r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7758
Expires: Tue, 29 Nov 2022 00:28:53 GMT
Date: Mon, 28 Nov 2022 22:19:35 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4439
Cache-Control: max-age=134745
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:35 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 11:45:20 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11401
Expires: Tue, 29 Nov 2022 01:29:36 GMT
Date: Mon, 28 Nov 2022 22:19:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 22:17:50 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 105
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: n07WaqCPmdwB6sm7urvtgsI2qkme81DL4jtOmcLQ9u9SK0PFbzF2vl7ry6LcMnvt3BpsNGO1fAk=
x-amz-request-id: ADRRHB7C4NTBVRX5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 21:42:14 GMT
age: 2241
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
11betvn.club/blues
172.67.173.213301 Moved Permanently 162 B IP 172.67.173.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /blues HTTP/1.1
Host: 11betvn.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Nov 2022 22:19:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://11betvn.club/blues
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t1XptFMBEVs8AuQqs1sJcfybuf9gGD0qonvEqYGGmNd1uoTlaqEoeb6FiNCsUY9DH9Q2mmS%2Fnr9rk62VIabduykpP4TGW9Zpb%2Bafzk1usws4rCO8RfGZn01ecKSN8%2Fc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77167c6c0bceb524-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:19:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4693b6e22e38827251729c16e78f111c
19fa8c05989931bcbe3cd52649d8b031fd474e8a
c3ad333b1bf48fa3290551f5ebdc40a3338391adf06a01992a44155c7b0b559a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C3AD333B1BF48FA3290551F5EBDC40A3338391ADF06A01992A44155C7B0B559A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21580
Expires: Tue, 29 Nov 2022 04:19:16 GMT
Date: Mon, 28 Nov 2022 22:19:36 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 22:11:12 GMT
cache-control: public,max-age=3600
age: 504
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1801
Cache-Control: max-age=127040
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:36 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 09:36:56 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.214.17.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.17.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vmYnXMtajkqALe2onTFlPQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yFVsHQuLZNuw4QDon9FuHGqsAJs=
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4693b6e22e38827251729c16e78f111c
19fa8c05989931bcbe3cd52649d8b031fd474e8a
c3ad333b1bf48fa3290551f5ebdc40a3338391adf06a01992a44155c7b0b559a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C3AD333B1BF48FA3290551F5EBDC40A3338391ADF06A01992A44155C7B0B559A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21579
Expires: Tue, 29 Nov 2022 04:19:16 GMT
Date: Mon, 28 Nov 2022 22:19:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10762
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:19:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10762
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:19:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10762
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:19:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10762
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:19:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10762
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:19:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg
34.120.237.76200 OK 3.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9cd333c474420e235831d96ed881167e
5008d7344dd85ae61a598c17e7baf427def3e25d
2178a96e120661e43d8e8ed0df1fcf500caf4c58db9e1bedaf0706af0a80b286
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3944
x-amzn-requestid: 8a6732c1-72da-4a73-ba51-8533c6a01a9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNmfFgeIAMFjLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6385295c-0c807d93277bfb7f6b13c2ee;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:20 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oW4xFfsPp-Jmf28Uc88iZ2jLgtMRjn2gW0orrJ4K201r6Y6OlHkacQ==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:51 GMT
age: 1966
etag: "5008d7344dd85ae61a598c17e7baf427def3e25d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 516776052e5e906ea9f42d25bae5cc85
be4c4d01fc67218e26a3e9d27a2f708e639c9d4b
28e70e38cfad65ad8a7a68ab1dc78747c7013a87b854fc35b163cc5765cd0570
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8460
x-amzn-requestid: 51416479-3854-4f1a-9d86-35e104c57f6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnkHuZIAMF-_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852963-180b323d4a45fa2f29f9b1fc;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ieDA8l_Up51cFaB9IExlSs8A5m-H77va1rCVF_WRMg_FN53Xakipuw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:55 GMT
age: 1962
etag: "be4c4d01fc67218e26a3e9d27a2f708e639c9d4b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 415b1b1d5a29fc17b4114bb3df1d1c22
600859401c885cc2cdd1f199cccc198eb41d6a04
abfbf4ecf2423736a29686859f6a8f2b77204b48f3f60d208f6d491e80611e7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7549
x-amzn-requestid: bb37235a-8c7d-47fe-abb6-6cc633560165
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP-7lHmsoAMF9lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638311e3-1f2a4abc40119f3e026dc393;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:29:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ds96jURZ0epaXMg2oTUETRQCpHwlVJrl5hTqvpUAWEGVa5rbDve1FA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:42 GMT
age: 1975
etag: "600859401c885cc2cdd1f199cccc198eb41d6a04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae2e2986caa15a90b615147f229b51ec
c6dfd277cdbd057472e6df6ad1a200f50684d442
ec3799922c38ee6394601744ff4b2c405ee44c4718a2b90c104134657f8b480b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9015
x-amzn-requestid: 9f657586-a44e-46f0-8c38-f1bf26142486
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVOlEE6ZoAMFUPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852aed-1da2400f4165dd553418f8b9;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:41:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mqdz1NhVCqmSrhYLIF0miDzrBiS82SUU6ZRFzDMllbCwS70hC0rMRQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:55 GMT
age: 1962
etag: "c6dfd277cdbd057472e6df6ad1a200f50684d442"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg
IP 34.120.237.76:0
File type gzip compressed data, from Unix\012- data
Hash 4d8ce89d2906aeee1ab361083a1e9c98
c33e0c8405ead947c2d14d5cfccbbff94ad15f49
7a1e55f2884dd1b4708d793582af694d89498a9c5bd2650377967d26107e56b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8106
x-amzn-requestid: 73d1b662-99a8-4ad7-95f9-c0b1ebf7c45a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnQEhQoAMFbLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852961-64954bc92997c9302e291381;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UO4hCMgPgR4-ld-QCKgNPrq4p1gduUSA5R4ffZmnFodBj-1_NcFLmg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:37:21 GMT
age: 2536
etag: "b703ea2cc2fcd68e60135ff77d5a5f1b93fac128"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 07:38:02 GMT
age: 52895
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xn--r1a.website/s/link11bet
95.216.186.40200 OK 16 kB URL HTTP/1.1 xn--r1a.website/s/link11bet
IP 95.216.186.40:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4717)
Hash 67153e6b7c86bb17270f2033524e9635
b0e25907a1e652c0f233844838f7e5fa77b1ab88
37526f940ad565dde0ea35a351fb05c06d3e18b8dfff363d423387dc72508cfa
Analyzer Verdict Alert fortinet Malware
GET /s/link11bet HTTP/1.1
