Overview

URLahdlgctz2.ga/StaYt/NdiEste/Imanager/vorbei/cRAnki/AneZeig/confir.php
IP 162.241.124.179 (United States)
ASN#46606 UNIFIEDLAYER-AS-1
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-28 07:10:27 UTC
StatusLoading report..
IDS alerts0
Blocklist alert4
urlquery alerts
1
Phishing - Deutsche Telekom
Tags None

Domain Summary (15)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
r3.o.lencr.org (7) 344 No data No data 23.36.77.32
shavar.services.mozilla.com (1) 3602 2015-09-28 06:30:01 UTC 2020-05-04 00:48:21 UTC 35.82.2.166
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 34.218.168.248
content-signature-2.cdn.mozilla.net (2) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-28 05:46:10 UTC 34.117.237.239
ahdlgctz2.ga (2) 0 2022-11-22 19:06:07 UTC 2022-11-28 05:15:26 UTC 162.241.124.179 Unknown ranking
ocsp.r2m02.amazontrust.com (1) 0 2022-10-12 14:01:39 UTC 2022-11-28 06:09:44 UTC 54.230.80.227 Domain (amazontrust.com) ranked at: 581
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
getpocket.cdn.mozilla.net (1) 1369 2018-08-28 13:15:36 UTC 2020-03-21 16:37:27 UTC 34.120.5.221
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
ocsp.telesec.de (5) 45319 2017-01-29 22:31:40 UTC 2022-11-28 05:37:11 UTC 80.158.61.91
accounts.login.idm.telekom.com (12) 91730 2017-01-30 00:15:13 UTC 2022-11-28 05:15:30 UTC 62.157.140.200
login.t-online.de (1) 157819 2022-11-22 02:57:37 UTC 2022-11-28 05:15:30 UTC 143.204.55.111
detectportal.firefox.com (2) 1601 2018-08-30 09:52:03 UTC 2020-04-29 19:46:30 UTC 34.107.221.82
firefox.settings.services.mozilla.com (10) 867 2020-06-04 20:08:41 UTC 2022-11-28 05:55:58 UTC 34.102.187.140

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-11-27 2 ahdlgctz2.ga/StaYt/NdiEste/Imanager/vorbei/cRAnki/AneZeig/confir.php Deutsche Telekom

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-28 2 ahdlgctz2.ga/StaYt/NdiEste/Imanager/vorbei/cRAnki/AneZeig/confir.php Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-28 2 ahdlgctz2.ga Sinkholed
2022-11-28 2 ahdlgctz2.ga Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 162.241.124.179
Date UQ / IDS / BL URL IP
2023-01-14 20:19:19 +0000 0 - 1 - 0 ahdlgctz6.ml/Haupt/Gespielt/WeiTEr/Statistike (...) 162.241.124.179
2022-11-30 22:51:03 +0000 0 - 0 - 1 ahdqjyty4.ga/1i/?bGd3QHNpZ25hdHVyZWZsaWdodC5j (...) 162.241.124.179
2022-11-30 11:21:18 +0000 0 - 0 - 2 ahdlgctz3.ml/IN.gov-secure/uplink/app/login.p (...) 162.241.124.179
2022-11-29 21:36:38 +0000 0 - 0 - 2 ahdqjyty4.ga/1i/?YWRhbS5ib3ljZUBjaXRpemVuc3Nl (...) 162.241.124.179
2022-11-29 20:43:07 +0000 0 - 0 - 1 ahdqjyty4.ga/1i/?bWF3YWx0QGFycm93LmNvbQ== 162.241.124.179


Last 5 reports on ASN: UNIFIEDLAYER-AS-1
Date UQ / IDS / BL URL IP
2023-02-09 05:02:29 +0000 5 - 2 - 2 santafebotanicals.com/0365/updation/ 162.241.124.47
2023-02-09 04:55:30 +0000 0 - 0 - 1 frameless-showerdoor.com/ 69.49.247.78
2023-02-09 04:49:14 +0000 0 - 1 - 0 www.paulrpalmer.com/blogDetail/the-current-st (...) 162.214.81.26
2023-02-09 04:34:28 +0000 0 - 1 - 4 162.241.123.56/ 162.241.123.56
2023-02-09 04:12:57 +0000 0 - 0 - 3 customfencer.com/Card.html 192.185.171.234


