r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4605
Expires: Thu, 02 Feb 2023 16:09:53 GMT
Date: Thu, 02 Feb 2023 14:53:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3612
Expires: Thu, 02 Feb 2023 15:53:20 GMT
Date: Thu, 02 Feb 2023 14:53:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9525
Expires: Thu, 02 Feb 2023 17:31:53 GMT
Date: Thu, 02 Feb 2023 14:53:08 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 14:43:31 GMT
content-type: application/json
age: 577
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: L+cpNspubrE1xHZWcJEGyWMDLkOCye8Gwbw4Xo+LYTziNvSa7/anEg7GI1XrvEj4uE7/pFaaigk=
x-amz-request-id: GMMJGVGQKPZMHJHK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 14:23:08 GMT
age: 1800
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 14:53:08 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
googleweblight.com/i?u=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
142.250.74.97301 Moved Permanently 0 B URL HTTP/1.1 googleweblight.com/i?u=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
IP 142.250.74.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?u=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1 HTTP/1.1
Host: googleweblight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 02 Feb 2023 14:53:09 GMT
Location: https://googleweblight.com/i?u=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: NID=511=KISriEd25MNhcCngS6j5nEhYdMUdx4AUny3A6l-PLYlapVr8CLeuauydnUc-BDlmqB9KWnZKZ2uGKyK42AuMQ4a8nQAnLZGBtM_ydpT985IyqRm670J0bdrCZRlWmO3R7D3xZKiCDH2Qm4AWSxQtB3kWHGSDMv1cLdOvMKW-LPM; expires=Fri, 04-Aug-2023 14:53:09 GMT; path=/; domain=.googleweblight.com; HttpOnly
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 737fb1a7e54ea78dd56b4ac44a2c1de8
4fc7537db04c8cedc6a98ea38cfcaa6ba5c8a3a7
596cb4e532b0f523b844981b7e60fba87eb3a904b0a40dfdc3802a02650f790e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 14:53:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 14:07:19 GMT
age: 2750
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3857
Expires: Thu, 02 Feb 2023 15:57:26 GMT
Date: Thu, 02 Feb 2023 14:53:09 GMT
Connection: keep-alive
push.services.mozilla.com/
54.200.107.47101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.107.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SaFQlivvgCQ1vEuYv8Cskg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uEhvRfHoRxeoQBaHySv17feJGu0=
googleweblight.com/i?u=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
142.250.74.97301 Moved Permanently 0 B URL HTTP/2 googleweblight.com/i?u=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
IP 142.250.74.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /i?u=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1 HTTP/1.1
Host: googleweblight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
content-type: application/binary
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Feb 2023 14:53:09 GMT
location: https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/WebLightSmartphoneHttp/cspreport, script-src 'nonce-GcN4Zl028C-3eIUMxIp9Eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/WebLightSmartphoneHttp/cspreport;worker-src 'self', script-src 'nonce-GcN4Zl028C-3eIUMxIp9Eg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://adservice.google.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://fundingchoicesmessages.google.com;report-uri /_/WebLightSmartphoneHttp/cspreport
cross-origin-resource-policy: same-site
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy-report-only: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://adservice.google.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://fundingchoicesmessages.google.com;report-uri /_/WebLightSmartphoneHttp/cspreport/allowlist
report-to: {"group":"WebLightSmartphoneHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/WebLightSmartphoneHttp/external"}]}
