r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8815
Expires: Fri, 02 Dec 2022 19:15:48 GMT
Date: Fri, 02 Dec 2022 16:48:53 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6418
Cache-Control: max-age=156560
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:53 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 12:18:13 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6799
Expires: Fri, 02 Dec 2022 18:42:12 GMT
Date: Fri, 02 Dec 2022 16:48:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 16:19:57 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1736
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DEXvcmcpNF8C7erINBocSOPz6ANHCFBfMKuW777Crjo4JX4EpN1SqfstKyGAnP0xU/IuSuQOmgk=
x-amz-request-id: 11366QPJV9T45WDA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 16:46:46 GMT
age: 127
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:53 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
blog.faceutil.com/autoapps/modules/tmp/xf-adsk2016_x64-full_15268.exe?t=1669969424
211.233.33.250302 Found 291 B URL HTTP/1.1 blog.faceutil.com/autoapps/modules/tmp/xf-adsk2016_x64-full_15268.exe?t=1669969424
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fbc20afe4b62a8fbf60bb578344937e9
758530298a5ebb21892db2e35a8523afcd5bb1a6
54bd8cef02438adeb9714803ae66c40372aeadffa4324380dae916a7bdc3d604
Analyzer Verdict Alert fortinet Malware
GET /autoapps/modules/tmp/xf-adsk2016_x64-full_15268.exe?t=1669969424 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 02 Dec 2022 16:48:52 GMT
Server: Apache/2.2.15 (CentOS)
Location: https://blog.faceutil.com/autoapps/modules/tmp/xf-adsk2016_x64-full_15268.exe?t=1669969424
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 291
Connection: close
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 16:11:15 GMT
cache-control: public,max-age=3600
age: 2258
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6409
Cache-Control: max-age=151490
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:53 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 10:53:43 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7d7ec073491ca915e8c6355564afd619
842d458a7e48107b6df841f828e4264d05cad83b
09eeefdca0bf48db9f3c7a21bf8fac0ab6282c49a95129ad65234658b64f99f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "09EEEFDCA0BF48DB9F3C7A21BF8FAC0AB6282C49A95129AD65234658B64F99F5"
Last-Modified: Thu, 01 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21586
Expires: Fri, 02 Dec 2022 22:48:40 GMT
Date: Fri, 02 Dec 2022 16:48:54 GMT
Connection: keep-alive
push.services.mozilla.com/
35.162.142.194101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.142.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NwbQulW5s2DxJjjY40qhDg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /2dV7+3MumiHMKoHP+nxH82K5s8=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3505
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 16:48:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3505
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 16:48:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3505
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 16:48:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3505
Expires: Fri, 02 Dec 2022 17:47:20 GMT
Date: Fri, 02 Dec 2022 16:48:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d147ccb10bda82b153a596c3c967cd6a
ffd0763f997e71a8c1458523fc17cafe8849dfdf
1cfeb90a4ba027195f903d938d4a0aac418a1c2f0b52215ec023263f15905971
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcca8556b-b044-489f-bc74-086aad62b062.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7591
x-amzn-requestid: e179862e-f840-4e50-a9dc-09f325479b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGgMFRZIAMFl7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e01-676a1571459f2d83488f2765;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oB5K_ZCWWwCltMx8FQSjDdXRMzSTSyRLSYSLAooQXuCrUxadLUiWkA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 68404
etag: "ffd0763f997e71a8c1458523fc17cafe8849dfdf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd78aa69439c995167f32b8a41a1f4f6
d07d6145182f312f3ed86ecf96b4ffa175416fa0
3b08cf3fad31ee0cf3ee25abc2484fb4283543865a42dfc568b14f9856fd3bb5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb30f254-1327-487b-a297-00361bfd5c02.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7722
x-amzn-requestid: 8d7c4800-6c06-43ed-afa1-94840d42f591
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGy2Gr1IAMFWeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e78-429ae3135d47e3b020c4c7a1;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z8thSamrCRejcAcQEGAp4WpSMzMEvstuZtVpKAjiCH4dyJyf1yihBA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:50:11 GMT
age: 68324
etag: "d07d6145182f312f3ed86ecf96b4ffa175416fa0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d08081e2dd562ef50e4e98ebc0136698
b5118bca37feda2ada3001199dc1d80ac6d2aacc
5160333e0cfd338b3887972d0a5c0f817ef88b70b7eb78e4e25d153a85e3478f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11443
x-amzn-requestid: 21469d81-ee4b-47f3-8877-b6658b3ea8b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDHE4zoAMFvfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-5b39eddd703ea04e6a1355f8;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPuZoyOu_QAqbZvTUaNy1J3BOqnR2ttrIhv9BwRmWnKeba-e6MZWKA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:55:34 GMT
age: 68001
etag: "b5118bca37feda2ada3001199dc1d80ac6d2aacc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 41320
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 38887
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 10:51:17 GMT
age: 21458
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
blog.faceutil.com/autoapps/modules/tmp/xf-adsk2016_x64-full_15268.exe?t=1669969424
211.233.33.250302 Found 20 B URL HTTP/1.1 blog.faceutil.com/autoapps/modules/tmp/xf-adsk2016_x64-full_15268.exe?t=1669969424
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer Verdict Alert fortinet Malware
GET /autoapps/modules/tmp/xf-adsk2016_x64-full_15268.exe?t=1669969424 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Date: Fri, 02 Dec 2022 16:48:53 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.40
Set-Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <https://blog.faceutil.com/wp-json/>; rel="https://api.w.org/"
location: https://blog.faceutil.com/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Type: text/html; charset=UTF-8
blog.faceutil.com/
211.233.33.250200 OK 14 kB IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1743), with CRLF, LF line terminators
Hash 2186652e338d0ac91013a0107217c7b6
4186d1de5f1e5d2783bf582d8221d46b56cb6648
fe57c7223d711d580aa0068f1ec262f0fb33039e7e26e65f8e1ca7786e142b38
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:54 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.40
Expires: 0
Cache-Control: no-cache,must-revalidate
Pragma: no-cache
Link: <https://blog.faceutil.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/8tjpA>; rel=shortlink
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14318
Connection: close
Content-Type: text/html; charset=UTF-8
wcs.naver.net/wcslog.js
23.195.255.54200 OK 6.8 kB IP 23.195.255.54:0
File type ASCII text, with very long lines (20124), with no line terminators
Hash 843a08a1540a6ef318459433f0d7e92a
8b367a0abbbb3aa407b3285939b242dd90af8e10
e9c2885f3be79e610f1a995a5d9d403671417e056cdccf427416509263c11883
GET /wcslog.js HTTP/1.1
Host: wcs.naver.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 14 Jun 2022 02:08:57 GMT
ETag: "62a7edb9-4e9c"
Server: nginx
Content-Type: application/javascript
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3196
Expires: Fri, 02 Dec 2022 17:42:13 GMT
Date: Fri, 02 Dec 2022 16:48:57 GMT
Content-Length: 6834
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-KE6875C4VY
142.250.74.168200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-KE6875C4VY
IP 142.250.74.168:0
File type ASCII text, with very long lines (22462)
Hash f29ca09274f328ec0e13e49ebbd6a52a
e1d77451c2e16dce0a4a6a9a53524e2a81bd3959
f596dae0f7c770c2234de08d29427869ce45b7b5a0b37b043ed90aca3e16d64e
GET /gtag/js?id=G-KE6875C4VY HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 16:48:57 GMT
expires: Fri, 02 Dec 2022 16:48:57 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76880
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.usertrust.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 6a5df82b89f30bc6f7c4d4613fc8d088
0d11763a6d312661c5231a828a182f21f54e4ff3
3e1f2f289b56ea393b62dbcc9d091487115b3a6769d6e0dfb6cf83c4440ffbd1
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 23:55:44 GMT
Expires: Tue, 06 Dec 2022 23:55:43 GMT
Etag: "0d11763a6d312661c5231a828a182f21f54e4ff3"
Cache-Control: max-age=541850,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 13
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77358d9918d5b50f-OSL
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6639589bdd5c260acba6205912898ccc
4d17f10b150f3a77e63c97ff4ad94d36e59e1f16
162c0f82c897efe329ffbfd72c7640f033c2bb6461e7303539101c0577ede40f
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2110
Cache-Control: max-age=89950
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:57 GMT
Etag: "6388e099-1d7"
Expires: Sat, 03 Dec 2022 17:48:07 GMT
Last-Modified: Thu, 01 Dec 2022 17:12:57 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
blog.faceutil.com/wp-content/themes/education-hub/style.css?ver=4.7.2
211.233.33.250200 OK 12 kB URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/style.css?ver=4.7.2
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (755)
Hash e9e1f860010f7ba348310b76a91ee9e7
62f74f49d0928745f178bb915aeaf7b8707d8368
1120841ffd369da93d45ba8dea051390b3c03c578c4e121866601d4b11dfd514