Last 2 reports on domain: ahdlgctz2.ga
Date UQ / IDS / BL URL IP
2022-11-28 07:10:27 +0000 1 - 0 - 4 ahdlgctz2.ga/StaYt/NdiEste/Imanager/vorbei/cR (...) 162.241.124.179
2022-11-25 20:56:06 +0000 0 - 0 - 2 ahdlgctz2.ga/DeuTSche.zip 162.241.124.179


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-01 00:30:13 +0000 0 - 0 - 2 toramtlor.ga/pATXZ/Mowe/DFrohg/Qouien/Fordent (...) 162.240.48.131
2022-11-30 20:43:25 +0000 0 - 0 - 1 toramtlor.ga/pATXZ/Mowe/DFrohg/Qouien/Fordent (...) 162.240.48.131
2022-11-28 07:01:59 +0000 0 - 0 - 2 a-ypviw5.tk/Letztes/DOmAi/Rausch/HIlfe/diesem (...) 142.4.15.243
2022-11-11 07:55:48 +0000 0 - 0 - 2 crocon.ml/unsere/haben/nachlesen/icher/schut/ (...) 162.240.53.180
2022-10-09 20:51:00 +0000 0 - 0 - 2 server-uwzj6.tk/MNRT/Abenteuer/Monat/benteuer (...) 162.241.125.170

JavaScript

Executed Scripts (5)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (55)


Request Response
                                        
                                            GET /success.txt?ipv4 HTTP/1.1 
Host: detectportal.firefox.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         34.107.221.82
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sun, 27 Nov 2022 07:14:58 GMT
Age: 86112
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    ae780585f49b94ce1444eb7d28906123
Sha1:   7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
Sha256: 81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8C5C9231BED3272D5D286FC999E920F1BEFEC2568BF6504CBF61EA57EA1C069B"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19552
Expires: Mon, 28 Nov 2022 12:36:02 GMT
Date: Mon, 28 Nov 2022 07:10:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3825
Expires: Mon, 28 Nov 2022 08:13:55 GMT
Date: Mon, 28 Nov 2022 07:10:10 GMT
Connection: keep-alive

                                        
                                            GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1 
Host: getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.5.221
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: TaeR-VxyK9OYqUvSi7mhhuFHf5h6N_Zg6l2BMoBDcWBUlOC6BsZ7Ww==
content-encoding: gzip
via: 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 07:00:18 GMT
content-length: 38695
age: 592
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size:   38695
Md5:    cdda06271c31a95ad086868216b84370
Sha1:   61e2b12bfd4c4a865c531832ce82bdc3e8ff7500
Sha256: 5c4764785c20361e42a687a14eead4849547455545581f2233e930fa40b2f644
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4772
Expires: Mon, 28 Nov 2022 08:29:42 GMT
Date: Mon, 28 Nov 2022 07:10:10 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: Qo3ZQ6BEZgGspBhBSwczNkH/TTetjqR1JrX3JyrPFHcw+5W2IEeE2dbMp2EPlYKja7sTEaBjsggN9i1b2v/0tA==
x-amz-request-id: AJ47HJ364GXH655E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 07:05:25 GMT
age: 285
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3413
Cache-Control: max-age=101876
Date: Mon, 28 Nov 2022 07:10:10 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 11:28:06 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 28 Nov 2022 07:10:10 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 06:19:32 GMT
cache-control: public,max-age=3600
age: 3038
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            GET /StaYt/NdiEste/Imanager/vorbei/cRAnki/AneZeig/confir.php HTTP/1.1 
Host: ahdlgctz2.ga
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         162.241.124.179
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 28 Nov 2022 07:10:08 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   8386
Md5:    61580e4af54295d29b8213b9d555423d
Sha1:   ab3994dbc72de841dad342507a81c916c5043c01
Sha256: ef9444144c85db48a4561d19af54b55327231cff9bf6575caa3a3c528805a06e

Alerts:
  Blocklists:
    - openphish: Deutsche Telekom
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4368
Cache-Control: max-age=129470
Date: Mon, 28 Nov 2022 07:10:11 GMT
Etag: "6383a481-1d7"
Expires: Tue, 29 Nov 2022 19:08:01 GMT
Last-Modified: Sun, 27 Nov 2022 17:55:13 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /ocspr HTTP/1.1 
Host: ocsp.telesec.de
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         80.158.61.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 07:10:11 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1479
Connection: close


