Report - mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=

Report Overview

URL

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=
IP

34.82.69.41

ASN

#396982 GOOGLE-CLOUD-PLATFORM
Submitted

2022-09-27T04:17:19Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

5

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com (1)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329	737	93.184.220.29
devilsms.live (3)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1085	89500	199.188.200.254
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3174	60597	34.120.237.76
ocsp.godaddy.com (4)	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1312	9141	192.124.249.41
ocsp.pki.goog (6)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2000	4209	142.250.74.3
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758	2704	143.204.55.115
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594	127	34.223.168.227
t.me (1)	6552	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	518	4527	149.154.167.99
fonts.gstatic.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	916	33502	142.250.74.163
fonts.googleapis.com (1)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	372	746	142.250.74.10
r3.o.lencr.org (6)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1956	5316	23.36.76.226
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321	229	34.117.237.239
ocsp.sectigo.com (2)	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656	1928	104.18.32.68
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401	5846	143.204.55.49
mtbconnect.selfip.com (5)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2174	151526	34.82.69.41
telegram.org (6)	5408	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2244	7706	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-25	medium	mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=	M & T Bank Coporation

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-27	medium	mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=	Phishing
2022-09-27	medium	mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb-logo.svg	Phishing
2022-09-27	medium	mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb-entrust.svg	Phishing
2022-09-27	medium	mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb-equalhousinglender.svg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

HTTP Transactions (48)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939

URL HTTP/1.1

firefox.settings.services.mozilla.com/v1/
IP

143.204.55.115:0
ASN

#16509 AMAZON-02

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

2d12f67fe57a87e7366b662d153a5582

d7b02d81cc74f24a251d9363e0f4b0a149264ec1

73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 04:15:30 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Dt_Cv2A5r_GyZg4SPX-MeYpVLjT6sVqQ1SnLFUEQrTSzm9gEXt9CTg==
Age: 98

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d2560f62890e75b8de444fed96c22f52

334ce0c48e606ee029f31eeb1463af87b1024bb9

4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4948
Expires: Tue, 27 Sep 2022 05:39:36 GMT
Date: Tue, 27 Sep 2022 04:17:08 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP

143.204.55.49:0
ASN

#16509 AMAZON-02

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

6113f8408c59aebe188d6af273b90743

7398873bf00f99944eaa77ad3ebc0d43c23dba6b

b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dY1lGik8MHMpBFYrlihfPC2lG8UNk5uB0QJXt5298BszwnkMdy4f3Q==
age: 85313
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 04:17:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=

34.82.69.41

200 OK

77146

URL HTTP/1.1

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=
IP

34.82.69.41:0
ASN

#396982 GOOGLE-CLOUD-PLATFORM

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (64594), with CRLF line terminators

Size

77146
Hash

83b061eaddc8b3b905282bd8c5c31e62

0cda79956b115f57aa924f18daf5f1f2a338fb2a

24a74813681383ed14103b84b4dc33dc0b3108e9e420ac7417e921fca72df7c2

Detections

Analyzer	Verdict	Alert
openphish	M & T Bank Coporation
fortinet	Phishing

HTTP Headers

                                        GET /6df29ab6894eacc985020d19e5fc69be/personal.php?token= HTTP/1.1
Host: mtbconnect.selfip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 04:17:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=99f1c37c413d21e40c72dc18ff1e40ff; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb.css

34.82.69.41

200 OK

69422

URL HTTP/1.1

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb.css
IP

34.82.69.41:0
ASN

#396982 GOOGLE-CLOUD-PLATFORM

Magic

ASCII text, with very long lines (1590), with CRLF line terminators

Size

69422
Hash

3ffbe4300b09dc201f4f63491e5f9a60

d5089fcebe53f173a2824785e2211e0d3542b745

fa72bf5cf7823e5a20ff40085d311170a7e62744396d26bc6ffa968b7be306cb

HTTP Headers

                                        GET /6df29ab6894eacc985020d19e5fc69be/css/mtb.css HTTP/1.1
Host: mtbconnect.selfip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=
Cookie: PHPSESSID=99f1c37c413d21e40c72dc18ff1e40ff