Host: xn--r1a.website
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11betvn.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:19:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-control: no-store
Strict-Transport-Security: max-age=35768000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/s/gts1d4/vYokRaN0WWY
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/vYokRaN0WWY
IP 142.250.74.3:0
Hash cf77f57afb7ae26fe4b7de64fd967403
26558150a4307f66148288be7e8ee19c474c0d37
7260b1b50a46dc8f88ff77c69cb5a269f1ee7acdfaf19156553aa3007a2fef97
POST /s/gts1d4/vYokRaN0WWY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash a9f0e03f2efada930a487a1aa28897df
7b91d1a1c71413016cc49a21b017fbd42a83acfe
3f2cd743bbed5b9e8ab1e0fd2326d8433cdca752c9d75c99d77d9661ac5ec91a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 28 Nov 2022 22:19:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 28 Nov 2022 19:59:14 GMT
Expires: Tue, 29 Nov 2022 19:59:14 GMT
ETag: "7b91d1a1c71413016cc49a21b017fbd42a83acfe"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash a9f0e03f2efada930a487a1aa28897df
7b91d1a1c71413016cc49a21b017fbd42a83acfe
3f2cd743bbed5b9e8ab1e0fd2326d8433cdca752c9d75c99d77d9661ac5ec91a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 28 Nov 2022 22:19:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 28 Nov 2022 19:59:14 GMT
Expires: Tue, 29 Nov 2022 19:59:14 GMT
ETag: "7b91d1a1c71413016cc49a21b017fbd42a83acfe"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash a9f0e03f2efada930a487a1aa28897df
7b91d1a1c71413016cc49a21b017fbd42a83acfe
3f2cd743bbed5b9e8ab1e0fd2326d8433cdca752c9d75c99d77d9661ac5ec91a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 28 Nov 2022 22:19:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 28 Nov 2022 19:59:14 GMT
Expires: Tue, 29 Nov 2022 19:59:14 GMT
ETag: "7b91d1a1c71413016cc49a21b017fbd42a83acfe"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 8a7a9f972a314c66831b009d070792cb
d45a7880296d2456ace954cdbfb95a4f38f86ddd
25a7b2c691df37d602ea61d9c8d92760613ca6a98a39942d5bb9b92ea2f27057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=142521
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:39 GMT
Etag: "6384bdb4-118"
Expires: Wed, 30 Nov 2022 13:55:00 GMT
Last-Modified: Mon, 28 Nov 2022 13:55:00 GMT
Server: nginx
Content-Length: 280
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash a9f0e03f2efada930a487a1aa28897df
7b91d1a1c71413016cc49a21b017fbd42a83acfe
3f2cd743bbed5b9e8ab1e0fd2326d8433cdca752c9d75c99d77d9661ac5ec91a
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 28 Nov 2022 22:19:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 28 Nov 2022 19:59:14 GMT
Expires: Tue, 29 Nov 2022 19:59:14 GMT
ETag: "7b91d1a1c71413016cc49a21b017fbd42a83acfe"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
telegram.org/img/emoji/40/F09F92B5.png
149.154.167.99200 OK 2.9 kB URL HTTP/2 telegram.org/img/emoji/40/F09F92B5.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash b98dbf8508cd2bd9b000de5c2fab8748
e3e51a724b2c672c90dcb4e4e4cb8ee34e073ddd
32088c3ac9180fa33fe41514b214548a376659a21f1352c0710aa25cf20c8b5f
GET /img/emoji/40/F09F92B5.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/png
content-length: 2863
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-b2f"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F93B1.png
149.154.167.99200 OK 2.2 kB URL HTTP/2 telegram.org/img/emoji/40/F09F93B1.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 29fd774f03d371287cac7ba276a6fc02
98f6d293f9da81fde4c0273ae350006e49948883
41bf5a9ee3cf0ff995a577e997425b8c6145d25c871a20f2a3a4c6d9e848da87
GET /img/emoji/40/F09F93B1.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/png
content-length: 2242
last-modified: Wed, 31 Oct 2018 14:03:57 GMT
etag: "5bd9b64d-8c2"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/js/tgwallpaper.min.js?3
149.154.167.99200 OK 4.3 kB URL HTTP/2 telegram.org/js/tgwallpaper.min.js?3
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash d87cd67b20f5b641e3f836e6a5b3beb3
ff351d6768d3331f3d751941b5b5bec1d968fae3
4ff5c95f1529f4b96d28378459fe6f1c28b914d59e074ac7ac772aed17399864
GET /js/tgwallpaper.min.js?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/javascript
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
etag: W/"62211da5-ba3"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/js/jquery.min.js
149.154.167.99200 OK 43 kB URL HTTP/2 telegram.org/js/jquery.min.js
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash 0f366f7bbfdd04488d7c9760a18694f6
cd5ed835d5778860db1a946f063904425cb37153
602b262da883f99452998808fc2e875eb2f4c986e94ef1bd3d6dbcb879d913dc
GET /js/jquery.min.js HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-1762a"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F91A9E2808DF09F92BB.png
149.154.167.99200 OK 2.6 kB URL HTTP/2 telegram.org/img/emoji/40/F09F91A9E2808DF09F92BB.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 1a2f0252b4d9dc0b3420293357f156a2
c2e5e60d9b91e6a20881a67c657228722b83e6c3
8dc2f56cad68b26225002ceacbfe8a65834e6af32a69dbb790433963d4e38064
GET /img/emoji/40/F09F91A9E2808DF09F92BB.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/png
content-length: 2582
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-a16"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/E29AA0.png
149.154.167.99200 OK 1.4 kB URL HTTP/2 telegram.org/img/emoji/40/E29AA0.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash f76eff8d2dbee5aa32536ced0dcf7d76
f9823d6ef4fd2c0dc64c7e263bdaef8e7f1e9a9b
dbebe6c80950857355097ab1836ff152d5a02ec614b3acca0a358ca0fee5d9e6
GET /img/emoji/40/E29AA0.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/png
content-length: 1379
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-563"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/img/emoji/40/F09F93A3.png
149.154.167.99200 OK 2.9 kB URL HTTP/2 telegram.org/img/emoji/40/F09F93A3.png
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 34028b0e430b8836175223c2f98a6c36
0038fe29bfe3cdc68da807095f78c23e2ada8214
ae194ce29e7bb4c4a3dc4eac226f2a781d0d179aa9b3c065efa9083e3697bf9e
GET /img/emoji/40/F09F93A3.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/png
content-length: 2896
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
etag: "5dbb76a2-b50"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
149.154.167.99200 OK 11 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 11028, version 1.0\012- data
Hash 1f6d3cf6d38f25d83d95f5a800b8cac3
279f300ca2cbbdf9f5036ef2f438607fbf377daa
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/octet-stream
content-length: 11028
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b14"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
149.154.167.99200 OK 11 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 11072, version 1.0\012- data
Hash e7df3d0942815909add8f9d0c40d00d9
cf5032eea3399a58870e8a05e629b006a8c7c3c7
bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875
GET /fonts/Roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/octet-stream
content-length: 11072
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b40"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
IP 142.250.74.3:0
Hash 4f6ea9c59363a3e25bffa7d012b03be7
cc83ad5f995556c617d7f86eda5d3500e3ab3bc1
c00087bde73642a58a0a787bbd399f67d4e19aa2f01eaf7faffd34476b6745fa
POST /s/gts1d4/3TzBWVrTHYI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
IP 142.250.74.3:0
Hash 4f6ea9c59363a3e25bffa7d012b03be7
cc83ad5f995556c617d7f86eda5d3500e3ab3bc1
c00087bde73642a58a0a787bbd399f67d4e19aa2f01eaf7faffd34476b6745fa
POST /s/gts1d4/3TzBWVrTHYI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2
149.154.167.99200 OK 7.7 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 7676, version 1.0\012- data