cross-origin-opener-policy: unsafe-none; report-to="WebLightSmartphoneHttp"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=KMEr-FpazncdSG-G56RqzTcLYtE4t29I41AXvlkrOj66xw15h_TOJBn77oDnWQ9BOgBddiE4jHKrJ5EcaEwGmN8dkA_1ZuRY9ZYqS_mZQLWuggvHrQ8gnMKTfs5ETR-eJ1t_Hv1DYLn1uEw6yiZU_DMJFGILgkf0MLHo-8b7I6k; expires=Fri, 04-Aug-2023 14:53:09 GMT; path=/; domain=.googleweblight.com; HttpOnly
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 737fb1a7e54ea78dd56b4ac44a2c1de8
4fc7537db04c8cedc6a98ea38cfcaa6ba5c8a3a7
596cb4e532b0f523b844981b7e60fba87eb3a904b0a40dfdc3802a02650f790e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 14:53:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96b392f53b5a67169648546d3923b955
b728ffa4ede80b3e229680e9c53530b2fb914c0b
16c03849c42e8a1554e85e8bac96ab36be645cd3ee0c42d366f0d5d8dd05dc2c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16C03849C42E8A1554E85E8BAC96AB36BE645CD3EE0C42D366F0D5D8DD05DC2C"
Last-Modified: Thu, 02 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4396
Expires: Thu, 02 Feb 2023 16:06:26 GMT
Date: Thu, 02 Feb 2023 14:53:10 GMT
Connection: keep-alive
redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
192.185.96.196404 Not Found 264 B URL HTTP/2 redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
IP 192.185.96.196:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 18301fb73d14c559d73efeddaf3286f8
7770aebd1546c9efb4b769874d38698f859196cf
1e63febc9be60c83266fc1e33d6cb408dd7a4a67ab43b893ff1a52a294efdc0f
Analyzer Verdict Alert fortinet Phishing
GET /F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1 HTTP/1.1
Host: redstrongfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 14:53:10 GMT
server: nginx/1.23.2
content-type: text/html; charset=UTF-8
content-length: 264
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://redstrongfoundation.org/wp-json/>; rel="https://api.w.org/"
x-tec-api-version: v1
x-tec-api-root: https://redstrongfoundation.org/wp-json/tribe/events/v1/
x-tec-api-origin: https://redstrongfoundation.org
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17433
Expires: Thu, 02 Feb 2023 19:43:43 GMT
Date: Thu, 02 Feb 2023 14:53:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17433
Expires: Thu, 02 Feb 2023 19:43:43 GMT
Date: Thu, 02 Feb 2023 14:53:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17433
Expires: Thu, 02 Feb 2023 19:43:43 GMT
Date: Thu, 02 Feb 2023 14:53:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XyDZc0F-b0rxwoS5wvSXBuBfYE7JljMmuXseBjLOBk4HvxU5gE7Oqg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:55 GMT
age: 59655
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b9af1fd56c0de8f128ddce88d49c1b4d
e3bb3d4950f7c0267f4476eef21872da332831aa
908153182f76362ff329803d9c11c06c66181e85e8e51dabd927f1f1ac630d5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3cca56-2e75-4efc-8090-c33c65a99f80.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8944
x-amzn-requestid: 07495184-ede8-485c-94e8-5302ec348ea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: freiLHRPoAMFYbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dade0d-275437a54eceb40e302a7f55;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:47:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 86qoRJHXcrnBGi3REMF5q3ANzKdqEs5F3yFUBmiIt6SCbBVnhGe2Kw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:58:57 GMT
age: 60853
etag: "e3bb3d4950f7c0267f4476eef21872da332831aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa9536b-a4e6-42f5-99dd-75298eecbbb1.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa9536b-a4e6-42f5-99dd-75298eecbbb1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4392f298c9e98515493f1235810838f
b89eebf2b8adac69487262100b07da8bc171ecf7
b368d87d3a0fe4e1a8ddc82bed704b3056ad2874b8d325111b399b18807c1e5e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa9536b-a4e6-42f5-99dd-75298eecbbb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15656
x-amzn-requestid: 6723d22f-8b16-4fb2-af92-9b3257fc2a1d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIHpRoAMFRYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-03b1c6646f63ba716a6298e1;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: alMHzjwJbGegz4F76t9-EhIhCUHgQngtgiZgMo2_MxAIrXqsNxWxBg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 14:27:10 GMT
etag: "b89eebf2b8adac69487262100b07da8bc171ecf7"
content-type: image/jpeg
age: 1560
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04301881-7728-4218-a61a-642cd5ffae53.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04301881-7728-4218-a61a-642cd5ffae53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0224e848c34cb32cf932ed99dfd8468a
31c1abac8979bca5a998a6649ca3e6f59c0fb2f5
f93d5a69758e57d4d2b0d307ce98ad5ea8d86b825108873e8ea5bc36567dc5c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F04301881-7728-4218-a61a-642cd5ffae53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5061
x-amzn-requestid: a266acae-8f1e-4cd7-b93b-e40aa5393521
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdUpGcmoAMF16Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc1d-1fbae7785fccc58f71c1b3e9;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PevXZz9rkBo3Cy6EooCVOpSoHyeKHMoYFjKRrvDld34WFWXzOmpANQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:11:31 GMT
age: 60099
etag: "31c1abac8979bca5a998a6649ca3e6f59c0fb2f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H1HIK6zdv95V96NxqSfHCqYtDQNPZ9NLAwG5oM5mwRr3nAUR0BPxlg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:25:11 GMT
age: 59279
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79ec7db4-9aef-4e9e-a8d9-431c9085df2a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79ec7db4-9aef-4e9e-a8d9-431c9085df2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0ca0ccee69fbee57aac373f94120bb4
5d6309502ffd0c33f6199d46f0d14d0a22e3c752
bed9d4689ff57fa636ee08dab3eef3cdf6c4e0a7103e5185151afe8ddfb755f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79ec7db4-9aef-4e9e-a8d9-431c9085df2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11552
x-amzn-requestid: 611f63cb-f058-493b-ac86-7e268b866fd0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTvG9VIAMFgPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc17-78de7563537b111924100346;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lHLm3IkJRn59US_8SXKXQnNDUiCLIWnQ7QN-DWB3jkot9Ub3b6FUgA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:01:11 GMT
age: 60719
etag: "5d6309502ffd0c33f6199d46f0d14d0a22e3c752"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
redstrongfoundation.org/wp-xml.php?url=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
192.185.96.196302 Found 0 B URL HTTP/2 redstrongfoundation.org/wp-xml.php?url=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
IP 192.185.96.196:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /wp-xml.php?url=https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1 HTTP/1.1
Host: redstrongfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://redstrongfoundation.org/F4zduvalla51kyc0h3nW1f0h3rtd07c0h3nW1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Thu, 02 Feb 2023 14:53:10 GMT
server: nginx/1.23.2
content-type: text/html; charset=UTF-8
content-length: 0
location: https://wwwofc.rufophg.com/?username=eduvall@kycomfort.com#/common/oauth2/authorize?client_id=0.90595954046862-0ff1-0.84331375306626&auth=1-0.4985065527719
x-server-cache: true
x-proxy-cache: MISS
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash efadeaf5a2b244829d3c7ef81b0b735c
2ca0db89e35c767609f12c6a9d15514c8d458805
b5042f4b931c50e17bf759312a6f61a30aa53cadb6b90be3b1c28a206c675031
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5042F4B931C50E17BF759312A6F61A30AA53CADB6B90BE3B1C28A206C675031"
Last-Modified: Tue, 31 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4340
Expires: Thu, 02 Feb 2023 16:05:31 GMT
Date: Thu, 02 Feb 2023 14:53:11 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7295a27c6e56b48eae1c5defeaf70cf
cfcd3454939e07d9e84808a20214a2225c95fe3d
72efa51956cd62ad32cbc75662b9f9d7c97ace6ef09e836a2ccd6f48c1adac9e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6358
Cache-Control: max-age=130333
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 14:53:12 GMT
Etag: "63db0f9f-1d7"
Expires: Sat, 04 Feb 2023 03:05:25 GMT
Last-Modified: Thu, 02 Feb 2023 01:19:27 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9da5970d0354c3dc983d85cf532f855c
4c9415ec48e4563e79a3f2f53d31e232faf1c3fb
338b2618cb9ab02df0a9e2ac3af6aeb22d12a48d88a3cd4c6858d05af5ac0c62
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2547
Cache-Control: max-age=109203
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 14:53:12 GMT
Etag: "63dacbf8-1d7"
Expires: Fri, 03 Feb 2023 21:13:15 GMT
Last-Modified: Wed, 01 Feb 2023 20:30:48 GMT
Server: ECS (amb/6BBA)
X-Cache: HIT
Content-Length: 471
www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f
162.248.184.27302 Found 256 B URL HTTP/1.1 www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f
IP 162.248.184.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bda61f76baff1a7bb91fb2d813fdcae4
ea000cae2ff0a1035d61cbb041b236213b69fffa
1c94257c01dff1980e10660d010638221e9886a6de4360c6758d020bea4ebb16
GET /Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://redstrongfoundation.org/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Location: /Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: pv=SE5FE50_8812; path=/; secure; HttpOnly; SameSite=None
AspxAutoDetectCookieSupport=1; path=/; secure; SameSite=None
BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; path=/; Httponly; Secure; Samesite=None
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:11 GMT
www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
162.248.184.27200 OK 14 kB URL HTTP/1.1 www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
IP 162.248.184.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11941), with CRLF line terminators
Hash 5026bf545f35e69bd2b606488e9884a3
96cf7cd0cd2ec03c00fbd815b84d711137589b81
1abe8524928cd2dec922d4f7eb9218e4c18d9afeb1b277660253fca73423a4e7
GET /Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1 HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://redstrongfoundation.org/
Connection: keep-alive
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Encoding: br
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
Set-Cookie: pv=SE5FE50_8812; path=/; secure; HttpOnly; SameSite=None
ssid=dhk4ov4bxvnhvw30idlyimnj; path=/; secure; HttpOnly; SameSite=None
MemberConsoleMobile=; path=/; secure; SameSite=None
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 14324
www.docusign.net/Signing/StyleSheets/Framework.css
162.248.184.27200 OK 1.3 kB URL HTTP/1.1 www.docusign.net/Signing/StyleSheets/Framework.css
IP 162.248.184.27:0
File type ASCII text, with CRLF line terminators
Hash 9fb2737879c24fead094c01cbfb5fe11
3601d3f9517991356297ed79991bcf705622c9b3
dbc4302ca632913adb3871dec3f3e9e6f8aa01cc7ab4eb087be09e7248cab3cb
GET /Signing/StyleSheets/Framework.css HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
Connection: keep-alive
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/css
Content-Encoding: gzip
ETag: "03c8467b32bd91:0"
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 1339
www.docusign.net/Signing/StyleSheetsDev/ErrorExpired.css
162.248.184.27200 OK 2.0 kB URL HTTP/1.1 www.docusign.net/Signing/StyleSheetsDev/ErrorExpired.css
IP 162.248.184.27:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 3165af715e6ba5ca2b00f9ab5277cc8c
99697540aac85b979624e1a09483418a4c30bd11
08034c30a67418dd7bff599a0ea4ecb87315d485adb3bd1774afc36b33705317
GET /Signing/StyleSheetsDev/ErrorExpired.css HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
Connection: keep-alive
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/css