                                        HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 04:17:08 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 20:11:19 GMT
Accept-Ranges: bytes
Content-Length: 69422
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb-logo.svg

34.82.69.41

200 OK

2039

URL HTTP/1.1

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb-logo.svg
IP

34.82.69.41:0
ASN

#396982 GOOGLE-CLOUD-PLATFORM

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators

Size

2039
Hash

f2b901cf895852a0866fe4a16c7f1730

c4240af1ec798477b4e65a185ddbb1b038817da4

5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /6df29ab6894eacc985020d19e5fc69be/css/mtb-logo.svg HTTP/1.1
Host: mtbconnect.selfip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=
Cookie: PHPSESSID=99f1c37c413d21e40c72dc18ff1e40ff

                                        HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 04:17:09 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 20:11:19 GMT
Accept-Ranges: bytes
Content-Length: 2039
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb-entrust.svg

34.82.69.41

200 OK

1349

URL HTTP/1.1

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb-entrust.svg
IP

34.82.69.41:0
ASN

#396982 GOOGLE-CLOUD-PLATFORM

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators

Size

1349
Hash

9a569ad20708d7453d89fe6c72e7fcdc

60b6a41620583484642f7c826faf8e3c879a6374

b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /6df29ab6894eacc985020d19e5fc69be/css/mtb-entrust.svg HTTP/1.1
Host: mtbconnect.selfip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=
Cookie: PHPSESSID=99f1c37c413d21e40c72dc18ff1e40ff

                                        HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 04:17:09 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 20:11:19 GMT
Accept-Ranges: bytes
Content-Length: 1349
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb-equalhousinglender.svg

34.82.69.41

200 OK

230

URL HTTP/1.1

mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/css/mtb-equalhousinglender.svg
IP

34.82.69.41:0
ASN

#396982 GOOGLE-CLOUD-PLATFORM

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators

Size

230
Hash

916635d10512ae6a1840614a895dcd38

db175de4c42281bb4d239c57d1b95b8e75c529ec

d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /6df29ab6894eacc985020d19e5fc69be/css/mtb-equalhousinglender.svg HTTP/1.1
Host: mtbconnect.selfip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mtbconnect.selfip.com/6df29ab6894eacc985020d19e5fc69be/personal.php?token=
Cookie: PHPSESSID=99f1c37c413d21e40c72dc18ff1e40ff

                                        HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 04:17:09 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 20:11:19 GMT
Accept-Ranges: bytes
Content-Length: 230
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

ocsp.sectigo.com/

104.18.32.68

200 OK

472

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

e5f53b1f655d9c3f05937dd9115590d5

2714304ebafcec1b86ec95ac25e20b4fb83bad49

4245051952014f0d6b3e3af248606123840220fa2314dc12892954f135f4aeee

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 04:17:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 24 Sep 2022 17:40:04 GMT
Expires: Sat, 01 Oct 2022 17:40:03 GMT
Etag: "2714304ebafcec1b86ec95ac25e20b4fb83bad49"
Cache-Control: max-age=393173,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75116d919d45b51e-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329

URL HTTP/1.1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

143.204.55.115:0
ASN

#16509 AMAZON-02

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 04:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 04:56:55 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JSoG_2mfce7X81QZhZ4ptnVZ0WPX5qB9QnRJd5sHH-Yar5ipyZjShw==
Age: 383

ocsp.sectigo.com/

104.18.32.68

200 OK

472

URL HTTP/1.1

ocsp.sectigo.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

e5f53b1f655d9c3f05937dd9115590d5

2714304ebafcec1b86ec95ac25e20b4fb83bad49

4245051952014f0d6b3e3af248606123840220fa2314dc12892954f135f4aeee

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 04:17:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 24 Sep 2022 17:40:04 GMT
Expires: Sat, 01 Oct 2022 17:40:03 GMT
Etag: "2714304ebafcec1b86ec95ac25e20b4fb83bad49"
Cache-Control: max-age=393173,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75116d919aad0b55-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