--- Additional Info ---
Magic:  data
Size:   1479
Md5:    75f5bf179b85ff8d5ef8b5e19ff6e2c2
Sha1:   a706a8570d6ee0af607f95374e73ccb4888e7e75
Sha256: 226b6750832058f162ca8aa1e5f1271b4e344872e195b662c4fa1b7e6f1aa8b4
                                        
                                            POST /ocspr HTTP/1.1 
Host: ocsp.telesec.de
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         80.158.61.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 07:10:11 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1479
Connection: close


--- Additional Info ---
Magic:  data
Size:   1479
Md5:    75f5bf179b85ff8d5ef8b5e19ff6e2c2
Sha1:   a706a8570d6ee0af607f95374e73ccb4888e7e75
Sha256: 226b6750832058f162ca8aa1e5f1271b4e344872e195b662c4fa1b7e6f1aa8b4
                                        
                                            POST /ocspr HTTP/1.1 
Host: ocsp.telesec.de
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         80.158.61.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 07:10:11 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1479
Connection: close


--- Additional Info ---
Magic:  data
Size:   1479
Md5:    75f5bf179b85ff8d5ef8b5e19ff6e2c2
Sha1:   a706a8570d6ee0af607f95374e73ccb4888e7e75
Sha256: 226b6750832058f162ca8aa1e5f1271b4e344872e195b662c4fa1b7e6f1aa8b4
                                        
                                            POST /ocspr HTTP/1.1 
Host: ocsp.telesec.de
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         80.158.61.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 07:10:11 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1479
Connection: close


--- Additional Info ---
Magic:  data
Size:   1479
Md5:    75f5bf179b85ff8d5ef8b5e19ff6e2c2
Sha1:   a706a8570d6ee0af607f95374e73ccb4888e7e75
Sha256: 226b6750832058f162ca8aa1e5f1271b4e344872e195b662c4fa1b7e6f1aa8b4
                                        
                                            POST /ocspr HTTP/1.1 
Host: ocsp.telesec.de
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         80.158.61.91
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 28 Nov 2022 07:10:11 GMT
Server: Apache
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1479
Connection: close


--- Additional Info ---
Magic:  data
Size:   1479
Md5:    75f5bf179b85ff8d5ef8b5e19ff6e2c2
Sha1:   a706a8570d6ee0af607f95374e73ccb4888e7e75
Sha256: 226b6750832058f162ca8aa1e5f1271b4e344872e195b662c4fa1b7e6f1aa8b4
                                        
                                            GET /static/factorx/js/jquery-matchheight-0.7.2.min.js HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ahdlgctz2.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: text/javascript
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
vary: Accept-Encoding
content-encoding: gzip
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1377
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3284)
Size:   1377
Md5:    d54ea2c2cb99635dfa0e68d86420aaa1
Sha1:   7fac890652b5975f4442bb6519dd2a092e01dbe0
Sha256: 500ff197bd686c85a69db82c873451c73d7d074b51c60e56e711b4aaef67bb88
                                        
                                            GET //static/factorx/css/components.min.css HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ahdlgctz2.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
vary: Accept-Encoding
content-encoding: gzip
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 18596
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65442)
Size:   18596
Md5:    9b1b7ca17d429d83aecfffb8d255cf1a
Sha1:   25704e590fd1969d23a57087b8dbdc5736c440f0
Sha256: 83859531f54b32a2ae833e942dacee485e85a53041142c085d1cfcdc41d49a0b
                                        
                                            GET /static/factorx/css/login-24.08.0.css HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ahdlgctz2.ga/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
last-modified: Wed, 09 Jun 2021 03:40:49 GMT
accept-ranges: bytes
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
vary: Accept-Encoding
content-encoding: gzip
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 3686
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (18251)
Size:   3686
Md5:    3a66c2a48e4756be2726b87472eff8e4
Sha1:   9b8095859e83b07aa0e0610e9bd2e27a7e46cb26
Sha256: 80a8f3c6e7e57e655ff4851f2ae6a56fda7f77dd196e727e743452f1f3e89f8c
                                        
