba93226b0f396a0a4/img/lock.png HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 349
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
customermessage.blogdns.org/efs/efs/grafx/arrow-button-white.png
139.177.198.172404 Not Found 315 B URL HTTP/1.1 customermessage.blogdns.org/efs/efs/grafx/arrow-button-white.png
IP 139.177.198.172:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /efs/efs/grafx/arrow-button-white.png HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/flows.css
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 90ccc17306a3836b25b9ab3f1c3f5d67
85c3c7542da4a36fb5a110a64d0418bda4f4d5f1
0bb6957f0109892a02fadebf8f70c34fd94e0dbe5d9367e5f850127e30d6d85d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 05:40:03 GMT
Expires: Wed, 12 Oct 2022 05:40:02 GMT
Etag: "85c3c7542da4a36fb5a110a64d0418bda4f4d5f1"
Cache-Control: max-age=371445,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756a0474fffab51d-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 90ccc17306a3836b25b9ab3f1c3f5d67
85c3c7542da4a36fb5a110a64d0418bda4f4d5f1
0bb6957f0109892a02fadebf8f70c34fd94e0dbe5d9367e5f850127e30d6d85d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 05:40:03 GMT
Expires: Wed, 12 Oct 2022 05:40:02 GMT
Etag: "85c3c7542da4a36fb5a110a64d0418bda4f4d5f1"
Cache-Control: max-age=371445,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 756a0474fc9d0b31-OSL
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/equal-housing.gif
139.177.198.172200 OK 1.1 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/equal-housing.gif
IP 139.177.198.172:0
File type GIF image data, version 89a, 14 x 9\012- data
Hash 39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
GET /8679f981a910e38ba93226b0f396a0a4/img/equal-housing.gif HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 1134
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/footer-follow-facebook.png
139.177.198.172200 OK 395 B URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/footer-follow-facebook.png
IP 139.177.198.172:0
File type PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced\012- data
Hash 25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
GET /8679f981a910e38ba93226b0f396a0a4/img/footer-follow-facebook.png HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 395
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/footer-follow-linkedin.png
139.177.198.172200 OK 3.2 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/footer-follow-linkedin.png
IP 139.177.198.172:0
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
GET /8679f981a910e38ba93226b0f396a0a4/img/footer-follow-linkedin.png HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 3239
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/footer-follow-twitter.png
139.177.198.172200 OK 3.3 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/footer-follow-twitter.png
IP 139.177.198.172:0
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
GET /8679f981a910e38ba93226b0f396a0a4/img/footer-follow-twitter.png HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 3295
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/footer-follow-youtube.png
139.177.198.172200 OK 3.3 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/footer-follow-youtube.png
IP 139.177.198.172:0
File type PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash 09c8c4f0f417a049b8ab6acdd2581717
2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
GET /8679f981a910e38ba93226b0f396a0a4/img/footer-follow-youtube.png HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 3278
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/elh.gif
139.177.198.172200 OK 1.4 kB URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/img/elh.gif
IP 139.177.198.172:0
File type GIF image data, version 89a, 31 x 24\012- data
Hash f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
GET /8679f981a910e38ba93226b0f396a0a4/img/elh.gif HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/?cont=qerldmlsbwfzaza5&token=cba3c8b97c252dd85dc32300f64f6f1b
