Overview

URLcrystal-blocker.com
IP 172.67.146.119 (United States)
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-01 13:32:58 UTC
StatusLoading report..
IDS alerts0
Blocklist alert0
urlquery alerts No alerts detected
Tags None

Domain Summary (10)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-01 05:24:46 UTC 34.117.237.239
img-getpocket.cdn.mozilla.net (6) 1631 2019-03-04 20:37:34 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
fonts.googleapis.com (2) 8877 2019-10-15 16:21:13 UTC 2022-11-01 08:07:35 UTC 142.250.74.10
ocsp.digicert.com (3) 86 2012-06-27 22:09:06 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
fonts.gstatic.com (2) 0 2022-10-01 01:25:33 UTC 2022-11-01 10:14:04 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
push.services.mozilla.com (1) 2140 2019-05-26 10:52:39 UTC 2020-05-03 10:09:39 UTC 54.200.107.47
crystal-blocker.com (1) 0 2022-07-01 10:37:56 UTC 2022-11-01 11:02:18 UTC 104.21.79.157 Unknown ranking
r3.o.lencr.org (6) 344 No data No data 23.36.76.226
ocsp.pki.goog (5) 175 2019-02-02 06:15:41 UTC 2020-05-02 20:58:16 UTC 142.250.74.35

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.146.119
Date UQ / IDS / BL URL IP
2022-12-13 14:05:40 +0000 0 - 0 - 5 writemyassignment.co/?u=fy082k7&o=mb2kpbt&cid (...) 172.67.146.119
2022-11-01 13:32:58 +0000 0 - 0 - 0 crystal-blocker.com 172.67.146.119
2022-10-15 22:57:14 +0000 0 - 0 - 14 crystal-blocker.com/?scenario=promo9v1&step2= (...) 172.67.146.119
2022-10-15 21:07:52 +0000 0 - 0 - 14 crystal-blocker.com/?scenario=promo12v2&step2 (...) 172.67.146.119
2022-10-15 19:03:51 +0000 0 - 0 - 14 crystal-blocker.com/ 172.67.146.119


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-02-05 01:05:36 +0000 0 - 0 - 4 netflix-generator.pages.dev/index_files/saved (...) 188.114.96.1
2023-02-05 01:04:19 +0000 5 - 0 - 1 orange-violet-51c1.jrwzd57q.workers.dev/ 104.21.76.80
2023-02-05 01:01:13 +0000 0 - 1 - 0 cdn.discordapp.com/attachments/76005506491967 (...) 162.159.134.233
2023-02-05 01:01:12 +0000 0 - 0 - 1 hokaoneonesoldes.com/ 172.67.144.190
2023-02-05 01:00:08 +0000 0 - 1 - 0 cdn.discordapp.com/attachments/10661231273917 (...) 162.159.134.233


Last 5 reports on domain: crystal-blocker.com
Date UQ / IDS / BL URL IP
2023-01-06 21:36:32 +0000 0 - 0 - 1 crystal-blocker.com/?scenario=direct&tracking (...) 104.26.6.29
2022-12-01 06:51:05 +0000 0 - 0 - 0 crystal-blocker.com 104.26.7.29
2022-11-01 13:32:58 +0000 0 - 0 - 0 crystal-blocker.com 172.67.146.119
2022-10-15 22:57:14 +0000 0 - 0 - 14 crystal-blocker.com/?scenario=promo9v1&step2= (...) 172.67.146.119
2022-10-15 22:10:41 +0000 0 - 0 - 14 crystal-blocker.com/?scenario=promo9v1&step2= (...) 104.21.79.157


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-10-15 19:03:51 +0000 0 - 0 - 14 crystal-blocker.com/ 172.67.146.119
2022-10-10 15:13:36 +0000 0 - 0 - 14 crystal-blocker.com/ 172.67.146.119
2022-10-08 03:55:19 +0000 0 - 0 - 14 crystal-blocker.com/ 172.67.146.119
2022-09-25 18:56:40 +0000 0 - 0 - 14 crystal-blocker.com/ 104.21.79.157
2022-09-12 17:09:43 +0000 0 - 0 - 14 crystal-blocker.com/ 172.67.146.119