GET /wp-content/themes/education-hub/style.css?ver=4.7.2 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100779-f896-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11977
Connection: close
Content-Type: text/css
blog.faceutil.com/wp-content/themes/education-hub-child/style.css?ver=1.9.4
211.233.33.250200 OK 231 B URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub-child/style.css?ver=1.9.4
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash ea0a8a30eb4bc2290c0148fe7c53117b
b3049616697baac9b226d145badda39d56a2861b
7ac2f2612c592278db75f3d88f488c2a5f6627d0da3625cc79b100f5d4249615
GET /wp-content/themes/education-hub-child/style.css?ver=1.9.4 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 28 Feb 2017 05:44:55 GMT
ETag: "1009f7-10d-54990b20f03c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 231
Connection: close
Content-Type: text/css
blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0
211.233.33.250200 OK 7.1 kB URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (30837)
Hash 52f1a8a2ce85fa8432308b33bc1a2e79
fd80917af5371c8ecad0198592a1e7cce4b77b0e
07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100761-7918-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7053
Connection: close
Content-Type: text/css
blog.faceutil.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
211.233.33.250200 OK 4.0 kB URL HTTP/1.1 blog.faceutil.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (9959)
Hash a6c81e2f02bd04160d2de88c4e8f3559
e3f3c91427d785820ca97dabe738f01faf041f36
b734d83af5da0eb627e04d3e62ce652b9eb7de19667a1b91da6b93f0ea5d7ffe
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 20 May 2016 06:11:28 GMT
ETag: "e1581-2748-5333ff613c400"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4014
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/plugins/jetpack/css/jetpack.css?ver=4.6
211.233.33.250200 OK 11 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/css/jetpack.css?ver=4.6
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (19706)
Hash 83f25568506bc6dcb77770c00b8d30a4
4fa79545986405da8c4e890043984892df8a1fe1
5842e64c4d06fa785536e109d77c53478072a19b852bc4e25d1b4c190249a631
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/css/jetpack.css?ver=4.6 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "1000ef-f585-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11159
Connection: close
Content-Type: text/css
www.soonwe.com/ad_js/101926_ad.js
180.67.204.123200 OK 592 B URL HTTP/1.1 www.soonwe.com/ad_js/101926_ad.js
IP 180.67.204.123:0
ASN #9318 SK Broadband Co Ltd
File type ASCII text, with CRLF line terminators
Hash 776976a580c4e30e1cfeb4ed98504999
fee6ba79e2bb06ef5be28b1a5b72dc29a2b2f9ee
bf20aaf59b3c738070b89b2c9e1211d18d4efb3f1e48d6a20ba6ee0054c23cdb
GET /ad_js/101926_ad.js HTTP/1.1
Host: www.soonwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 30 Nov 2021 07:39:39 GMT
Accept-Ranges: bytes
ETag: "6769316ebde5d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Fri, 02 Dec 2022 16:48:35 GMT
Content-Length: 592
blog.faceutil.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=4.7.2
211.233.33.250200 OK 489 B URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=4.7.2
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash e7310e3fcdaade0614b48b2154b4599b
6286153658b9dc345836e4b06f5f1993370acea6
f0ecedd6a50945a0295fc3c92db1770a58ec16df95cc120eac718e684f200679
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/modules/wpgroho.js?ver=4.7.2 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:19 GMT
ETag: "10033a-3f7-54a09a6e8f7c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 489
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/themes/education-hub/js/skip-link-focus-fix.min.js?ver=20130115
211.233.33.250200 OK 308 B URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/js/skip-link-focus-fix.min.js?ver=20130115
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (557), with no line terminators
Hash b31a1bcaa74a44673c2fa2d93a60c060
392ffc0fb6b17fd294826634c4c17926f27d480c
59be1508205f1f5de4302adc72a699f1c84ca4361fbaf47b734573ef867b6e94
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/js/skip-link-focus-fix.min.js?ver=20130115 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100756-22d-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 308
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/themes/education-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6
211.233.33.250200 OK 7.1 kB URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (10280)
Hash 65a20a0793f7f89dea24ae92d0e5f435
284ea412e8378ca3ee26eab098bbb4f24b4f1ee7
65a54c9ce5edfbf6359461928b424cd21491c8155da20c6b162a202c3918fead
GET /wp-content/themes/education-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "10076c-599c-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7100
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/themes/education-hub/js/custom.min.js?ver=1.0
211.233.33.250200 OK 200 B URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/js/custom.min.js?ver=1.0
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with no line terminators
Hash 1db5ff5e7a9e6eeb9508bf6f0be8071c
25bbc18ec2eb75a280bbe0110a7eb90b9177923b
62928f2bb9c292404f841367488e755e0f2aa484b5b3fb5e93b9d12526b65e84
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/js/custom.min.js?ver=1.0 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100757-126-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 200
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/themes/education-hub/js/navigation.min.js?ver=20120206
211.233.33.250200 OK 404 B URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/js/navigation.min.js?ver=20120206
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (919), with no line terminators
Hash ccd744990d910a7efe7741a2054bf324
ace6fedfeba034ab1b2e3af9f24088d4f5123c90
b7fb0bc3d617951dba4d0dd9ac031801789d5b39d36896db58d36993df1f0a1d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/js/navigation.min.js?ver=20120206 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "10075a-397-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 404
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/plugins/jetpack/_inc/facebook-embed.js
211.233.33.250200 OK 446 B URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/_inc/facebook-embed.js
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash ad943d4b2e744f22ccc1d4b7e9805c54
267c32877bf9e58fba19625a8c5aee3e7dccdc96
3af899d7a4532f0cf738724b2b4ecb9368d7cec9380993ca6b39cbe4b975be53
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/_inc/facebook-embed.js HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "10055f-328-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 446
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
211.233.33.250200 OK 34 kB URL HTTP/1.1 blog.faceutil.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (32077)
Hash d417f4d673009b01654915bbf1f4f872
f432ea8e89e5f4ef50e506019899e539a068f415
24560d81ded58e8befabf32ff51f5b6ae6f21eead0a5f87c255e3b47b988d1cc
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:57 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 23 May 2016 09:00:29 GMT
ETag: "e1557-17ba0-5337eac0d4540"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33766
Connection: close
Content-Type: text/javascript
i0.wp.com/pds.faceutil.com/img/2020/04/21/1587437789.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 3.0 kB URL HTTP/2 i0.wp.com/pds.faceutil.com/img/2020/04/21/1587437789.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8224bae56076d70a807a71f0bc7983c1
dbe7f5b0de7d2744e93cc0690aa8bd4573088afa
3b3b318893525176287bdb224179ce12fb8b0c8377c34db89bdf15612a9d087a
GET /pds.faceutil.com/img/2020/04/21/1587437789.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 3006
last-modified: Thu, 01 Dec 2022 10:25:06 GMT
expires: Sat, 30 Nov 2024 22:25:06 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2020/04/21/1587437789.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "56467e3622360e0d"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i1.wp.com/pds.faceutil.com/img/2020/04/23/1587628200.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 6.7 kB URL HTTP/2 i1.wp.com/pds.faceutil.com/img/2020/04/23/1587628200.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f23f3dd1b04867e2ebdd4dac40c6aad8
24cf54f16f46aa2388284f64a871ac5406d066ca
4be808aa8bb8da9db130354b3dbacddf9560fca81602bdbf71934880eac63eb4
GET /pds.faceutil.com/img/2020/04/23/1587628200.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 6738
last-modified: Mon, 07 Nov 2022 02:22:42 GMT
expires: Wed, 06 Nov 2024 14:22:42 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2020/04/23/1587628200.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "185022657f29b6bf"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i2.wp.com/pds.faceutil.com/img/2017/04/26/1493170915.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 6.7 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2017/04/26/1493170915.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4f4ada86c7d7aa879ee0a40d7f357bf2
42d0a7a10aa6ebf7d8326805833ad5ec8091cc85
0b41e714d21572f4ab085781c2b98b46865dd4a5550fc2e24a0d0e3130af9343
GET /pds.faceutil.com/img/2017/04/26/1493170915.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 6730
last-modified: Thu, 01 Dec 2022 10:25:06 GMT
expires: Sat, 30 Nov 2024 22:25:06 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/04/26/1493170915.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "cb91ee51d512414f"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/pds.faceutil.com/img/2020/05/04/1588569303.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 9.0 kB URL HTTP/2 i0.wp.com/pds.faceutil.com/img/2020/05/04/1588569303.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f736dc97d1490fda5b65ffc6011379d4