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 1433
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_roman.woff
139.177.198.172200 OK 94 B URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_roman.woff
IP 139.177.198.172:0
File type ASCII text, with no line terminators
Hash 494d5b5f24f681e3c43b52ea9bb1be4c
005ceb2099f9c3bf423ddb401479ee0a9dd8d63c
02d0c08ceab09da804ddb85b4e50adad35b9688dbcada103e8b03c61c4d393b1
Analyzer Verdict Alert fortinet Phishing
GET /8679f981a910e38ba93226b0f396a0a4/css/font/citizen_roman.woff HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/main.css
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 94
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_book.woff
139.177.198.172200 OK 93 B URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_book.woff
IP 139.177.198.172:0
File type ASCII text, with no line terminators
Hash 2d3d1e9a820451d4aba30a6189adb344
5c2c9a1aab30b6d9c8af0eb29a59aa490b4cc8ab
15d76789030592dfced7878a6fcbb4222f0780b2e189bd5ffecc28eca68f577b
Analyzer Verdict Alert fortinet Phishing
GET /8679f981a910e38ba93226b0f396a0a4/css/font/citizen_book.woff HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/main.css
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 93
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: font/woff
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_extrabold.woff
139.177.198.172200 OK 98 B URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_extrabold.woff
IP 139.177.198.172:0
File type ASCII text, with no line terminators
Hash 10477bffd26aae2d95743e565223edfa
f38c4988d4931d392cc889f6113d8b3261d631bd
ae61a4d9e2535ffa02754fa06adf4762452a4ee0d7fa2f08ec90d923a0463a30
Analyzer Verdict Alert fortinet Phishing
GET /8679f981a910e38ba93226b0f396a0a4/css/font/citizen_extrabold.woff HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/main.css
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 200 OK
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Last-Modified: Fri, 07 Oct 2022 19:05:33 GMT
Accept-Ranges: bytes
Content-Length: 98
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d6c404502c7987174a84d8f0a3efab23
fc3a3f6d63acab3f659fb3536b65fd8564ec8628
94b5693df873bd923ffbf31f576fff01d2628e5796af4c6b91306a743e27d19b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6429
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 22:19:16 GMT
Last-Modified: Fri, 07 Oct 2022 20:32:07 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_book.ttf
139.177.198.172404 Not Found 315 B URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_book.ttf
IP 139.177.198.172:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /8679f981a910e38ba93226b0f396a0a4/css/font/citizen_book.ttf HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/main.css
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_extrabold.ttf
139.177.198.172404 Not Found 315 B URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_extrabold.ttf
IP 139.177.198.172:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /8679f981a910e38ba93226b0f396a0a4/css/font/citizen_extrabold.ttf HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/main.css
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_roman.ttf
139.177.198.172404 Not Found 315 B URL HTTP/1.1 customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/font/citizen_roman.ttf
IP 139.177.198.172:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /8679f981a910e38ba93226b0f396a0a4/css/font/citizen_roman.ttf HTTP/1.1
Host: customermessage.blogdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://customermessage.blogdns.org/8679f981a910e38ba93226b0f396a0a4/css/main.css
Cookie: PHPSESSID=f693dd006eca9a19d87f249c4bdfbe25
HTTP/1.1 404 Not Found
Date: Fri, 07 Oct 2022 22:19:16 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
push.services.mozilla.com/
34.215.91.121101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.91.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tDRwjBE4yrCd/11clAZ8vA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wRc+QGile2MnXUk4bIBv9BBQHR4=
devilsms.live/clve-min.js