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (28)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B00022C599D7A74BD264B90A1CA9F935EB8A7BC6E63A9751DDDC8ACFBAFE58DA"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6060
Expires: Tue, 01 Nov 2022 15:13:47 GMT
Date: Tue, 01 Nov 2022 13:32:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5928
Cache-Control: max-age=164222
Date: Tue, 01 Nov 2022 13:32:47 GMT
Etag: "6360e755-1d7"
Expires: Thu, 03 Nov 2022 11:09:49 GMT
Last-Modified: Tue, 01 Nov 2022 09:31:01 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5928
Cache-Control: max-age=164222
Date: Tue, 01 Nov 2022 13:32:47 GMT
Etag: "6360e755-1d7"
Expires: Thu, 03 Nov 2022 11:09:49 GMT
Last-Modified: Tue, 01 Nov 2022 09:31:01 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2CC72FF87DCDABCB0A67D8DDA7A7C440F8650FFE77F71602954A3076762BE50A"
Last-Modified: Tue, 01 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6438
Expires: Tue, 01 Nov 2022 15:20:05 GMT
Date: Tue, 01 Nov 2022 13:32:47 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: sh1oLfUftOFHhqOjGz2+IzJ43FWlISiakuOwg6s0GkTOvir2y1jQDXo+rDABrfJUksbrwgxlIe4=
x-amz-request-id: E0CA9FNDWB6X1BMS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 01 Nov 2022 12:45:24 GMT
age: 2843
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 01 Nov 2022 13:32:47 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 01 Nov 2022 13:32:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 01 Nov 2022 13:32:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 01 Nov 2022 13:32:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 01 Nov 2022 13:32:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   2260
Md5:    f2f7269c2b7f4e3b28ece25d822c7fa8
Sha1:   3a6a5b88158811060ec993e754120ba63afa9afe
Sha256: 8f955f6961445611601622fdefce4432695804276e145efd2589b2964fdc1b65
                                        
                                            GET /s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crystal-blocker.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 26 Oct 2022 22:49:47 GMT
expires: Thu, 26 Oct 2023 22:49:47 GMT
cache-control: public, max-age=31536000
age: 484981
last-modified: Wed, 27 Apr 2022 15:37:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  hp300 (68020+68881) BSD\012- data
Size:   39208
Md5:    0c8e2461765071660de9eef780316037
Sha1:   cebf644c9afd080b98600a0c0ea10aebeca41177
Sha256: 05a443019db9ed840f0f02ac6cd25a5f6238a34e072d9a7f1d0b18243ba13bd9
                                        