1b1cfed983d18a6263492ac9dca07bd75816e1b2
174277ec7f78afa76bb27bdaaaac0b70ba1519dad64d82cae3662be23c0ddae2
GET /pds.faceutil.com/img/2020/05/04/1588569303.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 9026
last-modified: Fri, 02 Dec 2022 05:02:12 GMT
expires: Sun, 01 Dec 2024 17:02:12 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2020/05/04/1588569303.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "61f270983d9f0874"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/pds.faceutil.com/img/2017/05/10/1494390498.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 7.6 kB URL HTTP/2 i0.wp.com/pds.faceutil.com/img/2017/05/10/1494390498.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8164b549a0867906c7eddf598d1bc340
e2f31e7ad50a5999a47865018f75f8467b6ee7bd
bceb9a733637a88dabe1d4e0cfe06c5a0af233992e1cf8c0c1f1142de95e0fca
GET /pds.faceutil.com/img/2017/05/10/1494390498.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 7628
last-modified: Fri, 02 Dec 2022 16:48:47 GMT
expires: Mon, 02 Dec 2024 04:48:47 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/05/10/1494390498.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "7da804c339f4b4a8"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i1.wp.com/pds.faceutil.com/img/2017/05/10/1494393659.gif?resize=200%2C200&ssl=1
192.0.77.2200 OK 36 kB URL HTTP/2 i1.wp.com/pds.faceutil.com/img/2017/05/10/1494393659.gif?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 829909d850e6987d6bb1405e4bb84910
6d1eb88206a2653c0916c51e9f1c5b7e7a1ab2b4
4df098886bcb7d08a66f5d1725675f33b269d9d50e8ed8c3869afabcbd2c08b2
GET /pds.faceutil.com/img/2017/05/10/1494393659.gif?resize=200%2C200&ssl=1 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 35914
last-modified: Fri, 02 Dec 2022 05:02:12 GMT
expires: Sun, 01 Dec 2024 17:02:12 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/05/10/1494393659.gif>; rel="canonical"
x-content-type-options: nosniff
etag: "97361413f6f73cde"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i2.wp.com/pds.faceutil.com/img/2017/03/23/1490256035.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 6.6 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2017/03/23/1490256035.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c4bc4d99f3c5ee0f0f63772b8776315f
f0621addd59e1fb8139394b1cadb1e2e739c6721
15172e9a63744fe6e0401a0e33cbc87188c2645b110d9e5c7e5889412c4d94a1
GET /pds.faceutil.com/img/2017/03/23/1490256035.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 6588
last-modified: Thu, 17 Nov 2022 10:55:20 GMT
expires: Sat, 16 Nov 2024 22:55:20 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/03/23/1490256035.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "ff512cd28e47fc8b"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i1.wp.com/pds.faceutil.com/img/2020/07/09/1594268682.png?resize=200%2C200&ssl=1
192.0.77.2200 OK 35 kB URL HTTP/2 i1.wp.com/pds.faceutil.com/img/2020/07/09/1594268682.png?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8502635c146c2c03975486b634041eb5
8fad404296b4eb482b9d7d04cfc2ab305869ced6
bc3789f188ee31ea2e86b54e077afe07387f355c768cc398dd7d2cfb45ddd9a2
GET /pds.faceutil.com/img/2020/07/09/1594268682.png?resize=200%2C200&ssl=1 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 34790
last-modified: Wed, 09 Nov 2022 04:19:29 GMT
expires: Fri, 08 Nov 2024 16:19:29 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2020/07/09/1594268682.png>; rel="canonical"
x-content-type-options: nosniff
etag: "c62573e69c15edbf"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i2.wp.com/pds.faceutil.com/img/2017/03/21/1490102916.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 6.1 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2017/03/21/1490102916.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f82aeadac4ac4d43b9db15b607edc9e0
7c2a78bba9e3e6554136c10d7c6353f7c3b22f3c
d17237836bd8143ad88e22e32fa0af41ed04b47274890c0f7d232bbecd7e4f20
GET /pds.faceutil.com/img/2017/03/21/1490102916.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 6084
last-modified: Sat, 12 Nov 2022 07:36:24 GMT
expires: Mon, 11 Nov 2024 19:36:24 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/03/21/1490102916.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "2d4d7d700258c635"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i2.wp.com/pds.faceutil.com/img/2017/05/11/1494468750.png?resize=200%2C200&ssl=1
192.0.77.2200 OK 54 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2017/05/11/1494468750.png?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 747e99fc7163510c885fe3554f288307
05652ca4f9256e8a12c52597a45ea2675f88ae91
174748d8d9b855a9dbbd990a886096abfd834553382eeb5e72936c22716e4d0a
GET /pds.faceutil.com/img/2017/05/11/1494468750.png?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:58 GMT
content-type: image/webp
content-length: 53808
last-modified: Mon, 28 Nov 2022 02:32:12 GMT
expires: Wed, 27 Nov 2024 14:32:12 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/05/11/1494468750.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0132e3999a376bf2"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.mobon.net/js/common/HawkEyesMaker.js
14.0.113.206200 OK 101 kB URL HTTP/1.1 img.mobon.net/js/common/HawkEyesMaker.js
IP 14.0.113.206:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 101 kB (101002 bytes)
Hash 3d018aa70b1e54a34e228d24e93cbb92
4eddafa98a083d27fe16d74da703b4f06391d769
7cd8f9bb7da936d9afcf4b7fd9679bc44c3215169d15a636446929ded9b4c1fc
GET /js/common/HawkEyesMaker.js HTTP/1.1
Host: img.mobon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:58 GMT
Content-Type: text/javascript
Content-Length: 101002
Connection: keep-alive
Server: PWS/8.3.1.0.8
Last-Modified: Thu, 21 Jul 2022 05:31:18 GMT
ETag: "f42ab2-18a8a-5e44a06ed039c"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Age: 39625
Via: 1.1 PShgseSEL5ii162:3 (W), 1.1 PShgseSEL4cy114:14 (W)
X-Px: ht PShgseSEL4cy114GMP
X-Ws-Request-Id: 638a2c7a_PShgseSEL4bh115_33259-37109
fonts.gstatic.com/s/merriweathersans/v22/2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2
216.58.207.227200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/merriweathersans/v22/2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 35520, version 1.0\012- data
Hash 51c700f108bd3a8639d845abc5a02462
6d467d623871d39830bca94bc9130d61059c35f3
e33e10b8be04e75dfa2658726e85189bf01b986172c16d10b4c0a74332804f58
GET /s/merriweathersans/v22/2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35520
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 03:09:49 GMT
expires: Sat, 02 Dec 2023 03:09:49 GMT
cache-control: public, max-age=31536000
age: 49149
last-modified: Mon, 11 Jul 2022 19:03:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:41 GMT
expires: Tue, 28 Nov 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 338177
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
216.58.207.227200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 26240, version 1.0\012- data
Hash 4a90976686fcbd8296c7d7fccc04c273
bcb82e93ac7ad1fa2af6a37009a200f79f4cb4e5
59bd288e64c57e034672999e33ebda6eb5ad1575945eb563dbfb5b44f226e1e1
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26240
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:02 GMT
expires: Tue, 28 Nov 2023 18:56:02 GMT
cache-control: public, max-age=31536000
age: 337976
last-modified: Mon, 15 Aug 2022 18:14:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
216.58.207.227200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 31320, version 1.0\012- data
Hash 3fe71527811fbfedd2c07962e1bc49e7
f63e158a0480c5d711b5e268db0e75e57d87a8a5
24c0e724005344165ee0a0ff4c96a914e174bb4caa20c8a533fb194d92853e95
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31320
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:57:48 GMT
expires: Tue, 28 Nov 2023 18:57:48 GMT
cache-control: public, max-age=31536000
age: 337870
last-modified: Mon, 15 Aug 2022 18:11:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
216.58.207.227200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:56:05 GMT
expires: Tue, 28 Nov 2023 18:56:05 GMT
cache-control: public, max-age=31536000
age: 337973
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2
216.58.207.227200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 21048, version 1.0\012- data
Hash 22c793ce2678cfa2f8c88b123af3bd95
81ac3d0faa06b9dae82faf2f608fa0a329ca1a5a
0c018fe9d09945d93f6f5aa5f1c53a2975621c3043a22344eaf86d6500c245c6
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21048
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:41:58 GMT
expires: Tue, 28 Nov 2023 19:41:58 GMT
cache-control: public, max-age=31536000
age: 335220
last-modified: Mon, 15 Aug 2022 18:13:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 27002fde234e78c7bde340bc621e933f
1bdbe4f1861601b9300101a1e6b3c143ce077e03
48d453fd9ded729e4775519885c13140e44421fe5a8c07fc464c9a354a04ef8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
blog.faceutil.com/wp-content/plugins/jetpack/_inc/twitter-timeline.js?ver=4.0.0
211.233.33.250200 OK 260 B URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/_inc/twitter-timeline.js?ver=4.0.0
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash 63cdc5aedadbc565eeb7e53f076c259a
16a7714b0441ca4eb260d4153d1bae0481d928e2
dc2cb5e406eec1fd4bc0dadc63f3e74cbd90257475d6f8b20ce200c036d5ce9b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/_inc/twitter-timeline.js?ver=4.0.0 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "10055e-157-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 260
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-includes/js/wp-embed.min.js?ver=4.7.2
211.233.33.250200 OK 751 B URL HTTP/1.1 blog.faceutil.com/wp-includes/js/wp-embed.min.js?ver=4.7.2
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (1398), with no line terminators