199.188.200.254200 OK 51 kB URL HTTP/2 devilsms.live/clve-min.js
IP 199.188.200.254:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 724ad5d75674097f5d14e70982a3bc6e
87146103e33be6cdf8d828351685c70f2a6cb7e3
d1a51f6f6c798129732b8ae1c654d6a68af918bb63e05b45c75cf4c614c27260
GET /clve-min.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://customermessage.blogdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 14 Oct 2022 22:19:16 GMT
content-type: application/javascript
last-modified: Mon, 07 Feb 2022 11:17:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51069
date: Fri, 07 Oct 2022 22:19:16 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
devilsms.live/cleave.js
199.188.200.254200 OK 18 kB IP 199.188.200.254:0
File type Unicode text, UTF-8 text, with very long lines (1712)
Hash fe9f66e28ad0fde897ddcb9571324491
e5ab8ed2bad2578458397898778be698dff70917
ece3c9456921c261029e7ae1b7eddd2265e8afdf1aeb78f9eafad2ea55d5e92f
GET /cleave.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://customermessage.blogdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 14 Oct 2022 22:14:59 GMT
content-type: application/javascript
last-modified: Sun, 30 Jan 2022 13:07:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18428
date: Fri, 07 Oct 2022 22:14:59 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 99662249979ac8d32256279be7a6142d
dc8d3476854092b9913d51d4d4da0f97bf81bd15
f85737f76d35a2db92e22878cefb8ee63134a306dfff5a3d800756c12343b1f5
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 07 Oct 2022 22:19:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 07 Oct 2022 20:39:31 GMT
Expires: Sat, 08 Oct 2022 20:39:31 GMT
ETag: "dc8d3476854092b9913d51d4d4da0f97bf81bd15"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
t.me/Devilmask09
149.154.167.99200 OK 4.1 kB IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3560)
Hash 049ba64ba46351c0dae277d8a36fe461
be0b52eea1d81e4e259294cb0c9325cea3a2ef8c
64d82541907b0470b932f23db0600605c42c62cc46a9c209607cb66c98faeaa0
GET /Devilmask09 HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://customermessage.blogdns.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 07 Oct 2022 22:19:17 GMT
content-type: text/html; charset=utf-8
content-length: 4095
set-cookie: stel_ssid=8d5907878476779a18_4301417233634382337; expires=Sat, 08 Oct 2022 22:19:17 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
x-frame-options: ALLOW-FROM https://web.telegram.org
content-security-policy: frame-ancestors https://web.telegram.org
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1d13c38762edee3ea0af663f3e4553be
894a45402ded63c20b5062b2aae8b3894be80996
781d3684b9efe9d34182e7a740c759749a80c085576681bd5077d342e4448ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 22:19:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/Svlf1UIkr8I
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Svlf1UIkr8I
IP 142.250.74.3:0
Hash 2cd4fa6dccb2ddbfa12575503bacd26d
43a06adffac1aa13525054b4c1668fb0af26f90b
2759e41d5ca0f1bb82db64ab5e1b3497d016938b91a2080d1329033298e173f4
POST /s/gts1d4/Svlf1UIkr8I HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 22:19:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1d13c38762edee3ea0af663f3e4553be
894a45402ded63c20b5062b2aae8b3894be80996
781d3684b9efe9d34182e7a740c759749a80c085576681bd5077d342e4448ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 22:19:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash c76f67d72889ad3ce3077259dd1589f6
0235be7e230bd4c896f449ba16cef7dc2a0e45d3
3c0fbcdb3f222ebfd25b9c05446c92a3b9963f1441379b1670a312a3cfb14c04
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 07 Oct 2022 22:19:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 07 Oct 2022 21:24:56 GMT
Expires: Sat, 08 Oct 2022 21:24:56 GMT
ETag: "0235be7e230bd4c896f449ba16cef7dc2a0e45d3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash c76f67d72889ad3ce3077259dd1589f6
0235be7e230bd4c896f449ba16cef7dc2a0e45d3
3c0fbcdb3f222ebfd25b9c05446c92a3b9963f1441379b1670a312a3cfb14c04