                                            GET /static/factorx/js/login.js HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ahdlgctz2.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: text/javascript
                                        
last-modified: Wed, 07 Sep 2022 04:20:07 GMT
accept-ranges: bytes
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
vary: Accept-Encoding
content-encoding: gzip
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 4103
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   4103
Md5:    0ddd680a1283d3f6a849c302602999fd
Sha1:   d49524d29b8ecc43d2c08b3522e8baadc65c8b81
Sha256: 0a05df20d37346134db20c0f9da68d51bb237d39c37eb86a418e9a8cf010359f
                                        
                                            GET /static/factorx/js/components.min.js HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ahdlgctz2.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: text/javascript
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
vary: Accept-Encoding
content-encoding: gzip
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 22815
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32048)
Size:   22815
Md5:    3c165c51fd50284feaf24abc654e957c
Sha1:   1501a4df0920eee81224e3295e8425e4ac16bf47
Sha256: ac56b4d7059a479097a857ec00ec891371c051661c633cb40d24c4d50de12824
                                        
                                            GET /static/factorx/js/jquery-3.2.1.min.js HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ahdlgctz2.ga/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: text/javascript
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
vary: Accept-Encoding
content-encoding: gzip
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 30138
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   30138
Md5:    3430607b4301113ad9394c9260eef3f0
Sha1:   8c4db68b161b17e31be300e968a30ab0116b3193
Sha256: 31e4d11375322cd6f94dba7338570426f2412d6c5fa670427966d45c3648098c
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 07:08:55 GMT
cache-control: public,max-age=3600
age: 76
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.r2m02.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.80.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=158399
Date: Mon, 28 Nov 2022 07:10:11 GMT
Etag: "6384123b-1d7"
Expires: Wed, 30 Nov 2022 03:10:10 GMT
Last-Modified: Mon, 28 Nov 2022 01:43:23 GMT
Server: ECS (nyb/1D07)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bh_JuoJyGwv7MnS1glVFtMR5EFdd3yRzWL0suJJH_MIezC-WXoRlLQ==
Age: 5207

                                        
                                            GET /static/factorx/images/data_protection.svg HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accounts.login.idm.telekom.com/static/factorx/css/login-24.08.0.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: image/svg+xml
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
content-length: 673
cache-control: public
expires: Mon, 28 Nov 2022 08:10:11 GMT
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size:   673
Md5:    ba732830349cf7e4d2bfbbdf64db1466
Sha1:   35c2682d012268440adda739df7f32a0f5985c0f
Sha256: 53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316
                                        
                                            GET /stats/t-online-logo-29112019.png HTTP/1.1 
Host: login.t-online.de
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ahdlgctz2.ga/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.111
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 5851
date: Mon, 28 Nov 2022 07:06:24 GMT
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Mon, 21 Nov 2022 14:15:47 GMT
etag: W/"16db-1849a8b8a38"
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ZgVRJ_LofKrROknL_4y2t7UQFZUHBi1Ee_zkQ8dWu4TpfDTwleDh0A==
age: 227
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 146 x 42, 8-bit/color RGBA, non-interlaced\012- data
Size:   5851
Md5:    596f294efc4d2edc959324fdbf2b1539
Sha1:   d521b1a45ca9acdc1ca05bde1b0ed09b352c7a78
Sha256: 11eed36ec8f3c28fd90958d9881d080cf237ab18d6792dd22785e729f06795ba
                                        
                                            GET //static/factorx/fonts/telegroteskscreen-regular.woff HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ahdlgctz2.ga
Connection: keep-alive
Referer: https://accounts.login.idm.telekom.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: application/x-font-woff
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
content-length: 54684
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
access-control-allow-origin: https://ahdlgctz2.ga
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 54684, version 1.0\012- data
Size:   54684
Md5:    179dec2b30e30c5b09f10478ae273639
Sha1:   1fe138b840993579f42929090c7df61de1a63566
Sha256: b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97
                                        
                                            GET //static/factorx/fonts/teleicon-outline.woff HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ahdlgctz2.ga
Connection: keep-alive
Referer: https://accounts.login.idm.telekom.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: application/x-font-woff
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
content-length: 8824
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
access-control-allow-origin: https://ahdlgctz2.ga
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 8824, version 2.200\012- data
Size:   8824
Md5:    5dc5e36d344b5d8876eb73f451d92e01
Sha1:   fd2835b1428970d8df70e0a29aef6417d60fbf7d
Sha256: 01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379
                                        
                                            GET //static/factorx/fonts/telegroteskscreen-ultra.woff HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ahdlgctz2.ga
Connection: keep-alive
Referer: https://accounts.login.idm.telekom.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: application/x-font-woff
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
content-length: 53428
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
access-control-allow-origin: https://ahdlgctz2.ga
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 53428, version 1.0\012- data
Size:   53428
Md5:    5c389a411627b7bedab70df1ef5e0ca2
Sha1:   9cd8f2eb2d2467258f17f51a10cd62dafb3bd9c6
Sha256: 3b6317d7c6288f6380f182e8bdc16b4cea82df91bc0f0209dfbce457b3e16910
                                        
                                            GET //static/factorx/fonts/telegroteskscreen-thin.woff HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ahdlgctz2.ga
Connection: keep-alive
Referer: https://accounts.login.idm.telekom.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: application/x-font-woff
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
content-length: 58248
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
access-control-allow-origin: https://ahdlgctz2.ga
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 58248, version 1.0\012- data
Size:   58248
Md5:    8b89ab4ea001775d72ba921b09ac4b96
Sha1:   f483b6124328aa884413f62396c7a75f18cf7204
Sha256: 3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c
                                        
                                            GET //static/factorx/fonts/teleicon-ui.woff HTTP/1.1 
Host: accounts.login.idm.telekom.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ahdlgctz2.ga
Connection: keep-alive
Referer: https://accounts.login.idm.telekom.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         62.157.140.200
HTTP/2 200 OK
content-type: application/x-font-woff
                                        
last-modified: Wed, 25 Nov 2020 06:16:22 GMT
accept-ranges: bytes
content-length: 2736
cache-control: public
expires: Mon, 05 Dec 2022 07:10:11 GMT
access-control-allow-origin: https://ahdlgctz2.ga
sh: 132f148de0b13348a2e3b12a1fb789b5
p3p: CP="NOI CURa TAIa OUR NOR UNI"
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 28 Nov 2022 07:10:11 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 2736, version 0.0\012- data
Size:   2736
Md5:    0902a6d34545258aa8a18f304ebae9ba
Sha1:   e0da40bd3f6723cea9cf0554fe6761378353ba48
Sha256: 3cf35b128c4c5dcd9bb0a12bcc009f2e46e382edec4737360a623d0052a6fe34
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ahdlgctz2.ga
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ahdlgctz2.ga/StaYt/NdiEste/Imanager/vorbei/cRAnki/AneZeig/confir.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         162.241.124.179
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 28 Nov 2022 07:10:09 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   315
Md5:    a34ac19f4afae63adc5d2f7bc970c07f
Sha1:   a82190fc530c265aa40a045c21770d967f4767b8
Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5070
Cache-Control: max-age=98471
Date: Mon, 28 Nov 2022 07:10:11 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:31:22 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1 
Host: shavar.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

search
                                         35.82.2.166
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Mon, 28 Nov 2022 07:10:11 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    29fc57841962e407cb50c1be60284bf7
Sha1:   ce968a77e2996da5eee8925182318f171ccdce47
Sha256: ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: R/579XF0luqodWLKV4yfZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.218.168.248
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3lUTlauEqYTH94XavVgTu2bDwm8=

                                        
                                            GET /success.txt?ipv4 HTTP/1.1 
Host: detectportal.firefox.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         34.107.221.82
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sun, 27 Nov 2022 07:14:58 GMT
Age: 86114
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    ae780585f49b94ce1444eb7d28906123
Sha1:   7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
Sha256: 81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
                                        
                                            GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221669604232451%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21675
via: 1.1 google
date: Mon, 28 Nov 2022 07:02:03 GMT
cache-control: public,max-age=3600
age: 489
last-modified: Mon, 28 Nov 2022 02:57:12 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (21675), with no line terminators
Size:   21675
Md5:    2910cdd5bc7b7a3e0ff34c4c8f5556f4
Sha1:   08f49d9b3364e2f0a17a5f8b727275380585bcc7
Sha256: 49f3301db1c74e19f0386365bc7096dfe92b1483eab8053ae1d2315dc580d2c4
                                        
                                            GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669055838363&_since=%221666204638208%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 6593
via: 1.1 google
date: Mon, 28 Nov 2022 07:04:16 GMT
cache-control: public,max-age=3600
age: 356
last-modified: Mon, 21 Nov 2022 18:37:18 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (6593), with no line terminators
Size:   6593
Md5:    173414a662e4d0d6c29b893819284fcc
Sha1:   e7823586afc7d40c1ffd732e3f0f98d22f9cb6b6
Sha256: 28a589a49cbca81692eb7cc6bb2725f5d56b11238143a58c97f33260a81eb750
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 4shSxjDWph2nm0QarF/L4H1qsgN368aWcQPc+o9Xf9RJtIAUEsAzn5GppHl+Vzf5PUP9M+Nj+ko=
x-amz-request-id: EPS1PSTD7XMHG9Y2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 06:44:56 GMT
age: 1516
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Mon, 28 Nov 2022 06:18:18 GMT
cache-control: public,max-age=3600
age: 3114
last-modified: Sun, 27 Nov 2022 16:36:54 GMT
etag: "1669567014153"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Size:   681
Md5:    01e6d8f0887454b033cd3d4cdb2f39f8
Sha1:   befee34a8f5c745b16752b061fdaa701e209ac8c
Sha256: 68f4889979f90605fd4fe35053efa202a5ced22b40bf321f51a2d7e97d49fbdc
                                        
                                            GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1506
via: 1.1 google
date: Mon, 28 Nov 2022 06:35:37 GMT
cache-control: public,max-age=3600
age: 2075
last-modified: Thu, 27 Oct 2022 18:14:21 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1506), with no line terminators
Size:   1506
Md5:    202f8030219491c4a368c475aaa98861
Sha1:   b3f7120107465db6e1eb7a21efb451253a30e31e
Sha256: 379786244e20b5c0d5ed80b9f3c03e9a964615c7df36764c9d96528290754de4
                                        
                                            GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669390557029&_since=%221666483264567%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 51208
via: 1.1 google
date: Mon, 28 Nov 2022 07:00:20 GMT
cache-control: public,max-age=3600
age: 592
last-modified: Fri, 25 Nov 2022 15:35:57 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (51208), with no line terminators
Size:   51208
Md5:    21b6a1c29930dd71addd901f726cce7d
Sha1:   fb0e9b091e6f6f41bbf72a4857653745b9f7ddba
Sha256: 7f75908497bee301b1803d7ec5a6ca5301de05da4c89832be9ab6e4f5e4884df
                                        
                                            GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669315595212&_since=%221666279968541%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 27155
via: 1.1 google
date: Mon, 28 Nov 2022 06:27:00 GMT
cache-control: public,max-age=3600
age: 2592
last-modified: Thu, 24 Nov 2022 18:46:35 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (27155), with no line terminators
Size:   27155
Md5:    ac619cf3864a0cc124ef2d8917355b2c
Sha1:   e7deb60297e8951331382468d8ad9b1804e51139
Sha256: 5c5aad45a1d663bbb00d9021e9920bfa636f15fd04fbf35fd58bffc22ef865aa
                                        
                                            GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Mon, 28 Nov 2022 07:04:29 GMT
cache-control: public,max-age=3600
age: 343
last-modified: Mon, 31 Oct 2022 17:42:02 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Size:   1719
Md5:    673c0c8594251318f6ddab69439200f0
Sha1:   dfdfdbaa6ea4d5e1f2b58917573fa74c84b73f96
Sha256: 26808cb3b91051a2e383451dad0b069836788756c6a97faba58fc23d11a88477
                                        
                                            GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1482
via: 1.1 google
date: Mon, 28 Nov 2022 07:01:08 GMT
cache-control: public,max-age=3600
age: 544
last-modified: Wed, 16 Nov 2022 14:02:20 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1482), with no line terminators
Size:   1482
Md5:    151df207a4786253007ead8264c7a9fe
Sha1:   ef39481d3f610c25b27836fb375e24ac0f3c6b47
Sha256: 352e05fd634451861f76ed1790e01b4f9f8d8fe3993464263f846ada17eb343e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3380
Expires: Mon, 28 Nov 2022 08:06:33 GMT
Date: Mon, 28 Nov 2022 07:10:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3380
Expires: Mon, 28 Nov 2022 08:06:33 GMT
Date: Mon, 28 Nov 2022 07:10:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3380
Expires: Mon, 28 Nov 2022 08:06:33 GMT
Date: Mon, 28 Nov 2022 07:10:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3380
Expires: Mon, 28 Nov 2022 08:06:33 GMT
Date: Mon, 28 Nov 2022 07:10:13 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 32937
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9430
Md5:    1f434933b5bd6377d299ada22d1ae7ef
Sha1:   075531f525e625b117b2497f31139c9824d0e9c5
Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4908162-9f1d-4654-8d78-fe85386ce233.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7556
x-amzn-requestid: 1cda5313-2256-4830-bf84-2e6e15949d3e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78KFTmoAMF4yg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e7-452e36d718a298d12a2374a9;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OWVkuAw6-nRNU_CVOgvsSSenSXnfSYSmJiKa60JvSaiJgPuXjJByZw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:46:41 GMT
age: 33812
etag: "1a542a53ba0b1cd0fb23257ebed8166555f16dfb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7556
Md5:    7e5051d8c06f69e1842a9295ce256a36
Sha1:   1a542a53ba0b1cd0fb23257ebed8166555f16dfb
Sha256: a7c0dbbb4d0d9138f5ca318cc2aa44e12dadf7ed6263ec204ba756da64b29c41
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f14adca-9ca8-4ff4-8a3e-4620f8c1e8f8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8568
x-amzn-requestid: da2726a2-20ad-4201-b4e9-3de9be88a485
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7-BHcUIAMFieA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9f3-370921803a9de7e627682c94;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MqWCYm26OnmydU-vE7YdPyUvmcS2Q9uqWJnG_0wOMymdkGJjI7tR6Q==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:19:39 GMT
age: 31834
etag: "16096289cd354fada56dbb3f2d75d406ae8ab62f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8568
Md5:    13f4c2b3410532b6c756990f1759da46
Sha1:   16096289cd354fada56dbb3f2d75d406ae8ab62f
Sha256: 9894d998a884f2b5637bd12b0cd3df556835ea7a3134eb0f516fc03e3d31c26c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F17eed5ca-e7b1-43be-b937-69356fce9d8a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4708
x-amzn-requestid: 6efd15cd-c944-42e7-8142-01360fbe4a25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_JFbXIAMFc_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-3c7d91eb7a2f3a9669f89d88;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GDQn-_Np3qSCYR2kQJnoh6j3-aS25bPTNl13D6MkZpF1fkOhokkFbA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:02:24 GMT
age: 32869
etag: "a73feecd0e221f7c7a3b74b75aeaa81bd9baa1da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4708
Md5:    4060284252d32701c42e2df4a83970a0
Sha1:   a73feecd0e221f7c7a3b74b75aeaa81bd9baa1da
Sha256: 53eca0f8435d6e2e62962ef80d4597afad2773a582746d523f7f5d30c3e07b8e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6c93814-fbc2-4f60-a417-7cb6ff99a2ef.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6263
x-amzn-requestid: 5c3da401-eb9e-4904-a7e9-5e74648b8b77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KFfWoAMF99A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-3110d65625e883502a5078a9;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EpU6HS6f0BpRceJVfwhBhOgKMTMvdMZj4ST9DMATiqfA10pNplyPtQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:04 GMT
age: 33549
etag: "c033d1ecdb9e7640f3df044e39053bed8292fcbc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6263
Md5:    b24e349e9d22fb30fbc80497b512cead
Sha1:   c033d1ecdb9e7640f3df044e39053bed8292fcbc
Sha256: 2d77e3c39c60a3563613b1ba97ec0b1a256f41ad09936ba49b23d8cf22f8a7a8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10119
x-amzn-requestid: 20bfd6a6-2981-42ca-8997-9363676773c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR782HEZIAMFTKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9eb-552581a92a69d6cd322bf334;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U_gitOWWMPO7M5Dd0WktaigfRERa93d86MhziLjZ2qnuON_K5NauyQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:54:37 GMT
age: 33336
etag: "9a3ca698ca1aeae695923277ed2244465e01a1ea"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10119
Md5:    15bd53848c7082464273007e010c54e0
Sha1:   9a3ca698ca1aeae695923277ed2244465e01a1ea
Sha256: 36cfa29965173ea683992d4b436f393e92c978350347f869355d933613e2c005