Hash 7542039ce963ffd18ad4fb7be13bd2be
8385e433e8e65739fc27b6bd16b1a7ae71b11084
a70bca1336a4ac7592ce631cbb22c9ebb01d60461d221ac7a46f91a4ccfd1255
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-embed.min.js?ver=4.7.2 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 23 Nov 2016 13:38:33 GMT
ETag: "e144b-576-541f8014be840"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 751
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/plugins/jetpack/_inc/spin.js?ver=1.3
211.233.33.250200 OK 3.8 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/_inc/spin.js?ver=1.3
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash fbffaa6dcda4e19a7ac5cf067191b4c3
25333714fe3bac0bd608fbd6e4921e94d4dfd07f
fb31d5b515aa7e48c7c5a70a067d6dca25a050c5390e936055b5e18fa146bf21
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/_inc/spin.js?ver=1.3 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "10053a-27d5-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3808
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/plugins/jetpack/_inc/jquery.spin.js?ver=1.3
211.233.33.250200 OK 1.2 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/_inc/jquery.spin.js?ver=1.3
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash ea8e88c6a70d40551fed82a9a026ae32
70b78afd236ad9ef06459c9c9f58f414c40fd6e3
d3e5ac1299380977ea0a9e0affce0a689a7633ea8a92d2b4bfa3c583fa8fb3d4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/_inc/jquery.spin.js?ver=1.3 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "100510-d02-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1156
Connection: close
Content-Type: text/javascript
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d601e971cf08df0576a68d5933de9067
7ea8072d35e120830abc831f273f3544e58cb7e4
484164786974448915573f2b0d659e949693d7643d22d77eebd54a3f252a84cc
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4018
Cache-Control: max-age=142268
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:48:59 GMT
Etag: "6389a585-1d7"
Expires: Sun, 04 Dec 2022 08:20:07 GMT
Last-Modified: Fri, 02 Dec 2022 07:13:09 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
blog.faceutil.com/wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.js?ver=20160325
211.233.33.250200 OK 14 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.js?ver=20160325
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash 42043a55ad6ed5ddbc43f5e97d4d3fee
1fdb4e79f6b823229849bf373debde3208122d80
e8bfffab5c235af4e678aabcc6ddd58bf3a7c73b53f88f8e2f47a08ae66e6f2b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.js?ver=20160325 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "100222-cf6a-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14235
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/plugins/jetpack/images/rss/orange-large.png
211.233.33.250200 OK 2.5 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/images/rss/orange-large.png
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash 444af470b2d36623da32551fb16a1647
95394c083c0fb42783624e3e9f077e3e0399da08
aca3978b854d733c9e09e0a8bcbf22a47af0ad1ecab4fbb09520b18a8f9316da
GET /wp-content/plugins/jetpack/images/rss/orange-large.png HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "1000ca-9bf-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2518
Connection: close
Content-Type: image/png
pixel.wp.com/g.gif?v=ext&j=1%3A4.6&blog=125196822&post=0&tz=9&srv=blog.faceutil.com&host=blog.faceutil.com&ref=&fcp=5992&rand=0.6139403696579182
192.0.76.3200 OK 50 B URL HTTP/2 pixel.wp.com/g.gif?v=ext&j=1%3A4.6&blog=125196822&post=0&tz=9&srv=blog.faceutil.com&host=blog.faceutil.com&ref=&fcp=5992&rand=0.6139403696579182
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&j=1%3A4.6&blog=125196822&post=0&tz=9&srv=blog.faceutil.com&host=blog.faceutil.com&ref=&fcp=5992&rand=0.6139403696579182 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:59 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-KE6875C4VY>m=2oebu0&_p=1118596762&cid=1176241717.1669999737&ul=en-us&sr=1280x1024&_s=1&sid=1669999737&sct=1&seg=0&dl=https%3A%2F%2Fblog.faceutil.com%2F&dt=%ED%8E%98%EC%9D%B4%EC%8A%A4%EC%9C%A0%ED%8B%B8%20%7C%20%EB%AC%B4%EB%A3%8C%EA%B2%8C%EC%9E%84%20%EC%86%8C%ED%94%84%ED%8A%B8%EC%9B%A8%EC%96%B4%20%EB%8B%A4%EC%9A%B4%EB%A1%9C%EB%93%9C&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-KE6875C4VY>m=2oebu0&_p=1118596762&cid=1176241717.1669999737&ul=en-us&sr=1280x1024&_s=1&sid=1669999737&sct=1&seg=0&dl=https%3A%2F%2Fblog.faceutil.com%2F&dt=%ED%8E%98%EC%9D%B4%EC%8A%A4%EC%9C%A0%ED%8B%B8%20%7C%20%EB%AC%B4%EB%A3%8C%EA%B2%8C%EC%9E%84%20%EC%86%8C%ED%94%84%ED%8A%B8%EC%9B%A8%EC%96%B4%20%EB%8B%A4%EC%9A%B4%EB%A1%9C%EB%93%9C&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-KE6875C4VY>m=2oebu0&_p=1118596762&cid=1176241717.1669999737&ul=en-us&sr=1280x1024&_s=1&sid=1669999737&sct=1&seg=0&dl=https%3A%2F%2Fblog.faceutil.com%2F&dt=%ED%8E%98%EC%9D%B4%EC%8A%A4%EC%9C%A0%ED%8B%B8%20%7C%20%EB%AC%B4%EB%A3%8C%EA%B2%8C%EC%9E%84%20%EC%86%8C%ED%94%84%ED%8A%B8%EC%9B%A8%EC%96%B4%20%EB%8B%A4%EC%9A%B4%EB%A1%9C%EB%93%9C&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://blog.faceutil.com
date: Fri, 02 Dec 2022 16:48:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wcs.naver.com/m?u=https%3A%2F%2Fblog.faceutil.com%2F&e=&wa=4f674946a5e760&bt=-1&os=Linux%20x86_64&ln=en-US&sr=1280x1024&bw=1280&bh=939&c=24&j=N&jv=1.8&k=Y&ct=&cs=UTF-8&tl=%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8%2520%257C%2520%25EB%25AC%25B4%25EB%25A3%258C%25EA%25B2%258C%25EC%259E%2584%2520%25EC%2586%258C%25ED%2594%2584%25ED%258A%25B8%25EC%259B%25A8%25EC%2596%25B4%2520%25EB%258B%25A4%25EC%259A%25B4%25EB%25A1%259C%25EB%2593%259C&vs=0.8.6&nt=1669999736939&EOU
210.89.167.46200 OK 43 B URL HTTP/2 wcs.naver.com/m?u=https%3A%2F%2Fblog.faceutil.com%2F&e=&wa=4f674946a5e760&bt=-1&os=Linux%20x86_64&ln=en-US&sr=1280x1024&bw=1280&bh=939&c=24&j=N&jv=1.8&k=Y&ct=&cs=UTF-8&tl=%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8%2520%257C%2520%25EB%25AC%25B4%25EB%25A3%258C%25EA%25B2%258C%25EC%259E%2584%2520%25EC%2586%258C%25ED%2594%2584%25ED%258A%25B8%25EC%259B%25A8%25EC%2596%25B4%2520%25EB%258B%25A4%25EC%259A%25B4%25EB%25A1%259C%25EB%2593%259C&vs=0.8.6&nt=1669999736939&EOU
IP 210.89.167.46:0
ASN #23576 NAVER Cloud Corp.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /m?u=https%3A%2F%2Fblog.faceutil.com%2F&e=&wa=4f674946a5e760&bt=-1&os=Linux%20x86_64&ln=en-US&sr=1280x1024&bw=1280&bh=939&c=24&j=N&jv=1.8&k=Y&ct=&cs=UTF-8&tl=%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8%2520%257C%2520%25EB%25AC%25B4%25EB%25A3%258C%25EA%25B2%258C%25EC%259E%2584%2520%25EC%2586%258C%25ED%2594%2584%25ED%258A%25B8%25EC%259B%25A8%25EC%2596%25B4%2520%25EB%258B%25A4%25EC%259A%25B4%25EB%25A1%259C%25EB%2593%259C&vs=0.8.6&nt=1669999736939&EOU HTTP/1.1
Host: wcs.naver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 16:48:59 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
set-cookie: NWB=a6e5e86c9bb39b7ad30351074ef54e76.1669999739814; Expires=Wed, 01-Dec-27 16:48:59 GMT; Domain=wcs.naver.com; Path=/; Secure; SameSite=None
NWB_LEGACY=a6e5e86c9bb39b7ad30351074ef54e76.1669999739814; Expires=Wed, 01-Dec-27 16:48:59 GMT; Domain=wcs.naver.com; Path=/
p3p: CP = "ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
server: wcs
accept-ch: Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: Tue, 01 Jan 1980 09:00:00 GMT
x-content-type-options: nosniff
access-control-allow-credentials: true
X-Firefox-Spdy: h2
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dc3c5046265eb051f216d1ef9c05392e
062afecb8c7f395cae25bca15b0ff0715dc1a4ce
4a0f0b55288e705e82ac42d083cd30c0c273cb2e95dfcccee40e1c663287c1c4
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6297
Cache-Control: max-age=88032
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:49:00 GMT
Etag: "6388c8c3-1d7"
Expires: Sat, 03 Dec 2022 17:16:12 GMT
Last-Modified: Thu, 01 Dec 2022 15:31:15 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 114f8945f75a890f692c9af268d0f74d
2ea5b023b9ad7bc58efcff3575859764f984ec96
c84212c65942723375c00a1c59554e6044d9136c6bafd9864722f998831c26f0
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:49:00 GMT
Etag: "6388c8c3-1d7"
Server: ECS (amb/6B9C)
Content-Length: 471
blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
211.233.33.250200 OK 77 kB URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4; wcs_bt=4f674946a5e760:1669999736
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100769-12d68-5492d44d94940"
Accept-Ranges: bytes
Content-Length: 77160
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=euckr
www.mediacategory.com/script/common/media/629392
119.205.238.29200 355 B URL HTTP/1.1 www.mediacategory.com/script/common/media/629392
IP 119.205.238.29:0
Hash cae4a4fa667589055002182c19a44dce
16b9c8331bd0ee982e7648a8178b17bc4662f565
574c4dd3e9110713b108d12be624f0be06cf599d2a497eeccb8911160320fdab
GET /script/common/media/629392 HTTP/1.1
Host: www.mediacategory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Date: Fri, 02 Dec 2022 16:48:59 GMT
Content-Type: text/javascript
Content-Length: 355
Connection: keep-alive
Set-Cookie: Start_Time=2022120301; Domain=.mediacategory.com; Expires=Sun, 01-Dec-2024 16:48:59 GMT; Path=/
IP_info=91.90.42.154.1239883; Domain=.mediacategory.com; Expires=Sun, 01-Dec-2024 16:48:59 GMT; Path=/
www.mediacategory.com/servlet/adbnMobileBanner?from=&s=598131&types=ico_m&bCover=true
119.205.238.29200 2.2 kB URL HTTP/1.1 www.mediacategory.com/servlet/adbnMobileBanner?from=&s=598131&types=ico_m&bCover=true
IP 119.205.238.29:0
File type ISO-8859 text, with very long lines (417)
Hash a73f998b85a127c53cbceaf3cf111fc9
fe0459d02d08297b3859c2405a702fc44cd7a41d
67a290619009ccb2bbb905cbe1ee9737ddab144d6ef0dc98af94b8e950668981
GET /servlet/adbnMobileBanner?from=&s=598131&types=ico_m&bCover=true HTTP/1.1