5adb7eb1d103eadeeafac36e663ffdd3

23b784388dd634fa736cd60aed71570661e73d02

5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3372
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 04:17:09 GMT
Last-Modified: Tue, 27 Sep 2022 03:20:58 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.223.168.227

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

34.223.168.227:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZB0csyd5+EcJIv6d4FByCw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3S6Zp1fZEblQzeLN72h5RPVNIfw=

devilsms.live/cleave.js

199.188.200.254

200 OK

18428

URL HTTP/2

devilsms.live/cleave.js
IP

199.188.200.254:0
ASN

#22612 NAMECHEAP-NET

Magic

Unicode text, UTF-8 text, with very long lines (1712)

Size

18428
Hash

fe9f66e28ad0fde897ddcb9571324491

e5ab8ed2bad2578458397898778be698dff70917

ece3c9456921c261029e7ae1b7eddd2265e8afdf1aeb78f9eafad2ea55d5e92f

HTTP Headers

                                        GET /cleave.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mtbconnect.selfip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 04:17:09 GMT
content-type: application/javascript
last-modified: Sun, 30 Jan 2022 13:07:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18428
date: Tue, 27 Sep 2022 04:17:09 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

devilsms.live/clve-min.js

199.188.200.254

200 OK

51069

URL HTTP/2

devilsms.live/clve-min.js
IP

199.188.200.254:0
ASN

#22612 NAMECHEAP-NET

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

51069
Hash

724ad5d75674097f5d14e70982a3bc6e

87146103e33be6cdf8d828351685c70f2a6cb7e3

d1a51f6f6c798129732b8ae1c654d6a68af918bb63e05b45c75cf4c614c27260

HTTP Headers

                                        GET /clve-min.js HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mtbconnect.selfip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 04:17:09 GMT
content-type: application/javascript
last-modified: Mon, 07 Feb 2022 11:17:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51069
date: Tue, 27 Sep 2022 04:17:09 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

devilsms.live/css/mt/foundation-all.css

199.188.200.254

200 OK

18892

URL HTTP/2

devilsms.live/css/mt/foundation-all.css
IP

199.188.200.254:0
ASN

#22612 NAMECHEAP-NET

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (65531), with no line terminators

Size

18892
Hash

54cfed1d67cba4cf26321120af4de13d

1eaa0e742b7b30f2376f3e94fa7557325d4baf31

04a207185ab53c00dbf89acdc5f82e53b54f8f50736051dc85ce72edb957b105

HTTP Headers

                                        GET /css/mt/foundation-all.css HTTP/1.1
Host: devilsms.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mtbconnect.selfip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 04:17:09 GMT
content-type: text/css
last-modified: Wed, 30 Mar 2022 13:31:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18892
date: Tue, 27 Sep 2022 04:17:09 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5a6097201b7da81f6e9a6d99a7353a0c

d4240fe80c76013b9f7b6fd09963aa47151b8d6a

519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2330
Expires: Tue, 27 Sep 2022 04:56:00 GMT
Date: Tue, 27 Sep 2022 04:17:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5a6097201b7da81f6e9a6d99a7353a0c

d4240fe80c76013b9f7b6fd09963aa47151b8d6a

519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2330
Expires: Tue, 27 Sep 2022 04:56:00 GMT
Date: Tue, 27 Sep 2022 04:17:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5a6097201b7da81f6e9a6d99a7353a0c

d4240fe80c76013b9f7b6fd09963aa47151b8d6a

519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2330
Expires: Tue, 27 Sep 2022 04:56:00 GMT
Date: Tue, 27 Sep 2022 04:17:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5a6097201b7da81f6e9a6d99a7353a0c

d4240fe80c76013b9f7b6fd09963aa47151b8d6a

519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2330
Expires: Tue, 27 Sep 2022 04:56:00 GMT
Date: Tue, 27 Sep 2022 04:17:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5a6097201b7da81f6e9a6d99a7353a0c

d4240fe80c76013b9f7b6fd09963aa47151b8d6a

519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2330
Expires: Tue, 27 Sep 2022 04:56:00 GMT
Date: Tue, 27 Sep 2022 04:17:10 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe29cee89-5693-407a-b182-e52f8fe5734f.jpeg