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 07 Oct 2022 22:19:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 07 Oct 2022 21:24:56 GMT
Expires: Sat, 08 Oct 2022 21:24:56 GMT
ETag: "0235be7e230bd4c896f449ba16cef7dc2a0e45d3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash c76f67d72889ad3ce3077259dd1589f6
0235be7e230bd4c896f449ba16cef7dc2a0e45d3
3c0fbcdb3f222ebfd25b9c05446c92a3b9963f1441379b1670a312a3cfb14c04
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 07 Oct 2022 22:19:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 07 Oct 2022 21:24:56 GMT
Expires: Sat, 08 Oct 2022 21:24:56 GMT
ETag: "0235be7e230bd4c896f449ba16cef7dc2a0e45d3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 22:19:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 22:19:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
telegram.org/css/telegram.css?232
149.154.167.99200 OK 45 kB URL HTTP/2 telegram.org/css/telegram.css?232
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash 33324d24a1556e3eaefb81f6f2a57d64
4af5131bf3873eb6effbd27f1438eb6a675c954d
bca92b77c7781462bfaea821e3736440ff02699cc474acad237636953dc57321
GET /css/telegram.css?232 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 07 Oct 2022 22:19:18 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 16:00:52 GMT
etag: W/"6320a934-1ca4a"
expires: Tue, 11 Oct 2022 22:19:18 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 182710
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash de13f970f8aba26b5635ed31a9f7c667
2ce848652b67e0c2f9d8f5b299a80764cf83bf31
e3c3ee004ba0175fe4363bc1011e26f66fce0f848c83949a5d430e7d61ab781a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 22:19:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3413
Expires: Fri, 07 Oct 2022 23:16:11 GMT
Date: Fri, 07 Oct 2022 22:19:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3413
Expires: Fri, 07 Oct 2022 23:16:11 GMT
Date: Fri, 07 Oct 2022 22:19:18 GMT
Connection: keep-alive
telegram.org/js/tgwallpaper.min.js?3
149.154.167.99200 OK 2.0 kB URL HTTP/2 telegram.org/js/tgwallpaper.min.js?3
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash fbcaf566c204a1e96a80d55e466fee3b
cffc3b27fdf107270c14a03e7b0fa999904f02ec
f2ebc2589bf47eddb3e98e3780eb16e3cde1bae9221041859bcb40b9af16bd49
GET /js/tgwallpaper.min.js?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 07 Oct 2022 22:19:18 GMT
content-type: application/javascript
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
etag: W/"62211da5-ba3"
expires: Tue, 11 Oct 2022 22:19:18 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3413
Expires: Fri, 07 Oct 2022 23:16:11 GMT
Date: Fri, 07 Oct 2022 22:19:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3413
Expires: Fri, 07 Oct 2022 23:16:11 GMT
Date: Fri, 07 Oct 2022 22:19:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1041925-265b-4093-b21c-f5f8ad151730.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1041925-265b-4093-b21c-f5f8ad151730.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 071246ed5afd2f115dd9285207fa2a9b
05de223461a8b25fb222bb0abe45b283a2a25e9a
baea9d06d341b9d6bef4437869e66011275424f26ca503368a3fba2596cf49c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1041925-265b-4093-b21c-f5f8ad151730.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6355
x-amzn-requestid: e6a1f911-789f-443a-a30d-f83d4b08f1db
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1DlHrhIAMFisw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb0-70791dd7223ac5b600af0240;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yV6PUsJG0nBbCAHTSmlDMRxKDirDlwOhiwmb5AHKbWeCIO4TVen3uw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:37:22 GMT
age: 2516
etag: "05de223461a8b25fb222bb0abe45b283a2a25e9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80ea69a5-f119-4320-8a89-eaa422dade08.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80ea69a5-f119-4320-8a89-eaa422dade08.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 55147b91b97ad22c45c980671947f39c
cebb1cf36cf6b4a0209cd8f4989b8f5168e2a59c
ca84bb5317079b510de8e83c6c17b715dc5e0c3ec27ef7ead9f03fbcfe3d2b44