Host: www.mediacategory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Date: Fri, 02 Dec 2022 16:49:00 GMT
Content-Type: text/html;charset=euc-kr
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
P3P: CP='CAO PSA CONi OTR OUR DEM ONL'
Set-Cookie: Start_Time=2022120301; Domain=.mediacategory.com; Expires=Sun, 01-Dec-2024 16:49:00 GMT; Path=/
IP_info=91.90.42.154.9043823; Domain=.mediacategory.com; Expires=Sun, 01-Dec-2024 16:49:00 GMT; Path=/
au_id=38e626eb6bb77c2c-49398d08184d3b9c957-1781; Domain=.mediacategory.com; Expires=Sun, 01-Dec-2024 16:49:00 GMT; Path=/
vary: accept-encoding
Content-Encoding: gzip
www.mediacategory.com/servlet/iadbn?from=&location=https%3A//blog.faceutil.com/&s=629392&psb=99
119.205.238.29200 1.9 kB URL HTTP/1.1 www.mediacategory.com/servlet/iadbn?from=&location=https%3A//blog.faceutil.com/&s=629392&psb=99
IP 119.205.238.29:0
File type HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (481)
Hash f1f7d8dd2c82192b8ba8340187e9c64b
02497b7588b1edcbc7c77d611d8777aa51c1b114
b1c7f3487238bb7fbdd01b4b36a6d7a9cbd0fa9a3cf3c28ce3b6feb8c276c5fd
GET /servlet/iadbn?from=&location=https%3A//blog.faceutil.com/&s=629392&psb=99 HTTP/1.1
Host: www.mediacategory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Date: Fri, 02 Dec 2022 16:48:59 GMT
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: Start_Time=2022120301; Domain=.mediacategory.com; Expires=Sun, 01-Dec-2024 16:48:59 GMT; Path=/
IP_info=91.90.42.154.2181914; Domain=.mediacategory.com; Expires=Sun, 01-Dec-2024 16:48:59 GMT; Path=/
au_id=441f779ff5273dd6-1d292662184d3b9013c-506; Domain=.mediacategory.com; Expires=Sun, 01-Dec-2024 16:48:59 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
P3P: CP='CAO PSA CONi OTR OUR DEM ONL'
vary: accept-encoding
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 24450ed842495fb2f4ba69e1fac2d4d2
c7e7c8aa0308094c71d663a21bd9e689aeccc952
0dddf87df6f1821f08503310345aa465e0b63a4f130073e734e27e04780c4baa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:49:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
216.239.38.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.38.178:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 02 Dec 2022 16:46:55 GMT
expires: Fri, 02 Dec 2022 18:46:55 GMT
cache-control: public, max-age=7200
age: 125
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a11a991958dbd78dfb3392214590ef38
c5fb54ce1ad1c51598623b66827af482c565e0d5
01d67dc39941deea93712fa87453fd27679357916ab856358e0bda7a63b2624d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4460
Cache-Control: max-age=115714
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:49:00 GMT
Etag: "63893c12-1d7"
Expires: Sun, 04 Dec 2022 00:57:34 GMT
Last-Modified: Thu, 01 Dec 2022 23:43:14 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
platform.twitter.com/widgets.js
151.101.244.157200 OK 29 kB URL HTTP/2 platform.twitter.com/widgets.js
IP 151.101.244.157:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 2df2f01e0c50f93a363cd2121f336b8e
f2c4d94859575123d0b1056f0338982eb094c60f
2cf6d15fc44a8c4387114a5a20174ae75515d43840cde361e64bf1a75e676585
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 19:43:37 GMT
cache-control: public, max-age=1800
content-type: application/javascript; charset=utf-8
etag: "6633f9603c759c40d9b200995454f17c+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:00 GMT
x-served-by: cache-iad-kcgs7200093-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 29221
X-Firefox-Spdy: h2
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=person/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs
172.217.21.174200 OK 42 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=person/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs
IP 172.217.21.174:0
File type ASCII text, with very long lines (661)
Hash 20624924ddb3032daa27b9b57720401c
2cd1d53d4fd8c33f533dd78af548f7d883ae4210
e7166629454e0d6c8e3c1bb2739c30ad69eaa4ba94de34e00db664aa0cfef028
GET /_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=person/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 42350
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 22:37:43 GMT
expires: Wed, 29 Nov 2023 22:37:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
content-type: text/javascript; charset=UTF-8
age: 238277
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a6ad57d839c4b452d7118cf2052f9d35
50afdbe46f04c7611c1a0111bce3a76775e50272
4c5c20573601bde0f5c3567e02d02d74ab22d4ffe12f632e1def1b87dc86ad3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:49:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=person/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs
172.217.21.174200 OK 43 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=person/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs
IP 172.217.21.174:0
File type ASCII text, with very long lines (580)
Hash ca77cda252e41fda3aa101b1f0508d4e
7413cb30ee560cddd012d63b4e43bfffa0dbf956
519f568426907af9f0e220f481b8ed21f6cfe37d640985cd4db81850c532f175
GET /_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=person/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 43295
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 16:45:25 GMT
expires: Wed, 29 Nov 2023 16:45:25 GMT
cache-control: public, max-age=31536000
age: 259415
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/u/0/_/widget/render/person?usegapi=1&href=https%3A%2F%2Fplus.google.com%2F116698397072408224308&layout=portrait&theme=light&showcoverphoto=true&showtagline=true&width=220&origin=https%3A%2F%2Fblog.faceutil.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
172.217.21.174301 Moved Permanently 226 B URL HTTP/2 apis.google.com/u/0/_/widget/render/person?usegapi=1&href=https%3A%2F%2Fplus.google.com%2F116698397072408224308&layout=portrait&theme=light&showcoverphoto=true&showtagline=true&width=220&origin=https%3A%2F%2Fblog.faceutil.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
IP 172.217.21.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4df07581948280a6e769a24c5d99d775
843a2c95362347eb8894a6acb607f139be65ded4
3561b93a48d81fac116ccd6e60163bd382abb1d594c81240f5718feb1f197f73
GET /u/0/_/widget/render/person?usegapi=1&href=https%3A%2F%2Fplus.google.com%2F116698397072408224308&layout=portrait&theme=light&showcoverphoto=true&showtagline=true&width=220&origin=https%3A%2F%2Fblog.faceutil.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__ HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: http://developers.google.com/
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 02 Dec 2022 16:49:00 GMT
expires: Fri, 02 Dec 2022 17:19:00 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/ko_KR/sdk.js?_=1669999736933
157.240.240.1200 OK 1.7 kB URL HTTP/2 connect.facebook.net/ko_KR/sdk.js?_=1669999736933
IP 157.240.240.1:0
File type ASCII text, with very long lines (1957)
Hash 8a4d10efced528abe64b92c5c6c671b4
66fca209059625e1257f4addbdbdc7ff231320f3
e774a9086d799e557276234fc68919af26b0e32f715b6727a114080ef23f5e8f
GET /ko_KR/sdk.js?_=1669999736933 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 4c3e3aa7a7f5df80c4eafd3e7bb01362
etag: "9908d03cba73284ae893add680d4ef6d"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 02 Dec 2022 17:09:00 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: ik0Q787VKKvmS5LFxsZxtA==
x-fb-debug: fTSEYhAnwe2EKVP8SnBrQQ8itmomU1+pFYeh0PT1m8KV+l7b9ikSZY9GHabJh4M+mTfzL+9TTiseKXJQwUGEhg==
content-length: 1688
priority: u=3,i
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 16:49:00 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a11a991958dbd78dfb3392214590ef38
c5fb54ce1ad1c51598623b66827af482c565e0d5
01d67dc39941deea93712fa87453fd27679357916ab856358e0bda7a63b2624d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4460
Cache-Control: max-age=115714
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:49:00 GMT
Etag: "63893c12-1d7"
Expires: Sun, 04 Dec 2022 00:57:34 GMT
Last-Modified: Thu, 01 Dec 2022 23:43:14 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a26afaaadb2a0ed8f3adf3ba46f076b0
fd5066cc90bd627ab0cf7f2463ae71b26f7ebf38
0ef7ce87cf40f2eabf3daab6d1336bfd51f0539f6d174a5f66afdd898acd1d06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:49:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
blog.faceutil.com/wp-content/uploads/2017/02/faceutil_ico.png
211.233.33.250200 OK 5.2 kB URL HTTP/1.1 blog.faceutil.com/wp-content/uploads/2017/02/faceutil_ico.png
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type PNG image data, 200 x 201, 8-bit/color RGBA, non-interlaced\012- data
Hash 2dc862fb2f365aca978da4e3bd414995
8271baeed9617f03e3174552b52c12219b71bb80
f361471600aa897e2af7a70b4f525d55d65a323854543f4db1b8119cfedf7122
GET /wp-content/uploads/2017/02/faceutil_ico.png HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=po6ig8v3l78p30526hma48nds4; wcs_bt=4f674946a5e760:1669999736; _ga_KE6875C4VY=GS1.1.1669999737.1.0.1669999737.0.0.0; _ga=GA1.1.1176241717.1669999737
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:48:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 08:15:54 GMT
ETag: "e195b-1454-5492e38cf8280"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5227
Connection: close
Content-Type: image/png
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 008d73afe4b0c9173762e808e60a25b4
3667c94f1fb3ac84426306c33e42e977ea1c8f5f
8cb7e87e8a4a09cace36dbc160197bf46a0de5e2a192435616acfa8fa8e973b9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5993
Cache-Control: max-age=136639
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 16:49:00 GMT
Etag: "638987d2-139"
Expires: Sun, 04 Dec 2022 06:46:19 GMT
Last-Modified: Fri, 02 Dec 2022 05:06:26 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
connect.facebook.net/ko_KR/sdk.js?hash=79d5890d1125777c0a54bd16b0941e69
157.240.240.1200 OK 88 kB URL HTTP/2 connect.facebook.net/ko_KR/sdk.js?hash=79d5890d1125777c0a54bd16b0941e69