ETag: "1b9c5e8bae2bd91:0"
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 2048
www.docusign.net/Signing/SigningApp/latest/css/font-faces.css?cs=35a886aa8
162.248.184.27200 OK 1.6 kB URL HTTP/1.1 www.docusign.net/Signing/SigningApp/latest/css/font-faces.css?cs=35a886aa8
IP 162.248.184.27:0
Hash 94efe1df326362ef2423f447b0e07a42
c20c4a130a6c2bdf8d513fd82fddf7ebe7050519
ff2a6fd9f9b72c4d8292fd00f48d8be351ffa3f81c0a25d0a4ed5d5296092765
GET /Signing/SigningApp/latest/css/font-faces.css?cs=35a886aa8 HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
Connection: keep-alive
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/css
ETag: "5027a0d8fcfd91:0"
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 1560
www.docusign.net/Signing/client_scripts/jQuery/jquery-1.12.3.min.js
162.248.184.27200 OK 34 kB URL HTTP/1.1 www.docusign.net/Signing/client_scripts/jQuery/jquery-1.12.3.min.js
IP 162.248.184.27:0
File type ASCII text, with very long lines (32029), with CRLF line terminators
Hash eda5042559f1683ec7c7e896a582a89c
808d6caa3e9629b6ce48463cb1c274f0e16dd86c
7eba55dd82536a221bc423dba881df158e73e8e26d7da9117ce0186b07814cbc
GET /Signing/client_scripts/jQuery/jquery-1.12.3.min.js HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
Connection: keep-alive
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: application/javascript
Content-Encoding: gzip
ETag: "804e918bae2bd91:0"
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 33900
www.docusign.net/Signing/Images/controls/btn_arrow_u.png
162.248.184.27200 OK 3.0 kB URL HTTP/1.1 www.docusign.net/Signing/Images/controls/btn_arrow_u.png
IP 162.248.184.27:0
File type PNG image data, 10 x 10, 8-bit/color RGBA, non-interlaced\012- data
Hash c863db426897325cb4805b2c20f51f30
a426fe43f0ce1a489ce091cc27768cdcc2991210
2a5179b8851c8e3dfc77d7dcb33b3963afa037608336d6ae412acaa38ad59d22
GET /Signing/Images/controls/btn_arrow_u.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
Connection: keep-alive
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: image/png
ETag: "185e18bae2bd91:0"
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 2961
www.docusign.net/Signing/Images/logo_docusign_new_white.png
162.248.184.27200 OK 4.0 kB URL HTTP/1.1 www.docusign.net/Signing/Images/logo_docusign_new_white.png
IP 162.248.184.27:0
File type PNG image data, 231 x 76, 8-bit/color RGBA, non-interlaced\012- data
Hash 2b83c7b55dd89651ccbf62a5153d1984
e6664bc6d6ac06aac70abbe21cbd83adb776441a
edd5eb91a05ef65653a6e9c4ddb60482ee93ad2994c1925cd2b7a310e7bdcc73
GET /Signing/Images/logo_docusign_new_white.png HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
Connection: keep-alive
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: image/png
ETag: "ba27258bae2bd91:0"
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 4010
www.docusign.net/Signing/Image.aspx?i=logo&l=8d686f4f-d339-43ac-83ae-36b2103ccc83
162.248.184.27200 OK 18 kB URL HTTP/1.1 www.docusign.net/Signing/Image.aspx?i=logo&l=8d686f4f-d339-43ac-83ae-36b2103ccc83
IP 162.248.184.27:0
File type PNG image data, 150 x 67, 8-bit/color RGBA, non-interlaced\012- data
Hash e318344f3fa335ac223217d4d5093580
f3391c2454b2d4279138a10bf3abfe69e63940f9
c5aff96c04ffcea6ac274f089d95b5b24f5dcf475fc5f05fd07864e845ef0c02
GET /Signing/Image.aspx?i=logo&l=8d686f4f-d339-43ac-83ae-36b2103ccc83 HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f&AspxAutoDetectCookieSupport=1
Connection: keep-alive
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/png
ETag: 133390f4-8a76-4b70-b5a9-3f0de7dcf61c
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Set-Cookie: pv=SE5FE50_8812; path=/; secure; HttpOnly; SameSite=None
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 17550
docucdn-a.akamaihd.net/v/static/mixpanel-2-2-1b.js
23.36.76.243200 OK 26 kB URL HTTP/2 docucdn-a.akamaihd.net/v/static/mixpanel-2-2-1b.js
IP 23.36.76.243:0
ASN #20940 Akamai International B.V.
Hash 72b894ccd2a1349824be26c74169bc02
7033e6f80eb591c2d556b411d3e5b87361cdc1c3
ec10d562179623af25d5dc3e465f84968c76525ec8b9111c29b2f18ea1888c6b
GET /v/static/mixpanel-2-2-1b.js HTTP/1.1
Host: docucdn-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "ece7a224f69ab2205d90900589ae1d05:1527120741"
last-modified: Thu, 24 May 2018 00:08:49 GMT
server: AkamaiNetStorage
unused62: 8096267
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Fri, 02 Feb 2024 14:53:13 GMT
date: Thu, 02 Feb 2023 14:53:13 GMT
content-length: 26533
access-control-allow-origin: *
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.docusign.net/Signing/SigningApp/latest/fonts/helvetica-neue/HelveticaNeue-Bold.woff
162.248.184.27200 OK 38 kB URL HTTP/1.1 www.docusign.net/Signing/SigningApp/latest/fonts/helvetica-neue/HelveticaNeue-Bold.woff
IP 162.248.184.27:0
File type Web Open Font Format, TrueType, length 37560, version 1.0\012- data
Hash b9d0556a2c620a939d54c63be3df6c6c
97968884d4c5a93c46ab1334ce9e9156c694ea4d
90973db3f26fe86b648ec735f3183b44902e5cedf2b1a042402bac39da70404f
GET /Signing/SigningApp/latest/fonts/helvetica-neue/HelveticaNeue-Bold.woff HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.docusign.net/Signing/SigningApp/latest/css/font-faces.css?cs=35a886aa8
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: application/font-woff
ETag: "5027a0d8fcfd91:0"
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 37560
www.docusign.net/Signing/SigningApp/latest/fonts/helvetica-neue/HelveticaNeue.woff
162.248.184.27200 OK 48 kB URL HTTP/1.1 www.docusign.net/Signing/SigningApp/latest/fonts/helvetica-neue/HelveticaNeue.woff
IP 162.248.184.27:0
File type Web Open Font Format, TrueType, length 47748, version 1.0\012- data
Hash 4a573fac9111d6adcb3994983539bd75
69bebefe9edeac85cc27516dbe0ea176c1c2c25c
dac5803d6cbe40244dfd39661406239f83e94e86c976e7229a4e35305a9b5efe
GET /Signing/SigningApp/latest/fonts/helvetica-neue/HelveticaNeue.woff HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.docusign.net/Signing/SigningApp/latest/css/font-faces.css?cs=35a886aa8
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: application/font-woff
ETag: "5027a0d8fcfd91:0"
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 47748
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8fd3144ba07b4b4c992ad550ae1ac0a2
645a6453c71222c8789efbb7a4a2e59660254e17
efa7b131996959341e6f4f42af8bd9d5a7ef1f248b9a3f0fd67e50abe4569a05
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6320
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 14:53:13 GMT
Last-Modified: Thu, 02 Feb 2023 13:07:53 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
www.docusign.net/Signing/SigningApp/latest/fonts/maven-pro/MavenPro-Regular.woff
162.248.184.27200 OK 35 kB URL HTTP/1.1 www.docusign.net/Signing/SigningApp/latest/fonts/maven-pro/MavenPro-Regular.woff
IP 162.248.184.27:0
File type Web Open Font Format, CFF, length 34820, version 0.0\012- data
Hash fd117c9eb999e35d64be1515d5b2192d
b0fae4091ac17a28c47af531a9d5b73b4c35f6bd
553582be8a5d2779d1a9e9c3a6698fd4d365e01353d8876a7204db68fcd1d12d
GET /Signing/SigningApp/latest/fonts/maven-pro/MavenPro-Regular.woff HTTP/1.1
Host: www.docusign.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.docusign.net/Signing/SigningApp/latest/css/font-faces.css?cs=35a886aa8
Cookie: pv=SE5FE50_8812; AspxAutoDetectCookieSupport=1; BIGipDocuSign_NA1_Signing=!lHWiH1Fk2lKMhEW0bOlB09wl7VsgfwAJxlVUkn80xqZf0AdmNEVvv3FzjylZJQ6MOEm93AdGy3JruQ==; ssid=dhk4ov4bxvnhvw30idlyimnj; MemberConsoleMobile=
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: application/font-woff
ETag: "5027a0d8fcfd91:0"
X-DocuSign-Node: SE5FE50
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Thu, 02 Feb 2023 14:53:12 GMT
Content-Length: 34820
docucdn-a.akamaihd.net/olive/images/2.15.0/favicons/android-chrome-512x512.png
23.36.76.243200 OK 2.2 kB URL HTTP/2 docucdn-a.akamaihd.net/olive/images/2.15.0/favicons/android-chrome-512x512.png
IP 23.36.76.243:0
ASN #20940 Akamai International B.V.
File type PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Hash 97f481a386a8bca43554a88332fb91e5
50d416da28fd5dd142d0775c3cf93e027b6a60d8
ef58bad5c4b087d131d5098e7022ef5eb480c01c4e76041e97db06c9f3c1bc4b
GET /olive/images/2.15.0/favicons/android-chrome-512x512.png HTTP/1.1
Host: docucdn-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: AkamaiGHost
mime-version: 1.0
unused62: 8096267
accept-ranges: bytes
content-type: image/png
etag: "19afd5a33a141c1a34505a1d90d24c72:1584027770.130477"
last-modified: Thu, 12 Mar 2020 15:40:31 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3628800
date: Thu, 02 Feb 2023 14:53:13 GMT
content-length: 2185
access-control-allow-origin: *
x-content-type-options: nosniff
X-Firefox-Spdy: h2
docucdn-a.akamaihd.net/olive/images/2.15.0/favicons/favicon-16x16.png
23.36.76.243200 OK 592 B URL HTTP/2 docucdn-a.akamaihd.net/olive/images/2.15.0/favicons/favicon-16x16.png
IP 23.36.76.243:0
ASN #20940 Akamai International B.V.
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash ab07127e18c443a7dba6879192584ec2
ead4f2a2292931a4cc4968299925de1054d85788
bcdd55a8ef3fa1d6b37cd851da72d503315f087c965597d1ee51598a4ada6fa9
GET /olive/images/2.15.0/favicons/favicon-16x16.png HTTP/1.1
Host: docucdn-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: AkamaiGHost
mime-version: 1.0
unused62: 8096267
accept-ranges: bytes
content-type: image/png
etag: "ab07127e18c443a7dba6879192584ec2:1584027770.440594"
last-modified: Thu, 12 Mar 2020 15:40:31 GMT
content-length: 592
cache-control: max-age=3628800
date: Thu, 02 Feb 2023 14:53:13 GMT
access-control-allow-origin: *
x-content-type-options: nosniff
X-Firefox-Spdy: h2
api.mixpanel.com/track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkZpcmVmb3giLCIkcmVmZXJyaW5nX2RvbWFpbiI6ICJyZWRzdHJvbmdmb3VuZGF0aW9uLm9yZyIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICJGRDQwOUM3RkQ1QjJFMkQyQ0E4N0UxQkZGMjE5QkM2QUQxRDU2MjU4IiwiJGluaXRpYWxfcmVmZXJyaW5nX2RvbWFpbiI6ICJyZWRzdHJvbmdmb3VuZGF0aW9uLm9yZyIsIm1wX3BhZ2UiOiAid3d3LmRvY3VzaWduLm5ldCIsIm1wX3JlZmVycmVyIjogInJlZHN0cm9uZ2ZvdW5kYXRpb24ub3JnIiwibXBfYnJvd3NlciI6ICJGaXJlZm94IiwibXBfcGxhdGZvcm0iOiAiV2luZG93cyIsInRva2VuIjogIjMwNGNjYmRlMjRkM2IxNWZmZTJkNWRlMzBjMTBkYWIyIn19&ip=1&_=1675349620202
35.186.241.51200 OK 1 B URL HTTP/2 api.mixpanel.com/track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkZpcmVmb3giLCIkcmVmZXJyaW5nX2RvbWFpbiI6ICJyZWRzdHJvbmdmb3VuZGF0aW9uLm9yZyIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICJGRDQwOUM3RkQ1QjJFMkQyQ0E4N0UxQkZGMjE5QkM2QUQxRDU2MjU4IiwiJGluaXRpYWxfcmVmZXJyaW5nX2RvbWFpbiI6ICJyZWRzdHJvbmdmb3VuZGF0aW9uLm9yZyIsIm1wX3BhZ2UiOiAid3d3LmRvY3VzaWduLm5ldCIsIm1wX3JlZmVycmVyIjogInJlZHN0cm9uZ2ZvdW5kYXRpb24ub3JnIiwibXBfYnJvd3NlciI6ICJGaXJlZm94IiwibXBfcGxhdGZvcm0iOiAiV2luZG93cyIsInRva2VuIjogIjMwNGNjYmRlMjRkM2IxNWZmZTJkNWRlMzBjMTBkYWIyIn19&ip=1&_=1675349620202
IP 35.186.241.51:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkZpcmVmb3giLCIkcmVmZXJyaW5nX2RvbWFpbiI6ICJyZWRzdHJvbmdmb3VuZGF0aW9uLm9yZyIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICJGRDQwOUM3RkQ1QjJFMkQyQ0E4N0UxQkZGMjE5QkM2QUQxRDU2MjU4IiwiJGluaXRpYWxfcmVmZXJyaW5nX2RvbWFpbiI6ICJyZWRzdHJvbmdmb3VuZGF0aW9uLm9yZyIsIm1wX3BhZ2UiOiAid3d3LmRvY3VzaWduLm5ldCIsIm1wX3JlZmVycmVyIjogInJlZHN0cm9uZ2ZvdW5kYXRpb24ub3JnIiwibXBfYnJvd3NlciI6ICJGaXJlZm94IiwibXBfcGxhdGZvcm0iOiAiV2luZG93cyIsInRva2VuIjogIjMwNGNjYmRlMjRkM2IxNWZmZTJkNWRlMzBjMTBkYWIyIn19&ip=1&_=1675349620202 HTTP/1.1
Host: api.mixpanel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.docusign.net/
Origin: https://www.docusign.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.docusign.net
access-control-expose-headers: X-MP-CE-Backoff
access-control-max-age: 1728000
cache-control: no-cache, no-store
content-type: application/json
strict-transport-security: max-age=604800; includeSubDomains
date: Thu, 02 Feb 2023 14:53:13 GMT
content-length: 1
x-envoy-upstream-service-time: 0
server: envoy
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
wwwofc.rufophg.com/?username=eduvall@kycomfort.com
79.137.202.226302 Found 0 B URL HTTP/2 wwwofc.rufophg.com/?username=eduvall@kycomfort.com
IP 79.137.202.226:0
ASN #12695 LLC Digital Network
GET /?username=eduvall@kycomfort.com HTTP/1.1
Host: wwwofc.rufophg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://redstrongfoundation.org/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 02 Feb 2023 14:53:11 GMT
content-type: text/html; charset=utf-8
location: https://www.docusign.net/Signing/Error.aspx?e=ef8758e9-7611-4d41-a4b3-f75dbce853fe&scope=157ad94e-6b42-44c5-86da-aab6ee1dda6f
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2