Hash 90687dc5a4b6b6271c9f1c1d4986ca10
d21bd154ee1c06a125f08c306c24978db497ca1e
9cfe0546be6c8e0e13beeae9b8814f1e7bf0ff31fe4d286bf9ea12239a0abbd9
GET /fonts/Roboto/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/octet-stream
content-length: 7676
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-1dfc"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2
149.154.167.99200 OK 7.7 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 7736, version 1.0\012- data
Hash 93dcb0c222437699e9dd591d8b5a6b85
fad0a82ab491e6ee403e116475dd6ea9a4cd8733
582ca1c5738fa2697949cc4a495418e42df462e2bc3fc62bdae126bf159b6af5
GET /fonts/Roboto/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/octet-stream
content-length: 7736
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-1e38"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
IP 142.250.74.3:0
Hash 4f6ea9c59363a3e25bffa7d012b03be7
cc83ad5f995556c617d7f86eda5d3500e3ab3bc1
c00087bde73642a58a0a787bbd399f67d4e19aa2f01eaf7faffd34476b6745fa
POST /s/gts1d4/3TzBWVrTHYI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
telegram.org/css/font-roboto.css?1
149.154.167.99200 OK 1.1 kB URL HTTP/2 telegram.org/css/font-roboto.css?1
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash b19e0d5ef17dca71a47d435ead9589e5
868a54d8e20df5b80598e7022cfea5237bf2cf4d
74ea7140d6be38e1eaedb177fa7107b1b1ed3ec5a44a1b68b29e3132bf172582
GET /css/font-roboto.css?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: text/css
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: W/"63512b7d-1816"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
IP 142.250.74.3:0
Hash 4f6ea9c59363a3e25bffa7d012b03be7
cc83ad5f995556c617d7f86eda5d3500e3ab3bc1
c00087bde73642a58a0a787bbd399f67d4e19aa2f01eaf7faffd34476b6745fa
POST /s/gts1d4/3TzBWVrTHYI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn4.telegram-cdn.org/file/GmIg4tuW5lMgu_BnfGdYp7fXFLzYX9PQrHKfwuRlx-IyUnrbd2xyXkl4OslvR0pTyZ21rKkY_nca5Etg3FfJi53G8sGMlQN0S6N2UoyEXN7S-VS5NI3c9xps6NHCqSXZ7r7-4r1LMjpO93ksALOXHwc0YxA7bF5aONuDWVuW5w0Hc-c8sLvayW-YTDakixyMZzKNxeo8gjLZWqsrPcZ50S5rNBc3u96QFfW6Ks0QjuZMzBnYLPeZ89R_sNvU8F6AxcrJNOVTSpHRPtamqeWzRWJWAK91HKvk8FrCQ3gKPHH04LDBsX3MJrfILN-mF5OofNS3s1rwGzeo2H7u4_5E-g.jpg
34.111.35.152200 OK 66 kB URL HTTP/2 cdn4.telegram-cdn.org/file/GmIg4tuW5lMgu_BnfGdYp7fXFLzYX9PQrHKfwuRlx-IyUnrbd2xyXkl4OslvR0pTyZ21rKkY_nca5Etg3FfJi53G8sGMlQN0S6N2UoyEXN7S-VS5NI3c9xps6NHCqSXZ7r7-4r1LMjpO93ksALOXHwc0YxA7bF5aONuDWVuW5w0Hc-c8sLvayW-YTDakixyMZzKNxeo8gjLZWqsrPcZ50S5rNBc3u96QFfW6Ks0QjuZMzBnYLPeZ89R_sNvU8F6AxcrJNOVTSpHRPtamqeWzRWJWAK91HKvk8FrCQ3gKPHH04LDBsX3MJrfILN-mF5OofNS3s1rwGzeo2H7u4_5E-g.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash eff8e9bbbee4f3a2535933da95f96641
2241be870a19c2f5670fe32d93f73d71b95e1c4a
e66bff93cbdf431b6ff594feaa4f5148842bcc583063b46523d72d321b745007
GET /file/GmIg4tuW5lMgu_BnfGdYp7fXFLzYX9PQrHKfwuRlx-IyUnrbd2xyXkl4OslvR0pTyZ21rKkY_nca5Etg3FfJi53G8sGMlQN0S6N2UoyEXN7S-VS5NI3c9xps6NHCqSXZ7r7-4r1LMjpO93ksALOXHwc0YxA7bF5aONuDWVuW5w0Hc-c8sLvayW-YTDakixyMZzKNxeo8gjLZWqsrPcZ50S5rNBc3u96QFfW6Ks0QjuZMzBnYLPeZ89R_sNvU8F6AxcrJNOVTSpHRPtamqeWzRWJWAK91HKvk8FrCQ3gKPHH04LDBsX3MJrfILN-mF5OofNS3s1rwGzeo2H7u4_5E-g.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 65637
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "7b623e8bd6d9c7bff5ee9f673a01e2567bc66ecb"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/tC9YJ2laUNAXP5iV06lTQ3IF5zlS5jWX02cZKT3MiXf4zwz8BBTtU2f-mapKjN8-VvTzC35_aRJjTu-Y-f-nWu2w2rmN7lf0mcAa3ZmLQuRZgseNomzlhMkdZhE-lD7Gb3qlIy9_OSSSZoEAEfOhnRrvbVvX-uk3NwdKEfeTOB0JB2CoaMcodf8fx48A7e9sihQ5F7WY-fY1cn8Gkd-w08PzYam-HELuBPDRPzx92cmOFEOlaVB9T73qWMMrieiXLnywcIbsDvkk_UpqpTRRHlBBjbZ3ihS-nTir-AdFsGcHMEAvNQYBW4qCcGg9dwFBbNxIP-Zbja-kXmVa9XEZJQ.jpg
34.111.35.152200 OK 73 kB URL HTTP/2 cdn4.telegram-cdn.org/file/tC9YJ2laUNAXP5iV06lTQ3IF5zlS5jWX02cZKT3MiXf4zwz8BBTtU2f-mapKjN8-VvTzC35_aRJjTu-Y-f-nWu2w2rmN7lf0mcAa3ZmLQuRZgseNomzlhMkdZhE-lD7Gb3qlIy9_OSSSZoEAEfOhnRrvbVvX-uk3NwdKEfeTOB0JB2CoaMcodf8fx48A7e9sihQ5F7WY-fY1cn8Gkd-w08PzYam-HELuBPDRPzx92cmOFEOlaVB9T73qWMMrieiXLnywcIbsDvkk_UpqpTRRHlBBjbZ3ihS-nTir-AdFsGcHMEAvNQYBW4qCcGg9dwFBbNxIP-Zbja-kXmVa9XEZJQ.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash bb3544860728a67fe1f8b79556d21f3f
5782ad2f53acf9d69bd845460717094c4e83d6f4
8bb462f7ffce5db0508d9a87efe1eb684cb3efa7d32e36f67d0d33460073891d
GET /file/tC9YJ2laUNAXP5iV06lTQ3IF5zlS5jWX02cZKT3MiXf4zwz8BBTtU2f-mapKjN8-VvTzC35_aRJjTu-Y-f-nWu2w2rmN7lf0mcAa3ZmLQuRZgseNomzlhMkdZhE-lD7Gb3qlIy9_OSSSZoEAEfOhnRrvbVvX-uk3NwdKEfeTOB0JB2CoaMcodf8fx48A7e9sihQ5F7WY-fY1cn8Gkd-w08PzYam-HELuBPDRPzx92cmOFEOlaVB9T73qWMMrieiXLnywcIbsDvkk_UpqpTRRHlBBjbZ3ihS-nTir-AdFsGcHMEAvNQYBW4qCcGg9dwFBbNxIP-Zbja-kXmVa9XEZJQ.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 72835
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "fe70900c6ecc225bdd8b48116715967cea879aff"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/js/widget-frame.js?60
149.154.167.99200 OK 92 kB URL HTTP/2 telegram.org/js/widget-frame.js?60
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash 6a4a0f5372f7a033356157032082317f
571c9b98753b12dfa3a503ccd92985f15e920dcd
eb4e6cd1e5fd2c2a3585aa270822f9ed264a085aceacec6d848d025a8f7d397a
GET /js/widget-frame.js?60 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/javascript
last-modified: Sat, 08 Oct 2022 23:46:30 GMT
etag: W/"63420bd6-16c85"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/fLzgFKe4Y8LEHJDRCt3Y6cP3Id62s5Xv4vT6SEf-3mAXxMH8W5jQbS54V5QHH5Df5ADrX2Kvxgy-1TJcdwf6pUhOF9gxPTajSAP9tz-2LMbzzYaBFtXX14O5Fq-uOyCMOULTSqaOP-11RXYIbImp8d_alhCZ4zkzFleBHE4tEXl6Heah9-rx8NScTnhscL62w-4NxFafL4NVAJbqv5MPGbBZ3G4r7wURKLas0qF8_QJ-RJdMrjmnMxnxSkXGoWY7ptlsGoioZreW_QJVehJdCiA5p1-XjLxAuXgaW7bBkm7JJmEqLhXtwNfCgAypDMTggVMehU4QgjakRWX3dx-L-g.jpg
34.111.35.152200 OK 60 kB URL HTTP/2 cdn4.telegram-cdn.org/file/fLzgFKe4Y8LEHJDRCt3Y6cP3Id62s5Xv4vT6SEf-3mAXxMH8W5jQbS54V5QHH5Df5ADrX2Kvxgy-1TJcdwf6pUhOF9gxPTajSAP9tz-2LMbzzYaBFtXX14O5Fq-uOyCMOULTSqaOP-11RXYIbImp8d_alhCZ4zkzFleBHE4tEXl6Heah9-rx8NScTnhscL62w-4NxFafL4NVAJbqv5MPGbBZ3G4r7wURKLas0qF8_QJ-RJdMrjmnMxnxSkXGoWY7ptlsGoioZreW_QJVehJdCiA5p1-XjLxAuXgaW7bBkm7JJmEqLhXtwNfCgAypDMTggVMehU4QgjakRWX3dx-L-g.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash 96bd55feb85306af153c3c950c8e163a
9c3bcc36819610ded4f390c65c710ebe8f7d9c9e
9bec98ed5c28d7de81abf99e7bffbe658bb02954af26d76012eaf1e461ecb8bd
GET /file/fLzgFKe4Y8LEHJDRCt3Y6cP3Id62s5Xv4vT6SEf-3mAXxMH8W5jQbS54V5QHH5Df5ADrX2Kvxgy-1TJcdwf6pUhOF9gxPTajSAP9tz-2LMbzzYaBFtXX14O5Fq-uOyCMOULTSqaOP-11RXYIbImp8d_alhCZ4zkzFleBHE4tEXl6Heah9-rx8NScTnhscL62w-4NxFafL4NVAJbqv5MPGbBZ3G4r7wURKLas0qF8_QJ-RJdMrjmnMxnxSkXGoWY7ptlsGoioZreW_QJVehJdCiA5p1-XjLxAuXgaW7bBkm7JJmEqLhXtwNfCgAypDMTggVMehU4QgjakRWX3dx-L-g.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 60107
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "f4950321d7639fb9ed0601f4ebad03a59714b9fe"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/3TzBWVrTHYI
IP 142.250.74.3:0
Hash 4f6ea9c59363a3e25bffa7d012b03be7
cc83ad5f995556c617d7f86eda5d3500e3ab3bc1
c00087bde73642a58a0a787bbd399f67d4e19aa2f01eaf7faffd34476b6745fa
POST /s/gts1d4/3TzBWVrTHYI HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn4.telegram-cdn.org/file/HbqD8aZSv_rayZnd3tJqmKWCXNthd2UshSFbEbdIKt6fIski_W2GgMgSl56snseZqi0VbUtQNb3Lq64UUXRlKMJVyPrIy7GzKPbr8z0L7d86Zb9j73S22mKOnRZexYZwZXzLIItLKSBPsmUBMp9EXBOMo4aYvo_aYi0nVz5xs5KUymAUuYNMzbA3_VNEIX77us1_N1-bGL1y5l2o7u2TYfwfolx38g2fD2ozBxReZRkc-kCazdwPfKFwfhlflqTl-CuWF0mNAFF1HkhhcjXTutalZSo7fytYtYHdMKCGYZ07O7NXvTi6tADhnxodpQ4TE1rCZ8lgvtV5Z9RV5GPQLA.jpg
34.111.35.152200 OK 66 kB URL HTTP/2 cdn4.telegram-cdn.org/file/HbqD8aZSv_rayZnd3tJqmKWCXNthd2UshSFbEbdIKt6fIski_W2GgMgSl56snseZqi0VbUtQNb3Lq64UUXRlKMJVyPrIy7GzKPbr8z0L7d86Zb9j73S22mKOnRZexYZwZXzLIItLKSBPsmUBMp9EXBOMo4aYvo_aYi0nVz5xs5KUymAUuYNMzbA3_VNEIX77us1_N1-bGL1y5l2o7u2TYfwfolx38g2fD2ozBxReZRkc-kCazdwPfKFwfhlflqTl-CuWF0mNAFF1HkhhcjXTutalZSo7fytYtYHdMKCGYZ07O7NXvTi6tADhnxodpQ4TE1rCZ8lgvtV5Z9RV5GPQLA.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash fe1071c560a46079a04de080e031e583
8e4800ed03d5a925017d1953e4fa50dec0019f32
caf976ed6452f0501e36437d07e4a374ac56e3961478131b3dfb67d6d31859b4
GET /file/HbqD8aZSv_rayZnd3tJqmKWCXNthd2UshSFbEbdIKt6fIski_W2GgMgSl56snseZqi0VbUtQNb3Lq64UUXRlKMJVyPrIy7GzKPbr8z0L7d86Zb9j73S22mKOnRZexYZwZXzLIItLKSBPsmUBMp9EXBOMo4aYvo_aYi0nVz5xs5KUymAUuYNMzbA3_VNEIX77us1_N1-bGL1y5l2o7u2TYfwfolx38g2fD2ozBxReZRkc-kCazdwPfKFwfhlflqTl-CuWF0mNAFF1HkhhcjXTutalZSo7fytYtYHdMKCGYZ07O7NXvTi6tADhnxodpQ4TE1rCZ8lgvtV5Z9RV5GPQLA.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 66362
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "bafda512b06499c14dff08dfc7ebe9356932dff4"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/BVPIuTtmR_yApD4C1KUN_6hfbtPfRexqqGyqtHqIxT8FXltN0-INBzn-WPXq5fcIOiCVjh3AGqX1I2-U9bLdAoLXU58VxrCJUmf8m6-emJQT3IE5HBxhhriBtq2gQ5e-iBHCKqdMLCn_C6Lo5zJ2D_TQfkQ6h5i9kWwk1xsQxNiYO29PNSMgAgW3RtnUhHc8GTekHmcz0moEHrJep7EMVc_EHzM3FRMuG0j3NNbmHs0xSub52nQtJnhCXyV0Y6MtN4GEdNTkkvjfwpDrRHmtzAHc5xDtUsvfBJZ5qkfkC0H7EFbi1ojekNVMe3KpqSagYQS0BDI0Xc578JzfpUVfQg.jpg
34.111.35.152200 OK 65 kB URL HTTP/2 cdn4.telegram-cdn.org/file/BVPIuTtmR_yApD4C1KUN_6hfbtPfRexqqGyqtHqIxT8FXltN0-INBzn-WPXq5fcIOiCVjh3AGqX1I2-U9bLdAoLXU58VxrCJUmf8m6-emJQT3IE5HBxhhriBtq2gQ5e-iBHCKqdMLCn_C6Lo5zJ2D_TQfkQ6h5i9kWwk1xsQxNiYO29PNSMgAgW3RtnUhHc8GTekHmcz0moEHrJep7EMVc_EHzM3FRMuG0j3NNbmHs0xSub52nQtJnhCXyV0Y6MtN4GEdNTkkvjfwpDrRHmtzAHc5xDtUsvfBJZ5qkfkC0H7EFbi1ojekNVMe3KpqSagYQS0BDI0Xc578JzfpUVfQg.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash 3626bf3d9ed1c5655b0a021f8500e49e
33d5c3c6201e6fdf8d89f1bd5c4176cd6993b0a5
6caa6acc8ba8d54d2ad427274cfe6308eb3200cb3eca2028ebba07ea38a9c286
GET /file/BVPIuTtmR_yApD4C1KUN_6hfbtPfRexqqGyqtHqIxT8FXltN0-INBzn-WPXq5fcIOiCVjh3AGqX1I2-U9bLdAoLXU58VxrCJUmf8m6-emJQT3IE5HBxhhriBtq2gQ5e-iBHCKqdMLCn_C6Lo5zJ2D_TQfkQ6h5i9kWwk1xsQxNiYO29PNSMgAgW3RtnUhHc8GTekHmcz0moEHrJep7EMVc_EHzM3FRMuG0j3NNbmHs0xSub52nQtJnhCXyV0Y6MtN4GEdNTkkvjfwpDrRHmtzAHc5xDtUsvfBJZ5qkfkC0H7EFbi1ojekNVMe3KpqSagYQS0BDI0Xc578JzfpUVfQg.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 64976
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "913feed42b8d62fd312123de7285183475986b8b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/fsi-aOLBvVcIWRi2M-9zkE7Hq4p0eUUMuM3jqtammi3_PhpEW4jBKCOdhtvBnbaMMhuNUsXeVx_P0Wz5D32Wy82Bd2rvltccDflUwank0ij9TZmGf3riGhMFMuRDHDuWeuVjWDPfYpx5x7L1UNCxnCmQ1n3rN6cdOUc3yl1ItsWMfs-TJ1v-UgVsn0jgkVCQEntlNKzGKtEYa6N_kjnf00Mg8UspGbCL6bUoe5Ll_coOYl-nR38cvlvK1lpfs8uvSIF4XGzcKpM88B-9OmQVUHSZOAwlVNLHRmtf9HJyUwS6c8pkyrvCElf8Rfh3ZxvV9vuyr_8cpG38YkVxYsm5ug.jpg
34.111.35.152200 OK 72 kB URL HTTP/2 cdn4.telegram-cdn.org/file/fsi-aOLBvVcIWRi2M-9zkE7Hq4p0eUUMuM3jqtammi3_PhpEW4jBKCOdhtvBnbaMMhuNUsXeVx_P0Wz5D32Wy82Bd2rvltccDflUwank0ij9TZmGf3riGhMFMuRDHDuWeuVjWDPfYpx5x7L1UNCxnCmQ1n3rN6cdOUc3yl1ItsWMfs-TJ1v-UgVsn0jgkVCQEntlNKzGKtEYa6N_kjnf00Mg8UspGbCL6bUoe5Ll_coOYl-nR38cvlvK1lpfs8uvSIF4XGzcKpM88B-9OmQVUHSZOAwlVNLHRmtf9HJyUwS6c8pkyrvCElf8Rfh3ZxvV9vuyr_8cpG38YkVxYsm5ug.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash 9086686585e7812f8893f1360151febc
95ec54076829372b17fbf0cde971adef524f4eb1
647e61053bf660b8c5b9aaeffdeb16d15e17595954643a29467b314d390db0d0
GET /file/fsi-aOLBvVcIWRi2M-9zkE7Hq4p0eUUMuM3jqtammi3_PhpEW4jBKCOdhtvBnbaMMhuNUsXeVx_P0Wz5D32Wy82Bd2rvltccDflUwank0ij9TZmGf3riGhMFMuRDHDuWeuVjWDPfYpx5x7L1UNCxnCmQ1n3rN6cdOUc3yl1ItsWMfs-TJ1v-UgVsn0jgkVCQEntlNKzGKtEYa6N_kjnf00Mg8UspGbCL6bUoe5Ll_coOYl-nR38cvlvK1lpfs8uvSIF4XGzcKpM88B-9OmQVUHSZOAwlVNLHRmtf9HJyUwS6c8pkyrvCElf8Rfh3ZxvV9vuyr_8cpG38YkVxYsm5ug.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 72546
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "1db753cf133c3188445c680be21fc65c71b7e5a4"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/Fr4PSszvFq8jmX3cLL44glx_h8dOQGenHspO2DLWmT_bCyDkpQ9qnxmyVClnwDtlCUqtPiSb8Bo04aBh8Sh3U_BVziPAVmeSjfeU4ywogiOIVbFRPr3M7ZWb1TkSSnnZXbmbtjVM1nDVLEhP_f8ViWhgxMYRaMvBpOhw_HP2JfDjJqEYWDu9Y3TTLhlOn8wM-lhb9X5-QNY09LuhUndHUKzcXO83q8Kx52s9X1TRhgBSnhEZ_wEyqFqKwIKAAopI0qEW2zVPoLbFBvJuVOUvhuujcLrkA4SVCZ9FCfDpHXvDiZut7xv5BEAQDwW43G2XhBqJ_SP0FdcLd-ZMCJJU3g.jpg
34.111.35.152200 OK 72 kB URL HTTP/2 cdn4.telegram-cdn.org/file/Fr4PSszvFq8jmX3cLL44glx_h8dOQGenHspO2DLWmT_bCyDkpQ9qnxmyVClnwDtlCUqtPiSb8Bo04aBh8Sh3U_BVziPAVmeSjfeU4ywogiOIVbFRPr3M7ZWb1TkSSnnZXbmbtjVM1nDVLEhP_f8ViWhgxMYRaMvBpOhw_HP2JfDjJqEYWDu9Y3TTLhlOn8wM-lhb9X5-QNY09LuhUndHUKzcXO83q8Kx52s9X1TRhgBSnhEZ_wEyqFqKwIKAAopI0qEW2zVPoLbFBvJuVOUvhuujcLrkA4SVCZ9FCfDpHXvDiZut7xv5BEAQDwW43G2XhBqJ_SP0FdcLd-ZMCJJU3g.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash fe4f30f2441b39e714fac7cb4c4af6b6
c478d7ce2b270c1b60bbc527ff81ccb8a247655f
6edda4675013a81f75c8086c4eecac39d6926a15c77df51246cbb6c150177062
GET /file/Fr4PSszvFq8jmX3cLL44glx_h8dOQGenHspO2DLWmT_bCyDkpQ9qnxmyVClnwDtlCUqtPiSb8Bo04aBh8Sh3U_BVziPAVmeSjfeU4ywogiOIVbFRPr3M7ZWb1TkSSnnZXbmbtjVM1nDVLEhP_f8ViWhgxMYRaMvBpOhw_HP2JfDjJqEYWDu9Y3TTLhlOn8wM-lhb9X5-QNY09LuhUndHUKzcXO83q8Kx52s9X1TRhgBSnhEZ_wEyqFqKwIKAAopI0qEW2zVPoLbFBvJuVOUvhuujcLrkA4SVCZ9FCfDpHXvDiZut7xv5BEAQDwW43G2XhBqJ_SP0FdcLd-ZMCJJU3g.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 71818
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "098b93533f8d1034334be9db5bf00a839aa98bfa"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/I1TUp5DmwWjhtk3LdqZmwfw5U3O5M0SCmiwByF1t3ov6PhlH74EaL_ZlY01JHaG0vz3DeppqJ6j49PYomXxVhLPMue8rjUBZdEExAIBNlJjEpas5GiWDy0Lgp2HJCxM6Jf9RvfW1oqIkot0aYnqJVeeinOXq0zAagIXbMyKRewNoEqVqTx9myL3Z97MMBejwajjcrV2QSwb7WoToXbq4mPaValDX3pzP_ncTGvuPJyqs8sqycd1TH0v3aVSE0hX6fGf9SRn9SUgnk1e5b5T-3WoQ8PG2pd3JBKvoqd14wxPSWPvIYHz-RNdctgoJfBiNXfugI8OVlNYuttMAHluPiw.jpg
34.111.35.152200 OK 78 kB URL HTTP/2 cdn4.telegram-cdn.org/file/I1TUp5DmwWjhtk3LdqZmwfw5U3O5M0SCmiwByF1t3ov6PhlH74EaL_ZlY01JHaG0vz3DeppqJ6j49PYomXxVhLPMue8rjUBZdEExAIBNlJjEpas5GiWDy0Lgp2HJCxM6Jf9RvfW1oqIkot0aYnqJVeeinOXq0zAagIXbMyKRewNoEqVqTx9myL3Z97MMBejwajjcrV2QSwb7WoToXbq4mPaValDX3pzP_ncTGvuPJyqs8sqycd1TH0v3aVSE0hX6fGf9SRn9SUgnk1e5b5T-3WoQ8PG2pd3JBKvoqd14wxPSWPvIYHz-RNdctgoJfBiNXfugI8OVlNYuttMAHluPiw.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash 892b477c57f9663918d7353b9d1ca862
922ae0de04d41de4e21c307e6d590c7b340d00db
53bc7b0dff95ca46566e35221833ac7c6e500edf776d292876f249a5a3dd26b7
GET /file/I1TUp5DmwWjhtk3LdqZmwfw5U3O5M0SCmiwByF1t3ov6PhlH74EaL_ZlY01JHaG0vz3DeppqJ6j49PYomXxVhLPMue8rjUBZdEExAIBNlJjEpas5GiWDy0Lgp2HJCxM6Jf9RvfW1oqIkot0aYnqJVeeinOXq0zAagIXbMyKRewNoEqVqTx9myL3Z97MMBejwajjcrV2QSwb7WoToXbq4mPaValDX3pzP_ncTGvuPJyqs8sqycd1TH0v3aVSE0hX6fGf9SRn9SUgnk1e5b5T-3WoQ8PG2pd3JBKvoqd14wxPSWPvIYHz-RNdctgoJfBiNXfugI8OVlNYuttMAHluPiw.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 78132
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "9dbcb68ab680c56009b800e534ce276760360975"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/cZfe6WUO-DyOQ8s0-1t1ZZp4D_MQp6hB107a9ccYYucblQe9euxDBCFjYq2JTKzlMctJiwQnuKuvJZpHAC8zFtsHDKYT-zuUkekzpBqo4w7ci2cOEX2GSvVJahYqPdIVehQQ39WS_sivCLxVBIPpBeC6J7ElMTwJLCYJ11eheC503UJcvAQT86edZv9t_C8Bjt1uZxorLHrEHEmG5JeQ_XoCuALrRfg0XJCXyAjycuJ-xc8295I9HXGKUvCvL6YlxpkzTyjhipNIS7HN_6VAZDmoro4qYQzYeCcFA4vWgQKKcLddLWunYWMFHoVsEkK5XEbAZ5oGyxbROz3rPHRvvQ.jpg
34.111.35.152200 OK 71 kB URL HTTP/2 cdn4.telegram-cdn.org/file/cZfe6WUO-DyOQ8s0-1t1ZZp4D_MQp6hB107a9ccYYucblQe9euxDBCFjYq2JTKzlMctJiwQnuKuvJZpHAC8zFtsHDKYT-zuUkekzpBqo4w7ci2cOEX2GSvVJahYqPdIVehQQ39WS_sivCLxVBIPpBeC6J7ElMTwJLCYJ11eheC503UJcvAQT86edZv9t_C8Bjt1uZxorLHrEHEmG5JeQ_XoCuALrRfg0XJCXyAjycuJ-xc8295I9HXGKUvCvL6YlxpkzTyjhipNIS7HN_6VAZDmoro4qYQzYeCcFA4vWgQKKcLddLWunYWMFHoVsEkK5XEbAZ5oGyxbROz3rPHRvvQ.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash 490dd02e3adec5aeb7ef3b0b4a6e7f76
633a12ad487ed6296268b2b19bc5bbcab11159b8
6cde9fa0c7198e9a0c63ff425e778eb0baa635feb1ed89cf5f00423d19ef5897
GET /file/cZfe6WUO-DyOQ8s0-1t1ZZp4D_MQp6hB107a9ccYYucblQe9euxDBCFjYq2JTKzlMctJiwQnuKuvJZpHAC8zFtsHDKYT-zuUkekzpBqo4w7ci2cOEX2GSvVJahYqPdIVehQQ39WS_sivCLxVBIPpBeC6J7ElMTwJLCYJ11eheC503UJcvAQT86edZv9t_C8Bjt1uZxorLHrEHEmG5JeQ_XoCuALrRfg0XJCXyAjycuJ-xc8295I9HXGKUvCvL6YlxpkzTyjhipNIS7HN_6VAZDmoro4qYQzYeCcFA4vWgQKKcLddLWunYWMFHoVsEkK5XEbAZ5oGyxbROz3rPHRvvQ.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 70578
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "d9d93466d94501fe1ca2f68556dfe9dc0b631e19"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/gloKNtUG6OVRo27DPbkh8kVl0bVtL913PsxoVUTHAaxxDdNS_ab591Ac6boZE_ywIxbfE8QkqteFMD4cyiIpnfT9q5f22smCqGb9djnhr2bLh9lNnWhdMO7Cuh5YiDENp98lMep-dPtXUH5k95jSYX6MGYZafcJM668qpOM0siGWLOMoYz8Fc-eqLbWf_eEMqEy_WqmtIVAVJmAsVcpTOBMh67i5-G7wlAxI3Z-3XpQ3jovAf1pzovKoCI2uZ5UI8zIMrKjBIN1jb5bbqQK4Qs0kZ0swpBl0BrXZWVp_BH9uU1KK4qCkwNJnpq9r8STowE8V4ZsMC0rAWqJL7NC9Vw.jpg
34.111.35.152200 OK 75 kB URL HTTP/2 cdn4.telegram-cdn.org/file/gloKNtUG6OVRo27DPbkh8kVl0bVtL913PsxoVUTHAaxxDdNS_ab591Ac6boZE_ywIxbfE8QkqteFMD4cyiIpnfT9q5f22smCqGb9djnhr2bLh9lNnWhdMO7Cuh5YiDENp98lMep-dPtXUH5k95jSYX6MGYZafcJM668qpOM0siGWLOMoYz8Fc-eqLbWf_eEMqEy_WqmtIVAVJmAsVcpTOBMh67i5-G7wlAxI3Z-3XpQ3jovAf1pzovKoCI2uZ5UI8zIMrKjBIN1jb5bbqQK4Qs0kZ0swpBl0BrXZWVp_BH9uU1KK4qCkwNJnpq9r8STowE8V4ZsMC0rAWqJL7NC9Vw.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash c97175bfcb31de13b0afcc99a7a7468f
aa346d80cc091d12211f07dd58ee2de524d0feb6
ffbbb9a4695e0b4fab4a88ec730d35e629232a8e883ee7f792d7433182e72668
GET /file/gloKNtUG6OVRo27DPbkh8kVl0bVtL913PsxoVUTHAaxxDdNS_ab591Ac6boZE_ywIxbfE8QkqteFMD4cyiIpnfT9q5f22smCqGb9djnhr2bLh9lNnWhdMO7Cuh5YiDENp98lMep-dPtXUH5k95jSYX6MGYZafcJM668qpOM0siGWLOMoYz8Fc-eqLbWf_eEMqEy_WqmtIVAVJmAsVcpTOBMh67i5-G7wlAxI3Z-3XpQ3jovAf1pzovKoCI2uZ5UI8zIMrKjBIN1jb5bbqQK4Qs0kZ0swpBl0BrXZWVp_BH9uU1KK4qCkwNJnpq9r8STowE8V4ZsMC0rAWqJL7NC9Vw.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 74923
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "35039a5834b3da9a0052b1e797ae2fcc539d39a5"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/js/telegram-web.js?14
149.154.167.99200 OK 64 kB URL HTTP/2 telegram.org/js/telegram-web.js?14
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash 367b4e1560ee0afa9e4701b676645e08
c65692fd354f3bd07687bd7a306e696dd60ca921
5ccea9801bbb7f67683fab05af335bf6c74db3368651b21bef3b5756f712666a
GET /js/telegram-web.js?14 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/javascript
last-modified: Fri, 18 Mar 2022 10:32:52 GMT
etag: W/"62345fd4-2e63"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/qqTsZEemS1fIJ3rVoTeVnfqhGJzRpp72HsLUx99A6t-oc7acCwRErIIXpcBF5OX3539hWe7uUwxIZV9JbTdr0UznWkx1_vxDeS4C01QUZRCU2Lf3G2gYUxw-RejomQgxpHI2a6xfwl8fICeRwRvE0rwysBZTONsY97MSpoCXBfUNklpIFm3SbwAg1WkTXsip0IX1VLM7auay7sSsG6tTPUe3fXvc_WFLnvqly4_XKVHWtKbOrQ7tqZCFx3VxMTn5agjHWv7xkZRvnPc8lOb0HKVNRJMwm027zNvysD0V631ei98lxKRa0nKzYhG8cR4Q53QVhByxAvlTqw-kpNKbVA.jpg
34.111.35.152200 OK 83 kB URL HTTP/2 cdn4.telegram-cdn.org/file/qqTsZEemS1fIJ3rVoTeVnfqhGJzRpp72HsLUx99A6t-oc7acCwRErIIXpcBF5OX3539hWe7uUwxIZV9JbTdr0UznWkx1_vxDeS4C01QUZRCU2Lf3G2gYUxw-RejomQgxpHI2a6xfwl8fICeRwRvE0rwysBZTONsY97MSpoCXBfUNklpIFm3SbwAg1WkTXsip0IX1VLM7auay7sSsG6tTPUe3fXvc_WFLnvqly4_XKVHWtKbOrQ7tqZCFx3VxMTn5agjHWv7xkZRvnPc8lOb0HKVNRJMwm027zNvysD0V631ei98lxKRa0nKzYhG8cR4Q53QVhByxAvlTqw-kpNKbVA.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash ec5d967bc27a0de9063555033355b6ee
25a2a9ba00d8456658a207c667f471aa34df1d66
9f03c709d6a3d56e5b411c525b767e3d925d52f06736900952414327ee6dca82
GET /file/qqTsZEemS1fIJ3rVoTeVnfqhGJzRpp72HsLUx99A6t-oc7acCwRErIIXpcBF5OX3539hWe7uUwxIZV9JbTdr0UznWkx1_vxDeS4C01QUZRCU2Lf3G2gYUxw-RejomQgxpHI2a6xfwl8fICeRwRvE0rwysBZTONsY97MSpoCXBfUNklpIFm3SbwAg1WkTXsip0IX1VLM7auay7sSsG6tTPUe3fXvc_WFLnvqly4_XKVHWtKbOrQ7tqZCFx3VxMTn5agjHWv7xkZRvnPc8lOb0HKVNRJMwm027zNvysD0V631ei98lxKRa0nKzYhG8cR4Q53QVhByxAvlTqw-kpNKbVA.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 82635
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "138a4e2fd8fd7284780ee1a58e8a76e14dbc7a9d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/DV7sKBJPECxctj0FWyx0nSta0pWNMeQmWxyyyN-ZWeMdLOznX7Z9wZFfrnshSnyfo3lw_f-kazN9JloJXPduTn9r6UBb9kYo7fDbcQXrIH_cWBKXdg2eDoTtR1q2-5XoOs6Ze_VCj9JE0JlKQlCaJTZMR1SVlSxbxDAA3Mcjf_1s-qKQWg7KS38bNF60DL7egscRyT14L_A1plgwKtLp0eAeUN6D26Cncp-BDfeVnQnMme1diuEuD6CQ2nRUv2NJbYtQiu6QCSL0_2jg7orPc_PbIaecwnpXDCyXvqfghnOQawOuFTe5uhxCCqks2oNh-EHHzQLF7jtoZ8VfWd_egA.jpg
34.111.35.152200 OK 70 kB URL HTTP/2 cdn4.telegram-cdn.org/file/DV7sKBJPECxctj0FWyx0nSta0pWNMeQmWxyyyN-ZWeMdLOznX7Z9wZFfrnshSnyfo3lw_f-kazN9JloJXPduTn9r6UBb9kYo7fDbcQXrIH_cWBKXdg2eDoTtR1q2-5XoOs6Ze_VCj9JE0JlKQlCaJTZMR1SVlSxbxDAA3Mcjf_1s-qKQWg7KS38bNF60DL7egscRyT14L_A1plgwKtLp0eAeUN6D26Cncp-BDfeVnQnMme1diuEuD6CQ2nRUv2NJbYtQiu6QCSL0_2jg7orPc_PbIaecwnpXDCyXvqfghnOQawOuFTe5uhxCCqks2oNh-EHHzQLF7jtoZ8VfWd_egA.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash c53ddc599a7c1ba01e7964977c36ff44
bf4e89d624818c3f224a536469e2b660b81b61df
abe51f6df4993318473c3ddbe3cc7fc299f532e29a8e55a62e08f9455d9eba0b
GET /file/DV7sKBJPECxctj0FWyx0nSta0pWNMeQmWxyyyN-ZWeMdLOznX7Z9wZFfrnshSnyfo3lw_f-kazN9JloJXPduTn9r6UBb9kYo7fDbcQXrIH_cWBKXdg2eDoTtR1q2-5XoOs6Ze_VCj9JE0JlKQlCaJTZMR1SVlSxbxDAA3Mcjf_1s-qKQWg7KS38bNF60DL7egscRyT14L_A1plgwKtLp0eAeUN6D26Cncp-BDfeVnQnMme1diuEuD6CQ2nRUv2NJbYtQiu6QCSL0_2jg7orPc_PbIaecwnpXDCyXvqfghnOQawOuFTe5uhxCCqks2oNh-EHHzQLF7jtoZ8VfWd_egA.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 69757
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "9280aaea795327854cf131c00aa5a17dd60a347c"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/sim0n2sF_4XAZibmOmmdY9Vvyum_1eFCbUR_DpY4eSF4HX0rx6xKr0QIn_JiUXd3Qdbt7lbtKJsDAKDU939Cl0mgdQLpcRRwR_Ga0nYpVqMsGJIcDnPkB2eNKEP2pDnTqTIOkzhdQND49tAVbfYeHnyteVmSrEpSf0bbwJt1leki2w_jIAqEHIhM17utyykO3YB2ivFZH3Ym-7rOEE4FdZ-c8S8FefSWouE-LW-3UsG8v5s_aH5UF5_WAQRs2sbu8JMcKEHJ_upghRx_ZvBtyV12-SeI-hD1nTFzaQ4FJagE1l8djBiVQJIweFwmQuWjBsAKtVwsMRZDzv17bwJsjQ.jpg
34.111.35.152200 OK 67 kB URL HTTP/2 cdn4.telegram-cdn.org/file/sim0n2sF_4XAZibmOmmdY9Vvyum_1eFCbUR_DpY4eSF4HX0rx6xKr0QIn_JiUXd3Qdbt7lbtKJsDAKDU939Cl0mgdQLpcRRwR_Ga0nYpVqMsGJIcDnPkB2eNKEP2pDnTqTIOkzhdQND49tAVbfYeHnyteVmSrEpSf0bbwJt1leki2w_jIAqEHIhM17utyykO3YB2ivFZH3Ym-7rOEE4FdZ-c8S8FefSWouE-LW-3UsG8v5s_aH5UF5_WAQRs2sbu8JMcKEHJ_upghRx_ZvBtyV12-SeI-hD1nTFzaQ4FJagE1l8djBiVQJIweFwmQuWjBsAKtVwsMRZDzv17bwJsjQ.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash 55ffb3cb7a1cc136321d8dee563ffd6a
64edecb9a136643b524ae7380f3abd6b4ba2eed6
4394a8b2117712455b98640287a5aee542f41aa491d9991d4b80882241738556
GET /file/sim0n2sF_4XAZibmOmmdY9Vvyum_1eFCbUR_DpY4eSF4HX0rx6xKr0QIn_JiUXd3Qdbt7lbtKJsDAKDU939Cl0mgdQLpcRRwR_Ga0nYpVqMsGJIcDnPkB2eNKEP2pDnTqTIOkzhdQND49tAVbfYeHnyteVmSrEpSf0bbwJt1leki2w_jIAqEHIhM17utyykO3YB2ivFZH3Ym-7rOEE4FdZ-c8S8FefSWouE-LW-3UsG8v5s_aH5UF5_WAQRs2sbu8JMcKEHJ_upghRx_ZvBtyV12-SeI-hD1nTFzaQ4FJagE1l8djBiVQJIweFwmQuWjBsAKtVwsMRZDzv17bwJsjQ.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 66633
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "3abb6af6f707192213d510cab6c4df1c87f39b34"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn4.telegram-cdn.org/file/k3em1pUe9J-Rrg79eljB7P-BetHcLgkdWdkn3U5pakwWCvtLuMl0HaSx5tGYZyVbnPM9Jnu8788ujxK3H-QHeC8P2iZD3J0Gj3wdpChTdViTS9RlrCYhStMQhcL5-NKnem8qIYo7Pq5Fe-BJHsdRzGO4DBmVPq_eUIBqI4MVZqvIlVZEbpWp4PNUq5T_UaVDHuuU8bSysb7CB9nWzyWUPKqWDwD7bBaejDeKskRtiuIPWvLnc6CUHNYFhF2prTCAX5tSaJeGLEyoSDDKIBQR95IwgFIIwvz2TuAwkzYRNBLoK1PfZWnY8XwNLM2rX4V63kCCifsyoLXh3YlGN0-WYw.jpg
34.111.35.152200 OK 63 kB URL HTTP/2 cdn4.telegram-cdn.org/file/k3em1pUe9J-Rrg79eljB7P-BetHcLgkdWdkn3U5pakwWCvtLuMl0HaSx5tGYZyVbnPM9Jnu8788ujxK3H-QHeC8P2iZD3J0Gj3wdpChTdViTS9RlrCYhStMQhcL5-NKnem8qIYo7Pq5Fe-BJHsdRzGO4DBmVPq_eUIBqI4MVZqvIlVZEbpWp4PNUq5T_UaVDHuuU8bSysb7CB9nWzyWUPKqWDwD7bBaejDeKskRtiuIPWvLnc6CUHNYFhF2prTCAX5tSaJeGLEyoSDDKIBQR95IwgFIIwvz2TuAwkzYRNBLoK1PfZWnY8XwNLM2rX4V63kCCifsyoLXh3YlGN0-WYw.jpg
IP 34.111.35.152:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash c75af578878aa268a1f1be1b952f469b
63dad80dfb0c2e7819fce7e965dd995e76aaaf92
15600fe69eaa5d428e16d13513a17e15ac3d3dcf9cd8ecffc6bd5409d651a34d
GET /file/k3em1pUe9J-Rrg79eljB7P-BetHcLgkdWdkn3U5pakwWCvtLuMl0HaSx5tGYZyVbnPM9Jnu8788ujxK3H-QHeC8P2iZD3J0Gj3wdpChTdViTS9RlrCYhStMQhcL5-NKnem8qIYo7Pq5Fe-BJHsdRzGO4DBmVPq_eUIBqI4MVZqvIlVZEbpWp4PNUq5T_UaVDHuuU8bSysb7CB9nWzyWUPKqWDwD7bBaejDeKskRtiuIPWvLnc6CUHNYFhF2prTCAX5tSaJeGLEyoSDDKIBQR95IwgFIIwvz2TuAwkzYRNBLoK1PfZWnY8XwNLM2rX4V63kCCifsyoLXh3YlGN0-WYw.jpg HTTP/1.1
Host: cdn4.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/jpeg
content-length: 63007
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
cache-control: public,max-age=7200
etag: "7dfa7d69df02113730dbbc4d96c8aec697531b75"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
telegram.org/js/tgsticker.js?29
149.154.167.99200 OK 77 kB URL HTTP/2 telegram.org/js/tgsticker.js?29
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash 8e97d3e17e1f497605e825ffb4772d43
59dd244d35cc4f87056c0eb0991b9a07b57bd160
a1e1c120895ca084d532a20e81f84139e407741fe9200cb4dcd778e8a63b837b
GET /js/tgsticker.js?29 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/javascript
last-modified: Wed, 29 Jun 2022 21:52:44 GMT
etag: W/"62bcc9ac-5faf"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/js/jquery-ui.min.js
149.154.167.99200 OK 99 kB URL HTTP/2 telegram.org/js/jquery-ui.min.js
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash 5f34772ab17b423d3329cc8533d94e07
ad82ad80b7aaee204d99a0f6012233abfa67d583
0b10f3fe7cee2445f2ad7b00910829b14842ab2e2657cac7b5912ab89342923f
GET /js/jquery-ui.min.js HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-181a9"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
telegram.org/css/telegram-web.css?36
149.154.167.99200 OK 9.8 kB URL HTTP/2 telegram.org/css/telegram-web.css?36
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash 5fe7ccdf8cd6eea224374d8d13a8bd52
3ea9739eedcb94e156f06cb2eec580d6ec81596e
3489a3c1ffca4371372101b7603b112c440c009add5c5e9f969ae255accce3b1
GET /css/telegram-web.css?36 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: text/css
last-modified: Mon, 21 Nov 2022 12:06:59 GMT
etag: W/"637b69e3-6b2d"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
xn--r1a.website/v/
95.216.186.40200 OK 24 B IP 95.216.186.40:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with no line terminators
Hash 01e9a6bdf6f882e64253608f6b3d65f3
b25d1264aeffa89799841518a2bccbb408b4437b
5191dd01952ad22c138d1fb8b253c4ba28ed0b823ac46648b4c033c605983ab9
Analyzer Verdict Alert fortinet Malware
POST /v/ HTTP/1.1
Host: xn--r1a.website
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 93
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://xn--r1a.website/s/link11bet
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:19:40 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: stel_ssid=6adbe1477fb7148c7c_6899028960766985366; expires=Tue, 29 Nov 2022 22:19:40 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
Strict-Transport-Security: max-age=35768000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2
149.154.167.99200 OK 3.5 kB URL HTTP/2 telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
File type Web Open Font Format (Version 2), TrueType, length 3496, version 1.0\012- data
Hash e64969a373d0acf2586d1fd4224abb90
c654a76bf4dd81fb918d3e08461c7123e5be1993
4f393c516f720fc9745e48f9e2662ba069eb70e43bc95fe327225d47d5c89fef
GET /fonts/Roboto/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xn--r1a.website
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:40 GMT
content-type: application/octet-stream
content-length: 3496
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-da8"
expires: Fri, 02 Dec 2022 22:19:40 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 8a7a9f972a314c66831b009d070792cb
d45a7880296d2456ace954cdbfb95a4f38f86ddd
25a7b2c691df37d602ea61d9c8d92760613ca6a98a39942d5bb9b92ea2f27057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=142521
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:40 GMT
Etag: "6384bdb4-118"
Expires: Wed, 30 Nov 2022 13:55:01 GMT
Last-Modified: Mon, 28 Nov 2022 13:55:00 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
cdn5.telegram-cdn.org/file/DjdUWvM5KHazSepeeLzfaBukn9MnQuVNWEUtCIDFlMjG3cX-b0eKuVi3hoQtP6AdjOFy3NGVEgCM-jlkAsv8o1KAni2mNHeKNJCn2Lwx_samKXW3LT2WVU3x42tHwKvdJJQ1njXQ09VJrh6BbpFO-Os7rjRn2SW4OqSTn4jFfZcxPYfIwgrYEGjLqNgp2IVYbLlcQjEfCy2ZPV4TqT3ZqwmSgXnLaoMpQtpA8xrkoIilAfiZ30TeyQOz01VfRxoDYdcRDn8OIRsDcK5oppPH9C7Ej-qR9ZQI4EK9KgI99I4vNaHe9Q6Be2s3cHI262IOjV9-vUAGGbN52BggGnKenA.jpg
34.111.108.175200 OK 7.4 kB URL HTTP/2 cdn5.telegram-cdn.org/file/DjdUWvM5KHazSepeeLzfaBukn9MnQuVNWEUtCIDFlMjG3cX-b0eKuVi3hoQtP6AdjOFy3NGVEgCM-jlkAsv8o1KAni2mNHeKNJCn2Lwx_samKXW3LT2WVU3x42tHwKvdJJQ1njXQ09VJrh6BbpFO-Os7rjRn2SW4OqSTn4jFfZcxPYfIwgrYEGjLqNgp2IVYbLlcQjEfCy2ZPV4TqT3ZqwmSgXnLaoMpQtpA8xrkoIilAfiZ30TeyQOz01VfRxoDYdcRDn8OIRsDcK5oppPH9C7Ej-qR9ZQI4EK9KgI99I4vNaHe9Q6Be2s3cHI262IOjV9-vUAGGbN52BggGnKenA.jpg
IP 34.111.108.175:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 160x160, components 3\012- data
Hash 12fcc35dcc5a99d8b516bf2058a26899
fe12cde854b563c2fd22f8377ddd3815c3123216
89cf823956328176c0e3ae6f7729912cbcb0a45a04b0dbc07929fc186a490a52
GET /file/DjdUWvM5KHazSepeeLzfaBukn9MnQuVNWEUtCIDFlMjG3cX-b0eKuVi3hoQtP6AdjOFy3NGVEgCM-jlkAsv8o1KAni2mNHeKNJCn2Lwx_samKXW3LT2WVU3x42tHwKvdJJQ1njXQ09VJrh6BbpFO-Os7rjRn2SW4OqSTn4jFfZcxPYfIwgrYEGjLqNgp2IVYbLlcQjEfCy2ZPV4TqT3ZqwmSgXnLaoMpQtpA8xrkoIilAfiZ30TeyQOz01VfRxoDYdcRDn8OIRsDcK5oppPH9C7Ej-qR9ZQI4EK9KgI99I4vNaHe9Q6Be2s3cHI262IOjV9-vUAGGbN52BggGnKenA.jpg HTTP/1.1
Host: cdn5.telegram-cdn.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:40 GMT
content-type: image/jpeg
content-length: 7352
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
etag: "df741067181d04d47b7a4b84e3f25cfe78cdd1db"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
cache-control: max-age=3600,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/vYokRaN0WWY
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/vYokRaN0WWY
IP 142.250.74.3:0
Hash cf77f57afb7ae26fe4b7de64fd967403
26558150a4307f66148288be7e8ee19c474c0d37
7260b1b50a46dc8f88ff77c69cb5a269f1ee7acdfaf19156553aa3007a2fef97
POST /s/gts1d4/vYokRaN0WWY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:19:40 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
iwin.fan/wp-content/uploads/2022/11/11bet-WC2022-800x100-1.gif
104.21.1.212200 OK 140 kB URL HTTP/2 iwin.fan/wp-content/uploads/2022/11/11bet-WC2022-800x100-1.gif
IP 104.21.1.212:0
File type GIF image data, version 89a, 800 x 100\012- data
Size 140 kB (140475 bytes)
Hash 1110ade7201cd7994a08f7a518875467
a123004e7994c76191c8259bf2e9bea9941f861e
ef5f7a09bd1dd3a1696612a9cae8d71f5d96f119e1b444bc213ffc7faabdcaab
GET /wp-content/uploads/2022/11/11bet-WC2022-800x100-1.gif HTTP/1.1
Host: iwin.fan
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11betvn.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:19:40 GMT
content-type: image/gif
content-length: 140475
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:19:39 GMT
last-modified: Sat, 19 Nov 2022 02:03:35 GMT
etag: "224bb-63783977-a611a07dd29029bb;;;"
platform: hostinger
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WTOYF3OFgAL6bJwakPvMX%2FH95uaJRtzghcZ9dr5sKRkmTp5mwuEev7E2YXqxsP%2Fw1CHtdlE%2BWHwLkcjPrGCtrDlOyKntFrNRTwh%2BEQK7GclLWmGLOWAivfWc4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77167c839ec2b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 189e7240730c3930f2c0c2e182191100
db5ae08278784b861f8c9edb652e7c58845e2920
dd0109e0ea0e6a047f58ecbb82988fd3abffa4f6fa461b3a757b3a8b2f4be37a
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:19:40 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Fri, 02 Dec 2022 20:06:31 GMT
ETag: "db5ae08278784b861f8c9edb652e7c58845e2920"
Last-Modified: Mon, 28 Nov 2022 20:06:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 872
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77167c8b0d440b55-OSL
mc.yandex.ru/metrika/tag.js
87.250.251.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.251.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash 1d79426653c3b55939eaec59a2ce8ef5
c6db0314df7a4e5c08047f6306e0b79a1ad3bab2
2729cfe8b2f5142cf99734cbb4e1a3c6cd35868d279cd796db49ef62742ef993
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11betvn.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73267
date: Mon, 28 Nov 2022 22:19:40 GMT
access-control-allow-origin: *
etag: "6384bff1-11e33"
expires: Mon, 28 Nov 2022 23:19:40 GMT
last-modified: Mon, 28 Nov 2022 17:04:33 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://11betvn.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 28 Nov 2022 22:19:41 GMT
access-control-allow-origin: *
etag: "6384bff1-2b"
expires: Mon, 28 Nov 2022 23:19:41 GMT
accept-ranges: bytes
last-modified: Mon, 28 Nov 2022 17:04:33 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/90176802/1?wmode=7&page-url=https%3A%2F%2F11betvn.club%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A3580%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1130087744004%3Ahid%3A269884443%3Az%3A0%3Ai%3A20221128221940%3Aet%3A1669673980%3Ac%3A1%3Arn%3A1018880734%3Arqn%3A1%3Au%3A1669673980700971023%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C253%2C0%2C1855%2C0%2C%2C1445%2C11%2C%2C%2C%2C3565%3Ans%3A1669673974881%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669673980%3At%3A11BET%20vn%20-%20T%E1%BB%95%20Ch%E1%BB%A9c%20C%C3%A1%20%C4%90%E1%BB%99%20B%C3%B3ng%20%C4%90%C3%A1%20Vi%E1%BB%87t%20Nam&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
87.250.251.119200 OK 407 B URL HTTP/2 mc.yandex.ru/watch/90176802/1?wmode=7&page-url=https%3A%2F%2F11betvn.club%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A3580%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1130087744004%3Ahid%3A269884443%3Az%3A0%3Ai%3A20221128221940%3Aet%3A1669673980%3Ac%3A1%3Arn%3A1018880734%3Arqn%3A1%3Au%3A1669673980700971023%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C253%2C0%2C1855%2C0%2C%2C1445%2C11%2C%2C%2C%2C3565%3Ans%3A1669673974881%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669673980%3At%3A11BET%20vn%20-%20T%E1%BB%95%20Ch%E1%BB%A9c%20C%C3%A1%20%C4%90%E1%BB%99%20B%C3%B3ng%20%C4%90%C3%A1%20Vi%E1%BB%87t%20Nam&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash 761f5fb8f6a843b39ec4b53235361f85
00dc49e774da6532de4c7b5b1b15dff4b2e0fc4a
fae856940ca6bbde0cec925f9c7756033f5dac10a9424a4fecefb31d8d507cc5
GET /watch/90176802/1?wmode=7&page-url=https%3A%2F%2F11betvn.club%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A3580%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1130087744004%3Ahid%3A269884443%3Az%3A0%3Ai%3A20221128221940%3Aet%3A1669673980%3Ac%3A1%3Arn%3A1018880734%3Arqn%3A1%3Au%3A1669673980700971023%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C253%2C0%2C1855%2C0%2C%2C1445%2C11%2C%2C%2C%2C3565%3Ans%3A1669673974881%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669673980%3At%3A11BET%20vn%20-%20T%E1%BB%95%20Ch%E1%BB%A9c%20C%C3%A1%20%C4%90%E1%BB%99%20B%C3%B3ng%20%C4%90%C3%A1%20Vi%E1%BB%87t%20Nam&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://11betvn.club
Referer: https://11betvn.club/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 407
date: Mon, 28 Nov 2022 22:19:41 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://11betvn.club
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 28-Nov-2022 22:19:41 GMT
last-modified: Mon, 28-Nov-2022 22:19:41 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/90176802?wmode=0&wv-part=1&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=50886448&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1669673983%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673983&t=gdpr(14)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/90176802?wmode=0&wv-part=1&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=50886448&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1669673983%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673983&t=gdpr(14)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/90176802?wmode=0&wv-part=1&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=50886448&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1669673983%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673983&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 88895
Origin: https://11betvn.club
Connection: keep-alive
Referer: https://11betvn.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 28 Nov 2022 22:19:43 GMT
access-control-allow-origin: https://11betvn.club
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 28-Nov-2022 22:19:43 GMT
last-modified: Mon, 28-Nov-2022 22:19:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/90176802?wmode=0&wv-part=1&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=946833157&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1669673984%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673984&t=gdpr(14)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/90176802?wmode=0&wv-part=1&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=946833157&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1669673984%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673984&t=gdpr(14)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/90176802?wmode=0&wv-part=1&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=946833157&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1669673984%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673984&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 55
Origin: https://11betvn.club
Connection: keep-alive
Referer: https://11betvn.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 28 Nov 2022 22:19:44 GMT
access-control-allow-origin: https://11betvn.club
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 28-Nov-2022 22:19:44 GMT
last-modified: Mon, 28-Nov-2022 22:19:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/90176802?wv-check=10512&wv-type=0&wmode=0&wv-part=1&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=598633568&browser-info=gdpr%3A14%3Aet%3A1669673984%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673984&t=gdpr(14)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/90176802?wv-check=10512&wv-type=0&wmode=0&wv-part=1&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=598633568&browser-info=gdpr%3A14%3Aet%3A1669673984%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673984&t=gdpr(14)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/90176802?wv-check=10512&wv-type=0&wmode=0&wv-part=1&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=598633568&browser-info=gdpr%3A14%3Aet%3A1669673984%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673984&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 44
Origin: https://11betvn.club
Connection: keep-alive
Referer: https://11betvn.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 28 Nov 2022 22:19:44 GMT
access-control-allow-origin: https://11betvn.club
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 28-Nov-2022 22:19:44 GMT
last-modified: Mon, 28-Nov-2022 22:19:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/90176802?wmode=0&wv-part=2&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=28464886&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1669673984%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673984&t=gdpr(14)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/90176802?wmode=0&wv-part=2&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=28464886&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1669673984%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673984&t=gdpr(14)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/90176802?wmode=0&wv-part=2&wv-hit=269884443&page-url=https%3A%2F%2F11betvn.club%2F&rn=28464886&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1669673984%3Aw%3A1268x939%3Av%3A923%3Az%3A0%3Ai%3A20221128221943%3Au%3A1669673980700971023%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Awe%3A1%3Ast%3A1669673984&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 21
Origin: https://11betvn.club
Connection: keep-alive
Referer: https://11betvn.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 28 Nov 2022 22:19:44 GMT
access-control-allow-origin: https://11betvn.club
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 28-Nov-2022 22:19:44 GMT
last-modified: Mon, 28-Nov-2022 22:19:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
telegram.org/css/widget-frame.css?64
149.154.167.99200 OK 21 kB URL HTTP/2 telegram.org/css/widget-frame.css?64
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
Hash a5885ebe6cf0b04f76e28d92b20c4dbe
90c25a7d6955a9289447f2b6f927be737424311e
2c39930fe376f5831d993be4f589f79f339489b8dc666e8cdec4669aec92421d
GET /css/widget-frame.css?64 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xn--r1a.website/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: text/css
last-modified: Mon, 21 Nov 2022 12:06:59 GMT
etag: W/"637b69e3-14544"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
11betvn.club/
104.21.40.8200 OK 0 B IP 104.21.40.8:0
GET / HTTP/1.1
Host: 11betvn.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: prli_click_8=blues; prli_visitor=638533f935328
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:19:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-pingback: https://11betvn.club/xmlrpc.php
link: <https://11betvn.club/wp-json/>; rel="https://api.w.org/", <https://11betvn.club/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json", <https://11betvn.club/>; rel=shortlink
x-fastcgi-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DVJefkK%2Bx2JlB0aYaIyfJy4nfR9fwxZ%2BqDRCMl8StuT1nDrzbNolfcedn7gWcpPjcPO%2FiExHC2ovW1QJB6PHgdw8zlejanzVqP%2FuB%2FXwU%2BTRRZyTdTt1hig5MAak9B0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77167c76fb62fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
telegram.org/img/tgme/pattern.svg
149.154.167.99200 OK 0 B URL HTTP/2 telegram.org/img/tgme/pattern.svg
IP 149.154.167.99:0
ASN #62041 Telegram Messenger Inc
GET /img/tgme/pattern.svg HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://telegram.org/css/telegram-web.css?36
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 22:19:39 GMT
content-type: image/svg+xml
last-modified: Thu, 03 Mar 2022 09:45:08 GMT
etag: W/"62208e24-385d7"
expires: Fri, 02 Dec 2022 22:19:39 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
11betvn.club/blues
104.21.40.8307 Temporary Redirect 0 B IP 104.21.40.8:0
GET /blues HTTP/1.1
Host: 11betvn.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 307 Temporary Redirect
date: Mon, 28 Nov 2022 22:19:37 GMT
content-type: text/html; charset=UTF-8
location: https://11betvn.club
set-cookie: prli_click_8=blues; expires=Wed, 28-Dec-2022 22:19:37 GMT; Max-Age=2592000; path=/
prli_visitor=638533f935328; expires=Tue, 28-Nov-2023 22:19:37 GMT; Max-Age=31536000; path=/
x-robots-tag: noindex, nofollow, sponsored
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Pro 3.2.5 http://prettylink.com
x-redirect-by: WordPress
x-fastcgi-cache: MISS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuQxh9w33puf8ia1kdhDS3qvd8%2F5AtYDU8bYNvmnnnJR0tAaboarSI3ZSS1RTF43dj1hiLkUBdrMaeesCWrrtpRC6j2pfJOejEDz5ioCE8Rul7wNK%2B9OXQXHQlnpYrE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77167c6fce50fac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/90176802?wmode=7&page-url=https%3A%2F%2F11betvn.club%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A3580%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1130087744004%3Ahid%3A269884443%3Az%3A0%3Ai%3A20221128221940%3Aet%3A1669673980%3Ac%3A1%3Arn%3A1018880734%3Arqn%3A1%3Au%3A1669673980700971023%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C253%2C0%2C1855%2C0%2C%2C1445%2C11%2C%2C%2C%2C3565%3Ans%3A1669673974881%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669673980%3At%3A11BET%20vn%20-%20T%E1%BB%95%20Ch%E1%BB%A9c%20C%C3%A1%20%C4%90%E1%BB%99%20B%C3%B3ng%20%C4%90%C3%A1%20Vi%E1%BB%87t%20Nam&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/90176802?wmode=7&page-url=https%3A%2F%2F11betvn.club%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A3580%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1130087744004%3Ahid%3A269884443%3Az%3A0%3Ai%3A20221128221940%3Aet%3A1669673980%3Ac%3A1%3Arn%3A1018880734%3Arqn%3A1%3Au%3A1669673980700971023%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C253%2C0%2C1855%2C0%2C%2C1445%2C11%2C%2C%2C%2C3565%3Ans%3A1669673974881%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669673980%3At%3A11BET%20vn%20-%20T%E1%BB%95%20Ch%E1%BB%A9c%20C%C3%A1%20%C4%90%E1%BB%99%20B%C3%B3ng%20%C4%90%C3%A1%20Vi%E1%BB%87t%20Nam&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
GET /watch/90176802?wmode=7&page-url=https%3A%2F%2F11betvn.club%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A3580%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1130087744004%3Ahid%3A269884443%3Az%3A0%3Ai%3A20221128221940%3Aet%3A1669673980%3Ac%3A1%3Arn%3A1018880734%3Arqn%3A1%3Au%3A1669673980700971023%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C253%2C0%2C1855%2C0%2C%2C1445%2C11%2C%2C%2C%2C3565%3Ans%3A1669673974881%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669673980%3At%3A11BET%20vn%20-%20T%E1%BB%95%20Ch%E1%BB%A9c%20C%C3%A1%20%C4%90%E1%BB%99%20B%C3%B3ng%20%C4%90%C3%A1%20Vi%E1%BB%87t%20Nam&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://11betvn.club
Connection: keep-alive
Referer: https://11betvn.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/90176802/1?wmode=7&page-url=https%3A%2F%2F11betvn.club%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A3580%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1130087744004%3Ahid%3A269884443%3Az%3A0%3Ai%3A20221128221940%3Aet%3A1669673980%3Ac%3A1%3Arn%3A1018880734%3Arqn%3A1%3Au%3A1669673980700971023%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C253%2C0%2C1855%2C0%2C%2C1445%2C11%2C%2C%2C%2C3565%3Ans%3A1669673974881%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669673980%3At%3A11BET%20vn%20-%20T%E1%BB%95%20Ch%E1%BB%A9c%20C%C3%A1%20%C4%90%E1%BB%99%20B%C3%B3ng%20%C4%90%C3%A1%20Vi%E1%BB%87t%20Nam&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Mon, 28 Nov 2022 22:19:41 GMT
access-control-allow-origin: https://11betvn.club
set-cookie: yandexuid=1968060731669673981; Expires=Tue, 28-Nov-2023 22:19:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1968060731669673981; Expires=Tue, 28-Nov-2023 22:19:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=117732561669673981; Path=/; SameSite=None; Secure
i=GyUUjfZxbOzSy9xWabfMtM/h5C1LNNcRj6gZ5Rh4+jwZkgRqqsS+ut0xFX6KuDlMHcu0+fcMFfVP67+0Gv3289ejLXQ=; Expires=Thu, 25-Nov-2032 22:19:32 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1701209981.yc.1669673981#1701209981.yrts.1669673981#1701209981.yrtsi.1669673981; Expires=Tue, 28-Nov-2023 22:19:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 28-Nov-2022 22:19:41 GMT
last-modified: Mon, 28-Nov-2022 22:19:41 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2