34.120.237.76

200 OK

11885

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe29cee89-5693-407a-b182-e52f8fe5734f.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

11885
Hash

1f0a1508f459d7774c0d63ff682532c0

03edfe254fa4f5c88bf9c8868edd9cdf07bf5d0d

eebf3b550e7a675a2231e97575e8be57e8d1216126a711cdef73ccbc5dd1e773

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe29cee89-5693-407a-b182-e52f8fe5734f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 11885
x-amzn-requestid: a8f6d57a-8bd3-42b9-80ba-695c5baac04b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YshLpHZPIAMFZiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328157d-4ef5eb306dde741502e46f24;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 07:08:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JSWNUGbYq_zNf2L2AwkLuPfnGUTsX6iqCB5ESRr3dX-0voDgtu4KnQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:59:27 GMT
age: 22663
etag: "03edfe254fa4f5c88bf9c8868edd9cdf07bf5d0d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6829

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5538bec-989b-434a-bf80-699456665fd7.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6829
Hash

62ece01d7e0036711832df5a25175b3b

c80d9ce02eeaa7b0166a696e811d2cffde4997d0

8a1968c18b44495571ff382a9cacfb7f98d3e1275d650e84cb310d635eae7e70

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5538bec-989b-434a-bf80-699456665fd7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6829
x-amzn-requestid: cc3229a7-7c7e-472b-b7a4-1216594c4068
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yshb2FwhoAMF2EA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632815e5-0964e463192712fb08a29ee7;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 07:10:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5cPZZOqAPyLdASSDpGDdne0bUt_SswKXMjufitPEjmp6tG5XtYz5Ag==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:05:59 GMT
age: 22271
etag: "c80d9ce02eeaa7b0166a696e811d2cffde4997d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13213

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

13213
Hash

62e68c3cd08dd94d910507512a67e85f

3d4fa8701f17e8818c25584ef5f04bfbee8440cd

058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreH5poAMFdxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:42:47 GMT
age: 23663
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4327

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffffd9a36-7835-4249-a213-06720f62ce54.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4327
Hash

f9bc23ab347b5f2e2ec15d69f41f0cf0

a92af0438aa2b6637c0f69dabd0be00b3a43caf8

4382f21ee6727d4b4d21bd7d16b1821a57d9fec6c78dbf7e74bfdfbde51ec206

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffffd9a36-7835-4249-a213-06720f62ce54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4327
x-amzn-requestid: 59493149-3c46-42c6-96aa-92c945fb4c40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlA1HzioAMFzxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b9e-5bd13d5719a119a25650f405;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nZuilN7CTsQ_XYx39le70nZKRzVBDyygmYdaHVmBnpi8teTUB1Faxw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:49:18 GMT
age: 23272
etag: "a92af0438aa2b6637c0f69dabd0be00b3a43caf8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8255

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8255
Hash

fa70ece15044b7318cb11ae5e37a64e7

04a0665f771562c3e56ac3542abe5bd3c4c1a6b5

8c974283b2ba0058114404af3e4818daa8cc56f270cb8a46f5f2f54de9d2f0e1

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8255
x-amzn-requestid: 3bf29c4a-406a-4645-ad18-44cd6f05d457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VnFEV-IAMFQMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfc6-3eaa337d1e1c1b6d5e951419;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qkOlqM6tJ90H9572YLE0J-s79edBSceM5hLbJtyyuH86xdW8juoktA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 13:28:31 GMT
age: 53319
etag: "04a0665f771562c3e56ac3542abe5bd3c4c1a6b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9737

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bf02f4e-91c0-455b-8378-5eae82174db7.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9737
Hash