IP 157.240.240.1:0
File type ASCII text, with very long lines (18530)
Hash 9feca8145423e2b6e8d10c7c311997c4
477f28cb3c85f73bd414fba84b854bacef04c848
8b85cc146a375ea6aa2dfcbaa83920ae5ea00d0ef38497a20940dc31113b7e4b
GET /ko_KR/sdk.js?hash=79d5890d1125777c0a54bd16b0941e69 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: d2436b9e0636194281db09713865faea
etag: "9bdab3a332998c6764c03bb9a53f006c"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 02 Dec 2023 15:01:27 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: n+yoFFQj4rbo0Qx8MRmXxA==
x-fb-debug: h8NkqEm22A+A6TlKoVD7o2zAhCE3tZZe4lncI0Y572j1NErfgJy8Z5uaIEanCkgQLup4adYgG2ns5gSAhm5+tQ==
content-length: 88533
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 16:49:00 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=f35dad946289ebb15324a912cf6a4866cef70c3e
104.244.42.72200 OK 374 B URL HTTP/2 syndication.twitter.com/settings?session_id=f35dad946289ebb15324a912cf6a4866cef70c3e
IP 104.244.42.72:0
File type JSON data\012- , ASCII text, with very long lines (913), with no line terminators
Hash 925c2a7587f39436ea29513221652474
695b7f2f3d99f407bcdfd0b372db0e28193cc60c
62e36e14e5c219119cb51c3cdf43a2005512a1bd6ebf2d68d0c610a2e6e3ef0f
GET /settings?session_id=f35dad946289ebb15324a912cf6a4866cef70c3e HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 16:49:00 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Fri, 02 Dec 2022 16:49:00 GMT
content-length: 374
content-encoding: gzip
x-transaction-id: 1fe8c2080302e8b0
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 110
x-connection-hash: f0067be12881ae69e04c63f732bae7959c7b652525a6f820fd1d0b43c1fb3846
X-Firefox-Spdy: h2
img.mobon.net/js/jquery-1.6.2.min.js
14.0.113.206200 OK 92 kB URL HTTP/1.1 img.mobon.net/js/jquery-1.6.2.min.js
IP 14.0.113.206:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32764)
Hash a1a8cb16a060f6280a767187fd22e037
7622c9ac2335be6dcd3ab8b47132e94089cef931
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
GET /js/jquery-1.6.2.min.js HTTP/1.1
Host: img.mobon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mediacategory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:49:00 GMT
Content-Type: text/javascript
Content-Length: 91556
Connection: keep-alive
Server: PWS/8.3.1.0.8
Last-Modified: Thu, 05 May 2016 06:31:46 GMT
ETag: "f021d0-165a4-532127f0e5880"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 41129
Via: 1.1 PShgseSEL7vn105:10 (W), 1.1 PShgseSEL4aj113:12 (W)
X-Px: ht PShgseSEL4aj113GMP
X-Ws-Request-Id: 638a2c7c_PShgseSEL4bh115_33259-37136
Cache-Control: max-age=86400
platform.twitter.com/js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js
151.101.244.157200 OK 3.0 kB URL HTTP/2 platform.twitter.com/js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js
IP 151.101.244.157:0
File type Unicode text, UTF-8 text, with very long lines (8274), with no line terminators
Hash 6e42e5a6cf489ef3e9932ecc0f313720
c2f8b85898843be56a878e7f0aeef2bb3b959eae
52b8e63699edf9012ed8a59cd30ae085c1fe5b8e3bfe06cab36e00a440a9b162
GET /js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 19:36:52 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "be517337a860b30e72096680d8dde0eb+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kjyo7100085-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 2977
X-Firefox-Spdy: h2
accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fblog.faceutil.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
142.250.74.109200 OK 4.7 kB URL HTTP/2 accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fblog.faceutil.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2267)
Hash ef145aaf99ba864e95d3aaeebe48956c
63606e41c0db4362afad343ea3f5de7b5fe34cb3
80d8f00d9e2bf4166ea90910aa0eea9e5c8dd09c6791467280c634b508553629
GET /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fblog.faceutil.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 16:49:01 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'nonce-XdvndlKjVJVQbX1TsLGjGA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
syndication.twitter.com/i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669999739325%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=f35dad946289ebb15324a912cf6a4866cef70c3e
104.244.42.72200 OK 43 B URL HTTP/2 syndication.twitter.com/i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669999739325%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=f35dad946289ebb15324a912cf6a4866cef70c3e
IP 104.244.42.72:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669999739325%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=f35dad946289ebb15324a912cf6a4866cef70c3e HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 16:49:00 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: image/gif
cache-control: must-revalidate, max-age=600
last-modified: Fri, 02 Dec 2022 16:49:01 GMT
content-length: 43
x-transaction-id: 8e2b5f66790b4e20
strict-transport-security: max-age=631138519
x-response-time: 110
x-connection-hash: f0067be12881ae69e04c63f732bae7959c7b652525a6f820fd1d0b43c1fb3846
X-Firefox-Spdy: h2
img.mobon.net/newAd/js/jquery-1.9.1.min.js
14.0.113.206200 OK 112 kB URL HTTP/1.1 img.mobon.net/newAd/js/jquery-1.9.1.min.js
IP 14.0.113.206:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (38285)
Size 112 kB (111552 bytes)
Hash 40c3ba029e2186c188414067ddcb85a5
91804d2c8d596fe5826b125a7e6d2f83855747ce
88460181df47931862c8c62935fb54eb25ca68a121cad7b1b12d3cd9f3b9d1d7
GET /newAd/js/jquery-1.9.1.min.js HTTP/1.1
Host: img.mobon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mediacategory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:49:00 GMT
Content-Type: text/javascript
Content-Length: 111552
Connection: keep-alive
Server: PWS/8.3.1.0.8
Last-Modified: Tue, 14 Aug 2018 01:15:32 GMT
ETag: "1001139-1b3c0-5735af24c9f29"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 41129
Via: 1.1 PShgseSEL5pk161:0 (W), 1.1 PShgseSEL4cy114:20 (W)
X-Px: ht PShgseSEL4cy114GMP
X-Ws-Request-Id: 638a2c7c_PShgseSEL4bh115_33223-34719
Cache-Control: max-age=86400
syndication.twitter.com/srv/timeline-profile/screen-name/faceutil21?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=ko&limit=15&origin=https%3A%2F%2Fblog.faceutil.com%2F&partner=jetpack&sessionId=f35dad946289ebb15324a912cf6a4866cef70c3e&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940
104.244.42.72200 OK 1.9 kB URL HTTP/2 syndication.twitter.com/srv/timeline-profile/screen-name/faceutil21?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=ko&limit=15&origin=https%3A%2F%2Fblog.faceutil.com%2F&partner=jetpack&sessionId=f35dad946289ebb15324a912cf6a4866cef70c3e&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940
IP 104.244.42.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5353), with no line terminators
Hash 7e93eb507ab10b9c168c5496002b0dd1
2796b945cb492135844e3d2243c58ba75f6dc681
c812c10d0aa5712e3e48655c8ab967ba0859179ab166a0721c148024bd1fb257
GET /srv/timeline-profile/screen-name/faceutil21?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=ko&limit=15&origin=https%3A%2F%2Fblog.faceutil.com%2F&partner=jetpack&sessionId=f35dad946289ebb15324a912cf6a4866cef70c3e&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 16:49:01 GMT
etag: "14e9-b3I5IlnJvxb+JfbTFIxXhXQpE+g"
perf: 7626143928
server: tsa_o
content-type: text/html; charset=utf-8
cache-control: must-revalidate, max-age=60
x-transaction-id: 7881a522e6d62bad
x-xss-protection: 0
strict-transport-security: max-age=631138519
content-encoding: gzip
content-length: 1916
x-response-time: 190
x-connection-hash: f0067be12881ae69e04c63f732bae7959c7b652525a6f820fd1d0b43c1fb3846
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/runtime-a148fbcbc5efcd91d3a7.js
151.101.244.157200 OK 2.1 kB URL HTTP/2 platform.twitter.com/_next/static/chunks/runtime-a148fbcbc5efcd91d3a7.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (3835), with no line terminators
Hash ba27513886434f28c7924109e6aae7e1
6ed33591f7921d5317b7193b921eef19174556e8
c2542eb601dcb1b963417e453f16cb7e812dfe1123ee5b538e01ee1c55f3efa3
GET /_next/static/chunks/runtime-a148fbcbc5efcd91d3a7.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 19:46:26 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "581beb14123ea389fe5c0fe24167fe0a+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kiad7000029-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 2097
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/modules.c7def0268c66f6a548ed.js
151.101.244.157200 OK 96 kB URL HTTP/2 platform.twitter.com/_next/static/chunks/modules.c7def0268c66f6a548ed.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash e44429ed410e85b6513d5b732c3261a3
126e116e2e1da2d1b6cbe82576aa17aec7135fd5
80f9944656c76f5e49f8419e1a0aa60e60f45e73c4948cb8dcc7f8a9efc95c2e
GET /_next/static/chunks/modules.c7def0268c66f6a548ed.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 28 Sep 2022 17:24:15 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "51acddf0dbfab928b183f36c1ee67619+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kcgs7200138-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 95749
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/main-e9db78f5e7b3d83edd5e.js
151.101.244.157200 OK 85 B URL HTTP/2 platform.twitter.com/_next/static/chunks/main-e9db78f5e7b3d83edd5e.js
IP 151.101.244.157:0
File type ASCII text, with no line terminators
Hash b8b2d50ef6298a552e16e83cbfa53a6e
3daca5bf4c3bb217c9a32ded540e661136bff3c8
f53e2f8b049c387ad83b59cd40790d8c642493499a844a91fad0f816078a0748
GET /_next/static/chunks/main-e9db78f5e7b3d83edd5e.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 28 Sep 2022 17:24:13 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "8e33207e7b788da9abde5b6d33da0b00+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kjyo7100030-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 85
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/pages/_app-446fb4a338b215deec8c.js
151.101.244.157200 OK 668 B URL HTTP/2 platform.twitter.com/_next/static/chunks/pages/_app-446fb4a338b215deec8c.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (1338), with no line terminators
Hash 5f7471f4f504b1272dfa395b93cba6b3
cd2dc0ca68a173fbc556f3def8f8c600ad65289f
87e7085e6737c1c42df4905661aa767ec05d5eefbccbba13c2c1f096742dfbed
GET /_next/static/chunks/pages/_app-446fb4a338b215deec8c.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 28 Sep 2022 17:24:13 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "be3e428d416daa9027cecf70b5f26bf9+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kcgs7200056-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 668
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c8b4c96951cf24f547b4.js
151.101.244.157200 OK 1.3 kB URL HTTP/2 platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c8b4c96951cf24f547b4.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (13043), with no line terminators
Hash 0389fac2e22a8300fc9cced6763ee475
44cbad41f2e36927b219dd0951a06acbe7a2c1c8
50499a04d42d4a26b44cba71e6beb56b47bdda7a05ef51e09c13aad52d968f37
GET /_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c8b4c96951cf24f547b4.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 19:46:26 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "1efc61e416c7f4f293501e877fbec836+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kcgs7200028-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 1285
X-Firefox-Spdy: h2
www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ed8d49b5f5e76%26domain%3Dblog.faceutil.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.faceutil.com%252Ff171422a4664888%26relation%3Dparent.parent&container_width=263&height=432&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8-1656053511364043%2F&locale=ko_KR&sdk=joey&show_facepile=true&show_posts=false&width=340
157.240.240.35200 OK 14 kB URL HTTP/2 www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ed8d49b5f5e76%26domain%3Dblog.faceutil.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.faceutil.com%252Ff171422a4664888%26relation%3Dparent.parent&container_width=263&height=432&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8-1656053511364043%2F&locale=ko_KR&sdk=joey&show_facepile=true&show_posts=false&width=340
IP 157.240.240.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (19767)
Hash 5e3e05b470df148d53a034f3bac141ed
cb1513f00c20314da82a439f6655198173ddf80a
4c8cb244f497d4ac06c9a67c1ecd054be4b663c97bccbd4784e3d3e103b6e8ec
GET /v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ed8d49b5f5e76%26domain%3Dblog.faceutil.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.faceutil.com%252Ff171422a4664888%26relation%3Dparent.parent&container_width=263&height=432&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8-1656053511364043%2F&locale=ko_KR&sdk=joey&show_facepile=true&show_posts=false&width=340 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
facebook-api-version: v9.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Y/JQ9sADbUEQx5y697UDtVQovrF1KtaTUfSkNl51Hos1urMo21OgOrZpIETxdx3pj46U582jHKxZg99xc3Exbw==
date: Fri, 02 Dec 2022 16:49:01 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/octaUlqc-A_Am4qAPnvU1/_ssgManifest.js
151.101.244.157200 OK 60 B URL HTTP/2 platform.twitter.com/_next/static/octaUlqc-A_Am4qAPnvU1/_ssgManifest.js
IP 151.101.244.157:0
File type ASCII text, with no line terminators
Hash 3a3a21a8555661b82b582a230c270275
4b95dd3d9816126f2b3231ef3ee11fcfa646e015
6ec0f0d1830724535d444117c7724130da4633be58b3cf7bef512fdaab631429
GET /_next/static/octaUlqc-A_Am4qAPnvU1/_ssgManifest.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 19:46:26 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "abee47769bf307639ace4945f9cfd4ff+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kiad7000068-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 60
X-Firefox-Spdy: h2
secure.gravatar.com/dist/css/services.min.css?ver=2022Decaa
192.0.73.2200 OK 7.1 kB URL HTTP/2 secure.gravatar.com/dist/css/services.min.css?ver=2022Decaa
IP 192.0.73.2:0
File type ASCII text, with very long lines (2644), with no line terminators
Hash 1c11a9c3816c70dcf52b1fb2e2c4a3d8
ecb1eed53ac69d8b5286c5f7c744892f0072e06d
d84f270bc9c8f1a98bbeab4d950287e135fd5d7577a0c42ae7ab7207689f642e
GET /dist/css/services.min.css?ver=2022Decaa HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:49:00 GMT
content-type: text/css
last-modified: Thu, 22 Mar 2018 09:46:04 GMT
etag: W/"5ab37b5c-a54"
content-encoding: br
expires: Fri, 09 Dec 2022 16:49:00 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/2.691622e4391d1973cb65.js
151.101.244.157200 OK 7.7 kB URL HTTP/2 platform.twitter.com/_next/static/chunks/2.691622e4391d1973cb65.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (23122), with no line terminators
Hash 4e68298e4344aa0d3d13719534a3438e
ac46127e7ea4b8a1d548414dcc7760c87c92afa6
b1225020ac004667f5143b07e601c42f334723d978141edaf2f1288d34ec9e68
GET /_next/static/chunks/2.691622e4391d1973cb65.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 28 Sep 2022 17:24:13 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "942b5b928a24465d1906b4716131d896+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kjyo7100021-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 7674
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/25.1196cfa4eb55f7de134c.js
151.101.244.157200 OK 14 kB URL HTTP/2 platform.twitter.com/_next/static/chunks/25.1196cfa4eb55f7de134c.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (53694), with no line terminators
Hash 59c7a07e2e6f274ba9066f838fa2e1a0
090f87b39e267188d4d4fc6121eeb14354fece59
91e14715be5d7517d1ad075f68597224ae38c6f88d2c92a1e13eada2457c5a72
GET /_next/static/chunks/25.1196cfa4eb55f7de134c.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 19:46:26 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "2f6429a57d1908638b4dcaf459730606+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 13533
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yH/r/att8vh4fKZW.js?_nc_x=Ij3Wp8lg5Kz
157.240.240.1200 OK 1.8 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yH/r/att8vh4fKZW.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.240.1:0
File type ASCII text, with very long lines (1984)
Hash 3eec5e9a11ba7da3a0f8cd0af8b4bdcb
462922ace2e24121fb02f42966abb8004b24c98c
92e829ebf854a5a759b0f718ea0f31b4870e1dbbd7f09e8c2e1cac0b21e6d69c
GET /rsrc.php/v3/yH/r/att8vh4fKZW.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 30 Nov 2023 16:15:03 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: PuxemhG6faOg+M0K+LS9yw==
x-fb-debug: ysL+o95UDwHfEUO8RXEoxQbD9qS4wm8/3GXhNWlrUvr6HBzic7cOmeKziHwxYvPnKo/uYjrJr9E3NoDm+nKUAQ==
content-length: 1847
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 16:49:01 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
157.240.240.1200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.240.1:0
File type ASCII text, with very long lines (5542)
Hash 1ad15afc034f310427c81b0759603a2b
e5efd1d029dccf5fa8128c84aadb6544a4ab60e0
fedf63f655f9eef24c517c3d6762fb07b142213ba623d4a0b06614fb5d9754bd
GET /rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 30 Nov 2023 02:31:04 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-fb-rlafr: 0
content-md5: GtFa/ANPMQQnyBsHWWA6Kw==
x-fb-debug: aCcOg3CkPeic7Q1qWgphyxqPm1JrzgvxRd3MqZGIOOJl8cxlygVrXdSkjRKSCXFCr7yUGkhiRQjZtFVjm4IZQg==
content-length: 12334
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 16:49:01 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
157.240.240.1200 OK 830 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.240.1:0
File type ASCII text, with very long lines (724)
Hash d63a02ce87c07ffcfa869fef7fc5f233
cae745fef84088abe3525bb77f75c55cd1d4cc2c
bf9d4d71541a0a1f31b10be351add847ee935da6de355756314c8ca96512444d
GET /rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 18 Nov 2023 18:13:53 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 1joCzofAf/z6hp/vf8XyMw==
x-fb-debug: EQFIrCuvdbNhkhP0+qX25nfZR5/b59RNuR62De1CDyVsRGBezewhGgk/C5RRj1grfjsdldgexjhEAScienNJCw==
content-length: 830
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 16:49:01 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img.mobon.net/js/mobonStorage.js
14.0.113.206200 OK 508 B URL HTTP/1.1 img.mobon.net/js/mobonStorage.js
IP 14.0.113.206:0
File type ASCII text, with CRLF line terminators
Hash b6bf937a9fb3c1ea2105fe81f4a69753
e9dd1cf9c45820f68d202876fbdef1fa2c26ccd0
6cfdeb9af1badf5af62f77edb7c808ae8c86d9db16864cf96751d32854387d68
GET /js/mobonStorage.js HTTP/1.1
Host: img.mobon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mediacategory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 16:49:01 GMT
Content-Type: text/javascript
Content-Length: 508
Connection: keep-alive
Server: PWS/8.3.1.0.8
Last-Modified: Thu, 21 Apr 2022 07:04:20 GMT
ETag: "f08574-1fc-5dd24b81768e7"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 41300
Via: 1.1 PShgseSEL5rx160:2 (W), 1.1 PShgseSEL4aj113:17 (W)
X-Px: ht PShgseSEL4aj113GMP
X-Ws-Request-Id: 638a2c7d_PShgseSEL4bh115_32391-33544
Cache-Control: max-age=86400
static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
157.240.240.1200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.240.1:0
File type C source, ASCII text, with very long lines (8741)
Hash c92ef94e30a2dd9473fd9fe533472b73
97049e47de026939c75a885df9e8bb0fb56515ba
f2981c7109e60cf9f5a9e846a25800dbec20a923db028f310b6feb79415650bb
GET /rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 30 Nov 2023 01:39:55 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: yS75TjCi3ZRz/Z/lM0crcw==
x-fb-debug: xRgL4SR78NBeYrhUhKw2tM2diKO8H9ar5BV1fHljLsQNOYfJnH12XENzxLY13OIbL0DEDztH3k0HkhZz0aFcLg==
content-length: 16232
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 16:49:01 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yy/r/BBmdPZ5Lu1y.js?_nc_x=Ij3Wp8lg5Kz
157.240.240.1200 OK 84 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yy/r/BBmdPZ5Lu1y.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.240.1:0
File type ASCII text, with very long lines (18622)
Hash 7e02e853954d5bcd6ef6e835f9277c0e
54dd84211b7e069b15a63bc3613b36c1cf3ce8d0
e726e6c78b6e5583b726562388aabf3852d26fc110129a2d8f95f7d9c4b7ac46
GET /rsrc.php/v3/yy/r/BBmdPZ5Lu1y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Dec 2023 23:09:02 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: fgLoU5VNW81u9ug1+Sd8Dg==
x-fb-debug: ctNG2uJtyVPDZERwF2EkZMam5ZAUvSQKjsJIgoIK19vUcPUJApfgy+vrkN+INqcnLBhP4c19TKgjbG8KuVCn5w==
content-length: 84306
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 16:49:01 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/_MlHStH4pP8.css?_nc_x=Ij3Wp8lg5Kz
157.240.240.1200 OK 5.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/_MlHStH4pP8.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.240.1:0
File type ASCII text, with very long lines (4431)
Hash 8e899e8b022602e9db9ac5a5fe491992
3204e789cc8df4cc122bce7e80c4e7d43e8c8841
34d3e4f19382c24368e7f6d0b747599f6113401303173f03b27700952df2ec1f
GET /rsrc.php/v3/yZ/l/0,cross/_MlHStH4pP8.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Dec 2023 18:41:26 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: jomeiwImAunbmsWl/kkZkg==
x-fb-debug: KfDgzxujYkvbG7s2MYimFqQ/LIAbSh7YNnt+dU9A1RuKMwjn2jsjdEfaD2IyErEUirZWOirJcsOkgaCpguVmng==
content-length: 5209
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 16:49:01 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3i2w-4/yo/l/ko_KR/6RO4Jokp9az.js?_nc_x=Ij3Wp8lg5Kz
157.240.240.1200 OK 24 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3i2w-4/yo/l/ko_KR/6RO4Jokp9az.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.240.1:0
File type ASCII text, with very long lines (42499)
Hash f4b824212429de456f79a2d231344ebf
f9c53498640f12ce9e83348f91ec73fba6d2be1b
7774916e7b9aff5e7a8586eff5dd520d672e9ae673c144d42a4171da27e3b792
GET /rsrc.php/v3i2w-4/yo/l/ko_KR/6RO4Jokp9az.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 30 Nov 2023 19:20:12 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 9LgkISQp3kVveaLSMTROvw==
x-fb-debug: wAUax8UaqpPl5dbvCnDRJwz+4BzVbjuUhsyQZzf0bqLbefKYQMB2sCZ6A4o4KKtVbRHZQC4mhVbO1Ywfwfo52A==
content-length: 23530
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 16:49:01 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/1.f4b5d6e5e8dcb4c6aa7f.js
151.101.244.157200 OK 299 kB URL HTTP/2 platform.twitter.com/_next/static/chunks/1.f4b5d6e5e8dcb4c6aa7f.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 299 kB (299281 bytes)
Hash 3d0e9f265af612596c7917285b9e6b06
d16d49aa731a566e12e518e8ac996143f1980e49
fae31ff8ae53442f40fc89ce7b303b160c1f227c36f9e560a77ee4522201a33f
GET /_next/static/chunks/1.f4b5d6e5e8dcb4c6aa7f.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 19:46:26 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "5a0c374fae04eeb3b101385087754b18+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kiad7000136-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 299281
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/ondemand.Dropdown.8bc7f6ae41bfb038b2b2.js
151.101.244.157200 OK 2.6 kB URL HTTP/2 platform.twitter.com/_next/static/chunks/ondemand.Dropdown.8bc7f6ae41bfb038b2b2.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (6721), with no line terminators
Hash 1a73d67460d94e87559cc66e4894daa4
caba5d60b7848970d6b0636f93c907b21ec325ef
f01e02207f660350cd4c4ece9bfce80d356a4e1895ae8c5745f85ccfdc3a9d2d
GET /_next/static/chunks/ondemand.Dropdown.8bc7f6ae41bfb038b2b2.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 19:46:26 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "24b6ad17fef6a1d54596d62f11e5a2c6+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:02 GMT
x-served-by: cache-iad-kcgs7200121-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 2624
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 68249
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669999740255%2C%22event_namespace%22%3A%7B%22action%22%3A%22no-results%22%2C%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline-profile%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fblog.faceutil.com%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22jetpack%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%223a64761%3A1667500028145%22%2C%22widget_data_source%22%3A%22screen-name%3Afaceutil21%22%7D&session_id=f35dad946289ebb15324a912cf6a4866cef70c3e
104.244.42.72200 OK 43 B URL HTTP/2 syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669999740255%2C%22event_namespace%22%3A%7B%22action%22%3A%22no-results%22%2C%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline-profile%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fblog.faceutil.com%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22jetpack%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%223a64761%3A1667500028145%22%2C%22widget_data_source%22%3A%22screen-name%3Afaceutil21%22%7D&session_id=f35dad946289ebb15324a912cf6a4866cef70c3e
IP 104.244.42.72:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669999740255%2C%22event_namespace%22%3A%7B%22action%22%3A%22no-results%22%2C%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline-profile%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fblog.faceutil.com%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22jetpack%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%223a64761%3A1667500028145%22%2C%22widget_data_source%22%3A%22screen-name%3Afaceutil21%22%7D&session_id=f35dad946289ebb15324a912cf6a4866cef70c3e HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/srv/timeline-profile/screen-name/faceutil21?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=ko&limit=15&origin=https%3A%2F%2Fblog.faceutil.com%2F&partner=jetpack&sessionId=f35dad946289ebb15324a912cf6a4866cef70c3e&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 16:49:01 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: image/gif
cache-control: must-revalidate, max-age=600
last-modified: Fri, 02 Dec 2022 16:49:02 GMT
content-length: 43
x-transaction-id: c2f042da32c157e3
strict-transport-security: max-age=631138519
x-response-time: 110
x-connection-hash: f0067be12881ae69e04c63f732bae7959c7b652525a6f820fd1d0b43c1fb3846
X-Firefox-Spdy: h2
secure.gravatar.com/dist/css/hovercard.min.css?ver=2022Decaa
192.0.73.2200 OK 0 B URL HTTP/2 secure.gravatar.com/dist/css/hovercard.min.css?ver=2022Decaa
IP 192.0.73.2:0
GET /dist/css/hovercard.min.css?ver=2022Decaa HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:49:00 GMT
content-type: text/css
last-modified: Wed, 11 Nov 2020 15:57:10 GMT
etag: W/"5fac09d6-1e86"
content-encoding: br
expires: Fri, 09 Dec 2022 16:49:00 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2
secure.gravatar.com/js/gprofiles.js?ver=2022Decaa
192.0.73.2200 OK 0 B URL HTTP/2 secure.gravatar.com/js/gprofiles.js?ver=2022Decaa
IP 192.0.73.2:0
GET /js/gprofiles.js?ver=2022Decaa HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:57 GMT
content-type: application/javascript
last-modified: Thu, 15 Sep 2022 11:48:47 GMT
etag: W/"6323111f-5deb"
content-encoding: br
expires: Fri, 09 Dec 2022 16:48:57 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2
stats.wp.com/e-202248.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /e-202248.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:57 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"62f6b688-3508"
content-encoding: br
expires: Mon, 20 Nov 2023 01:50:03 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
apis.google.com/js/platform.js?ver=4.7.2
172.217.21.174200 OK 0 B URL HTTP/2 apis.google.com/js/platform.js?ver=4.7.2
IP 172.217.21.174:0
GET /js/platform.js?ver=4.7.2 HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Fri, 02 Dec 2022 16:49:00 GMT
expires: Fri, 02 Dec 2022 16:49:00 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/0.ad6e60829dfc07776f5e.js
151.101.244.157200 OK 0 B URL HTTP/2 platform.twitter.com/_next/static/chunks/0.ad6e60829dfc07776f5e.js
IP 151.101.244.157:0
GET /_next/static/chunks/0.ad6e60829dfc07776f5e.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 19:46:28 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "f8a649284ac45133fc2c0b92defbd7b3+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Fri, 02 Dec 2022 16:49:01 GMT
x-served-by: cache-iad-kiad7000064-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 187307
X-Firefox-Spdy: h2
s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=202248
192.0.77.32200 OK 0 B URL HTTP/2 s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=202248
IP 192.0.77.32:0
GET /wp-content/js/devicepx-jetpack.js?ver=202248 HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 16:48:57 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"62f6b68a-52b6"
content-encoding: br
expires: Mon, 27 Nov 2023 23:01:22 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca BYPASS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT arn 2
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A600%2C400%2C400italic%2C300%2C100%2C700%7CMerriweather+Sans%3A400%2C700&ver=4.7.2
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A600%2C400%2C400italic%2C300%2C100%2C700%7CMerriweather+Sans%3A400%2C700&ver=4.7.2
IP 142.250.74.106:0
GET /css?family=Open+Sans%3A600%2C400%2C400italic%2C300%2C100%2C700%7CMerriweather+Sans%3A400%2C700&ver=4.7.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Dec 2022 16:48:57 GMT
date: Fri, 02 Dec 2022 16:48:57 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2