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80ea69a5-f119-4320-8a89-eaa422dade08.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12216
x-amzn-requestid: 38c08aa2-1085-42b7-803c-73d87f28b6cb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp3AjEF6IAMFkLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409ed0-413a197b3d45bd916588196b;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:49:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: J7myCPUqf_CObucnOeOSbw5x8sPsIVDNWbjpcEgdL7x-kY-ViNnEsg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:50:33 GMT
age: 1725
etag: "cebb1cf36cf6b4a0209cd8f4989b8f5168e2a59c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53b7ffdc3799e0ac7a225145242579ef
c47f0525fe5354ee13fe63c0ec31f0f826a58005
4bb518afc9b3e7bfb976d343e46b306155834adbe71fa35b0d6f509959f78aca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0b7bc4b-b79a-4bab-9bec-87695d757b08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10987
x-amzn-requestid: c2ab1012-1afd-4d74-8114-97977b43da24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZgCHwGdGoAMFvyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633cb097-3237927a0c1e081d22c902f7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 22:15:51 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: iClOZEPMiFmpeprT8McJ2HI0dCmyxkhEdfYr0qP0YK3U_Pcd9N0Fhg==
via: 1.1 3dde68f1f52282c9e1ee336d97233b0a.cloudfront.net (CloudFront), 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 11:08:01 GMT
age: 40277
etag: "c47f0525fe5354ee13fe63c0ec31f0f826a58005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f930414-193c-40b3-9ede-82dcc34798da.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f930414-193c-40b3-9ede-82dcc34798da.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 761eacc5155a05c070d06dae3c56e824
5142109da128754d55412915f29b853e6473e7b1
04d4acd58bb76eacfa038e9c8f143e7051931ac2c91e088a3929503d6443fe98
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1f930414-193c-40b3-9ede-82dcc34798da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13972
x-amzn-requestid: 37a983be-a598-46a5-89c2-20a91c4c665d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1DrFHBoAMFZAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb0-20ff89497af2bda30d3314ff;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VXDOXFwJ2gxNAsRT5h0CEdTwCQlVZkn7YX1fphtdZBAYwFjmOA_SgQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:35:45 GMT
age: 2613
etag: "5142109da128754d55412915f29b853e6473e7b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd896261-9493-4c72-a9b3-64a81ba25575.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd896261-9493-4c72-a9b3-64a81ba25575.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392365031bf04a5e34788912f1cd897d
57b8d5510c7b7d7fe1aa5238d507e965643a9fa2
718b47a31956edadedfa54e3c12211c1f56e8426bc9a1e7aba1c31fd4517be09
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd896261-9493-4c72-a9b3-64a81ba25575.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11856
x-amzn-requestid: 573e90f9-19d6-4802-ae8f-f37542c9c2bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp2BeHA3IAMF4Gg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409d3c-015e52305f282bfb6abc28bf;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:42:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WJzjDikXAjF_HFLpLrInz9IxSELQXUaIXTGwz-FQny8l8KKE30A2ww==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:53:06 GMT
age: 1572
etag: "57b8d5510c7b7d7fe1aa5238d507e965643a9fa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecedcddd-85d8-43d3-a9b6-2c201493ab3f.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecedcddd-85d8-43d3-a9b6-2c201493ab3f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f3fba664205cc4f4c47441384bb9baff
7388d4c0ebd1f5ee0434315d0bf0ba324235b8ca
5336cbc9f49699990c607bfb64265f55425f0c994d1c880d71e4faefd26057a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecedcddd-85d8-43d3-a9b6-2c201493ab3f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10302
x-amzn-requestid: 10724d90-3561-4b3a-9faa-2ecfd573b3bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1EKGUVoAMF0cQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb4-76637f427b13d2c506fd5ccf;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1rwq9VVxiIBmFjb6TUwaGdXIH6zqzTGEaJz3MW9fnU3VCGty50sLSA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:47:42 GMT
age: 1896
etag: "7388d4c0ebd1f5ee0434315d0bf0ba324235b8ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
telegram.org/img/apple-touch-icon.png
149.154.167.99200 OK 5.6 kB URL HTTP/2 telegram.org/img/apple-touch-icon.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash 295ccdb03006b8dfef45090dafbd46ac
491ab660270e47cbac6a5731c51cca71c1c1b2b1
a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3
GET /img/apple-touch-icon.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 07 Oct 2022 22:19:18 GMT
content-type: image/png
content-length: 5644
last-modified: Thu, 21 Apr 2022 13:47:47 GMT
etag: "62616083-160c"
expires: Tue, 11 Oct 2022 22:19:18 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn1.telegram-cdn.org/file/ullDbb6GZiU0feIWMSlAVuJ3IQES9WYfiOTBtP2aY-qv4RaIP-jwUgKJAJjWM1WsRZgkOWyq8gWit5tyOwubOPjLLaFZvFbQt93AR-nMRbGL8VMRaV0QEKhraiEm760niPpPmAScXRMYUOMT7jKd25M8gq-BgF8OgeNSqNJNLoPju5LvR4uAQRRX2rdv4qkr4GDKpfBqCJvftChXBtY_FluGgsw3sXfnjjluIo_Ojq3l7bsIL-bY0INgiRVIffF8qn90r5nCNO4AKiUWgee3RvCqpjbSnskNULHxcZg4VAI2b6uEgzOAEsLjtmLUdmpRbqHrHWjSyC_VPKBgoM36ug.jpg
34.111.15.3200 OK 21 kB URL HTTP/2 cdn1.telegram-cdn.org/file/ullDbb6GZiU0feIWMSlAVuJ3IQES9WYfiOTBtP2aY-qv4RaIP-jwUgKJAJjWM1WsRZgkOWyq8gWit5tyOwubOPjLLaFZvFbQt93AR-nMRbGL8VMRaV0QEKhraiEm760niPpPmAScXRMYUOMT7jKd25M8gq-BgF8OgeNSqNJNLoPju5LvR4uAQRRX2rdv4qkr4GDKpfBqCJvftChXBtY_FluGgsw3sXfnjjluIo_Ojq3l7bsIL-bY0INgiRVIffF8qn90r5nCNO4AKiUWgee3RvCqpjbSnskNULHxcZg4VAI2b6uEgzOAEsLjtmLUdmpRbqHrHWjSyC_VPKBgoM36ug.jpg
IP 34.111.15.3:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, components 3\012- data
Hash 15186a51f12e6bc15f8ef8009f7118f5
75deab06f226241c2f851bad5a4a067096ae6587
1fca06217fb44097735458e04fda12ebcd44145d0372c43a4521d22ced90b672
GET /file/ullDbb6GZiU0feIWMSlAVuJ3IQES9WYfiOTBtP2aY-qv4RaIP-jwUgKJAJjWM1WsRZgkOWyq8gWit5tyOwubOPjLLaFZvFbQt93AR-nMRbGL8VMRaV0QEKhraiEm760niPpPmAScXRMYUOMT7jKd25M8gq-BgF8OgeNSqNJNLoPju5LvR4uAQRRX2rdv4qkr4GDKpfBqCJvftChXBtY_FluGgsw3sXfnjjluIo_Ojq3l7bsIL-bY0INgiRVIffF8qn90r5nCNO4AKiUWgee3RvCqpjbSnskNULHxcZg4VAI2b6uEgzOAEsLjtmLUdmpRbqHrHWjSyC_VPKBgoM36ug.jpg HTTP/1.1
Host: cdn1.telegram-cdn.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 07 Oct 2022 22:19:18 GMT
content-type: image/jpeg
content-length: 20965
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "aa1e7c42d28430f0883a3c6f02c0e342783ec4ae"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/Svlf1UIkr8I
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Svlf1UIkr8I
IP 142.250.74.3:0
Hash 2cd4fa6dccb2ddbfa12575503bacd26d
43a06adffac1aa13525054b4c1668fb0af26f90b
2759e41d5ca0f1bb82db64ab5e1b3497d016938b91a2080d1329033298e173f4
POST /s/gts1d4/Svlf1UIkr8I HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 07 Oct 2022 22:19:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
telegram.org/css/bootstrap.min.css?3
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/css/bootstrap.min.css?3
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /css/bootstrap.min.css?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 07 Oct 2022 22:19:18 GMT
content-type: text/css
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-a61b"
expires: Tue, 11 Oct 2022 22:19:18 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/img/website_icon.svg?4
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/img/website_icon.svg?4
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 07 Oct 2022 22:19:18 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Tue, 11 Oct 2022 22:19:18 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,700
IP 142.250.74.10:0
GET /css?family=Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 07 Oct 2022 22:19:17 GMT
date: Fri, 07 Oct 2022 22:19:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2