3140ec95f33c36599de95b25cdade940

932c74fa24b61ee1b1c672b6c19b1e736caab8d3

f7488246ca75fddc504812f4c5944a5a2494cdb14b6ef1db5fb28beca5cff194

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bf02f4e-91c0-455b-8378-5eae82174db7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9737
x-amzn-requestid: aec3c3e9-42e5-4de5-8882-118002369ef8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreGJxoAMF-oA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-527ccd70654c22891262279d;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ukn4d6yPeJJHN5trYK3xbhik2pX41zHki3nG5r6fCzQgm3vYw5lhAA==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:43:16 GMT
age: 23634
etag: "932c74fa24b61ee1b1c672b6c19b1e736caab8d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.41

200 OK

1778

URL HTTP/1.1

ocsp.godaddy.com/
IP

192.124.249.41:0
ASN

#30148 SUCURI-SEC

Magic

data

Size

1778
Hash

5c1bc80d8b011f143fc32f78ea099413

9f34d12443aef7a0238c3d9d7109fcd1b80a4e09

9bf906c05f2fb1626e5cd15ca335f68c8e42fa46190e4ab055181f7a473a3c82

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 27 Sep 2022 04:17:10 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 22:07:58 GMT
Expires: Tue, 27 Sep 2022 22:07:58 GMT
ETag: "9f34d12443aef7a0238c3d9d7109fcd1b80a4e09"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

t.me/Devilmask09

149.154.167.99

200 OK

4138

URL HTTP/2

t.me/Devilmask09
IP

149.154.167.99:0
ASN

#62041 Telegram Messenger Inc

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3560)

Size

4138
Hash

f0c21845753a3f63e276b056836af9f9

deb7f162a5cdf191c89d15c7b865bfecbe8d7765

9aa0104f62435b111d332c74126f661d191ec6d8b4b2c16621a24f3bfd3e453e

HTTP Headers

                                        GET /Devilmask09 HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mtbconnect.selfip.com/
Cookie: stel_ssid=f3d5d45d4df6b0783a_14060789290827612577
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 27 Sep 2022 04:17:10 GMT
content-type: text/html; charset=utf-8
content-length: 4138
pragma: no-cache
cache-control: no-store
x-frame-options: ALLOW-FROM https://web.telegram.org
content-security-policy: frame-ancestors https://web.telegram.org
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

bfc8c650e23854f708a3dd54fca4393f

b54c061cf5a5306a68112d403471914e839a68c8

84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 04:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/Svlf1UIkr8I

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/s/gts1d4/Svlf1UIkr8I
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

a46595012d03835e73d879b99274c618

d984865417e7493b36cc4137fc958cb41bdb6cbf

f5bd08864b9a29bf3c3289cc9c8c9375eca75a1d638420ca1da72628cb3837c6

HTTP Headers

                                        POST /s/gts1d4/Svlf1UIkr8I HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 04:17:11 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

bfc8c650e23854f708a3dd54fca4393f

b54c061cf5a5306a68112d403471914e839a68c8

84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 04:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.godaddy.com/

192.124.249.41

200 OK

1777

URL HTTP/1.1

ocsp.godaddy.com/
IP

192.124.249.41:0
ASN

#30148 SUCURI-SEC

Magic

data

Size

1777
Hash

b7a934ff42dad80a87331f804df62074

f4f389dafe5fdcbd8a2bd78b277808057e9a03e5

a746f8648fa606f75d4638dc3c3fd1e6c910b5381c18e7970656e3c96065cacb

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 27 Sep 2022 04:17:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 21:13:22 GMT
Expires: Tue, 27 Sep 2022 21:13:22 GMT
ETag: "f4f389dafe5fdcbd8a2bd78b277808057e9a03e5"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.godaddy.com/