                                            GET /s/quantico/v15/rax5HiSdp9cPL3KIF7TQAShdu08.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crystal-blocker.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5436
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 26 Oct 2022 21:43:35 GMT
expires: Thu, 26 Oct 2023 21:43:35 GMT
cache-control: public, max-age=31536000
age: 488953
last-modified: Wed, 27 Apr 2022 15:38:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 5436, version 1.0\012- data
Size:   5436
Md5:    e3190d514df1ee7be5ce8298d50f091b
Sha1:   942516b22878bbdcbfc391fb5124481d0412b1c0
Sha256: 87c8dc997480fca2cbc1dced6fe5c57ca1d762134028716adb41d14410fa3163
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 01 Nov 2022 13:32:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2765
Cache-Control: max-age=156003
Date: Tue, 01 Nov 2022 13:32:48 GMT
Etag: "6360d396-1d7"
Expires: Thu, 03 Nov 2022 08:52:51 GMT
Last-Modified: Tue, 01 Nov 2022 08:06:46 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rWNnzrcYgzOkbBAIuxv3iw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.200.107.47
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uTMRZochfz5YzBn8wfsN1AsnATI=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "21C7FB0F3D2486D6655B5D6817DD90FAAFA18836C820A684215F9A29F1A4451C"
Last-Modified: Mon, 31 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6769
Expires: Tue, 01 Nov 2022 15:25:39 GMT
Date: Tue, 01 Nov 2022 13:32:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "21C7FB0F3D2486D6655B5D6817DD90FAAFA18836C820A684215F9A29F1A4451C"
Last-Modified: Mon, 31 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6769
Expires: Tue, 01 Nov 2022 15:25:39 GMT
Date: Tue, 01 Nov 2022 13:32:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "21C7FB0F3D2486D6655B5D6817DD90FAAFA18836C820A684215F9A29F1A4451C"
Last-Modified: Mon, 31 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6769
Expires: Tue, 01 Nov 2022 15:25:39 GMT
Date: Tue, 01 Nov 2022 13:32:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "21C7FB0F3D2486D6655B5D6817DD90FAAFA18836C820A684215F9A29F1A4451C"
Last-Modified: Mon, 31 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6769
Expires: Tue, 01 Nov 2022 15:25:39 GMT
Date: Tue, 01 Nov 2022 13:32:50 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10527
x-amzn-requestid: 1b709c25-8424-49d8-bc0e-dac3fbc154ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apNEzH5ZoAMFWdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359f551-3fb0703f27b571cf7f85e59e;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NPeo4wQ7C9AYBQt5M2TkQv5bv3E8wUR7EST2xOLBla7rA56j2VkTiw==
via: 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Mon, 31 Oct 2022 23:26:02 GMT
age: 50808
etag: "d1625420cdc79643e759247b0e9ac89dadfbe956"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10527
Md5:    bd006407a4ea0fbeec2f1351a71f30bc
Sha1:   d1625420cdc79643e759247b0e9ac89dadfbe956
Sha256: fd461665ee463fad26300630684a11e3c520485e3b001c2f08439d50589ddbb7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4402157-b00a-4732-b2df-0f3e2b655219.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4456
x-amzn-requestid: 58bbf579-518e-4db6-b5a7-729aa207437e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a47JZH56oAMFraw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63603f08-6c2770552a9f25b14ac3e32a;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 21:32:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CXGpDRQzYxI-0aHpKiU-GhPoEJaKEdn9k5AYJqlx3rUvpMG2IVp-Ew==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Mon, 31 Oct 2022 21:50:40 GMT
age: 56530
etag: "289a0c698c3a826f0614f6dec56d15c2c3320519"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4456
Md5:    f09a2a14bf888ca33df5b059c73f89f8
Sha1:   289a0c698c3a826f0614f6dec56d15c2c3320519
Sha256: 946007230f6cdd732a1c6bf3aa4073738ac426cdfda843cd9a9981f122fb8608
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa85c6304-6f72-4904-bb25-968b35616ef5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7428
x-amzn-requestid: 0eabcd9d-372d-4be6-aa58-26f3ce15d7bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aioHzF3dIAMFQ4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635753cb-7332e0ae76cbda142a20fe13;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 03:11:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RRcTk-QZvoKyAWq4oyBt49pSugGTxwQyT0CK9Y3zrzZgUB2hWXEMbQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 31 Oct 2022 22:22:56 GMT
age: 54594
etag: "4fc868d652910c7dcf4ef0e87531de4ee6007c45"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7428
Md5:    4f9f8683351154be3300311e3a7e29e3
Sha1:   4fc868d652910c7dcf4ef0e87531de4ee6007c45
Sha256: d4f012729e0eddc20948ad98d653794204f80344a5840142877dcaa8d2520a71
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faedeaf71-ffea-4e66-9a25-1410acdb03ec.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5136
x-amzn-requestid: 0059b05c-746b-41cd-8cc1-c744d0b149fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aoc2-H9sIAMFquA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a82c-772120580c4cf9e45b685971;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:35:40 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pwgNzWTUOo6Zxkh2mmOuJhB5ipg-zOONARn_TdRM8X1XQQZTqXlHsg==
via: 1.1 44cd593d82a2d200a94217033c614c6a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 31 Oct 2022 23:00:40 GMT
age: 52330
etag: "fed9b6693077d233f60cc7394c7b667291ffade7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5136
Md5:    ace7660d2948795997e3c7cb9cf12495
Sha1:   fed9b6693077d233f60cc7394c7b667291ffade7
Sha256: fd4718a6649572cbaf13f46b8e2961cd1c680afa1494b0bacd5fda9010a95098
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbc7baad-e067-4cde-8525-ef8356465601.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7531
x-amzn-requestid: 36cd2bee-2c06-4195-9b27-8a6e218694da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a47IuF1nIAMFrBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63603f04-04202d745190ba251e14785c;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 21:32:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VqMJ5xa4fKEFjM8ioRilgqN0DMxQjXOAYCPFq30hEcIVlI8AqNZulA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 31 Oct 2022 21:50:40 GMT
age: 56530
etag: "893fb3f21b144d0e3a810a2314ffaa7e8e40818c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7531
Md5:    44a43638c497d10c7fa7dadd6a6afeb9
Sha1:   893fb3f21b144d0e3a810a2314ffaa7e8e40818c
Sha256: 605355c2b14d335aabfd83a6fa49d61fb804388d6a156c8d47fbbb127f932ca6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffef65a3e-ef2c-48f0-98be-8406ad38fba0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5159
x-amzn-requestid: aa2d6be6-73b3-474e-b789-622e7b7f15e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a47JaEtcoAMFRwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63603f08-026dcc9724fa955050174a30;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 21:32:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: IXhmD8QMIfCNZrlgL9L8cHV-XXvmsjcT4SZIwitilx2fTTjjaPjhPQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 31 Oct 2022 22:58:53 GMT
age: 52437
etag: "e4a4d887fe6f0aac6be592cedc21db61f652f4af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5159
Md5:    173b8886a858ba39806f1e57ed68980f
Sha1:   e4a4d887fe6f0aac6be592cedc21db61f652f4af
Sha256: a49a507ed778485676c7307febedeca3cbc7e1123865933e044236eb43577fb5
                                        
                                            GET / HTTP/1.1 
Host: crystal-blocker.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         104.21.79.157
HTTP/2 200 OK
content-type: text/html
                                        
date: Tue, 01 Nov 2022 13:32:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5FttiKN%2BG4w8sJunR8rJAYClh1oS016CF%2Fvo7JqbCg3%2FXUFcf%2B6qyW7jeJdmJoUm960i5hrkQKC7yXq%2Bsjn2vr15e6Hs5s85M5XfMSQ2027JXDg1iqcTVtzwNxDU1h07doyGGSPK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7634ff9da8bc0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crystal-blocker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 01 Nov 2022 13:32:48 GMT
date: Tue, 01 Nov 2022 13:32:48 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css2?family=Roboto&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crystal-blocker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 01 Nov 2022 13:32:48 GMT
date: Tue, 01 Nov 2022 13:32:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---