192.124.249.41

200 OK

1777

URL HTTP/1.1

ocsp.godaddy.com/
IP

192.124.249.41:0
ASN

#30148 SUCURI-SEC

Magic

data

Size

1777
Hash

b7a934ff42dad80a87331f804df62074

f4f389dafe5fdcbd8a2bd78b277808057e9a03e5

a746f8648fa606f75d4638dc3c3fd1e6c910b5381c18e7970656e3c96065cacb

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 27 Sep 2022 04:17:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 21:13:22 GMT
Expires: Tue, 27 Sep 2022 21:13:22 GMT
ETag: "f4f389dafe5fdcbd8a2bd78b277808057e9a03e5"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

737756d717fd215d94458a21028ae486

ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f

8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 04:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

737756d717fd215d94458a21028ae486

ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f

8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 04:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

15744

URL HTTP/2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP

142.250.74.163:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data

Size

15744
Hash

15d9f621c3bd1599f0169dcf0bd5e63e

7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

                                        GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 463383
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

15860

URL HTTP/2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP

142.250.74.163:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data

Size

15860
Hash

e9f5aaf547f165386cd313b995dddd8e

acdef5603c2387b0e5bffd744b679a24a8bc1968

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

                                        GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 463383
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

737756d717fd215d94458a21028ae486

ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f

8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 04:17:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

telegram.org/img/apple-touch-icon.png

149.154.167.99

200 OK

5644

URL HTTP/2

telegram.org/img/apple-touch-icon.png
IP

149.154.167.99:0
ASN

#62041 Telegram Messenger Inc

Magic

PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data

Size

5644
Hash

295ccdb03006b8dfef45090dafbd46ac

491ab660270e47cbac6a5731c51cca71c1c1b2b1

a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3

HTTP Headers

                                        GET /img/apple-touch-icon.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 27 Sep 2022 04:17:12 GMT
content-type: image/png
content-length: 5644
last-modified: Thu, 21 Apr 2022 13:47:47 GMT
etag: "62616083-160c"
expires: Sat, 01 Oct 2022 04:17:12 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.41

200 OK

1777

URL HTTP/1.1

ocsp.godaddy.com/
IP

192.124.249.41:0
ASN

#30148 SUCURI-SEC

Magic

data

Size

1777
Hash

b7a934ff42dad80a87331f804df62074

f4f389dafe5fdcbd8a2bd78b277808057e9a03e5

a746f8648fa606f75d4638dc3c3fd1e6c910b5381c18e7970656e3c96065cacb

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 27 Sep 2022 04:17:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 21:13:22 GMT
Expires: Tue, 27 Sep 2022 21:13:22 GMT
ETag: "f4f389dafe5fdcbd8a2bd78b277808057e9a03e5"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

telegram.org/img/website_icon.svg?4

149.154.167.99

200 OK

URL HTTP/2

telegram.org/img/website_icon.svg?4
IP

149.154.167.99:0
ASN

#62041 Telegram Messenger Inc

Magic

Size

0
Hash

HTTP Headers

                                        GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 27 Sep 2022 04:17:12 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Sat, 01 Oct 2022 04:17:12 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:400,700

142.250.74.10

200 OK

URL HTTP/2

fonts.googleapis.com/css?family=Roboto:400,700
IP

142.250.74.10:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

HTTP Headers

                                        GET /css?family=Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 04:17:11 GMT
date: Tue, 27 Sep 2022 04:17:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

telegram.org/css/bootstrap.min.css?3

149.154.167.99

200 OK

URL HTTP/2

telegram.org/css/bootstrap.min.css?3
IP

149.154.167.99:0
ASN

#62041 Telegram Messenger Inc

Magic

Size

0
Hash

HTTP Headers

                                        GET /css/bootstrap.min.css?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 27 Sep 2022 04:17:11 GMT
content-type: text/css
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-a61b"
expires: Sat, 01 Oct 2022 04:17:11 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

#1 JS:Script (size: 64596)

#2 JS:Script (size: 150943)

#3 JS:Script (size: 2979)

#4 JS:Script (size: 93486)

#5 JS:Script (size: 206)

#6 JS:Script (size: 193)

#7 JS:Script (size: 1303)

HTTP Transactions (48)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash