r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12054
Expires: Sun, 27 Nov 2022 20:06:13 GMT
Date: Sun, 27 Nov 2022 16:45:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4238
Cache-Control: max-age=154592
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:19 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 11:41:51 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 16:19:23 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1556
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17652
Expires: Sun, 27 Nov 2022 21:39:31 GMT
Date: Sun, 27 Nov 2022 16:45:19 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Qd+067DqQK3kGaSn9IOWZMxDo+/Mt39n/Puppvsc6+eOuzdToMR7p66l22U+qITWIwVfD+qamr8=
x-amz-request-id: 9XXEHHG0GKNTKRX5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 16:44:42 GMT
age: 37
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
blog.faceutil.com/autoapps/modules/tmp/splintercell%20bl%20kor-2_13955.exe?t=1669545396
211.233.33.250302 Found 293 B URL HTTP/1.1 blog.faceutil.com/autoapps/modules/tmp/splintercell%20bl%20kor-2_13955.exe?t=1669545396
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d268ed9dd1981a52493b34720e9d6a2d
8741b6210b7264029415af12bf26ef7df4884126
998a988a13f391097903303cc0af5c28fa8e7c372c10652a15e0d69c967c177a
GET /autoapps/modules/tmp/splintercell%20bl%20kor-2_13955.exe?t=1669545396 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 27 Nov 2022 16:45:20 GMT
Server: Apache/2.2.15 (CentOS)
Location: https://blog.faceutil.com/autoapps/modules/tmp/splintercell%20bl%20kor-2_13955.exe?t=1669545396
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 293
Connection: close
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 16:11:12 GMT
cache-control: public,max-age=3600
age: 2048
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5959
Cache-Control: max-age=151251
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:20 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:46:11 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.166.172.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.166.172.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gKqKw7ZPZMRzGD5iwLdHgQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1pyo1n4ErgiMt7nWVn4Y3Ddb9Ng=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a17b6b5a7b801cabf38386d314901d7a
2061d376b82dfe2b522050c42b11ab4f379c5c26
0ea346340cd328efbfbf02452e7c150d28b9ed216b52efc843a5a4fe1c3f1eb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0EA346340CD328EFBFBF02452E7C150D28B9ED216B52EFC843A5A4FE1C3F1EB8"
Last-Modified: Sat, 26 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21550
Expires: Sun, 27 Nov 2022 22:44:31 GMT
Date: Sun, 27 Nov 2022 16:45:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15007
Expires: Sun, 27 Nov 2022 20:55:28 GMT
Date: Sun, 27 Nov 2022 16:45:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15007
Expires: Sun, 27 Nov 2022 20:55:28 GMT
Date: Sun, 27 Nov 2022 16:45:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15007
Expires: Sun, 27 Nov 2022 20:55:28 GMT
Date: Sun, 27 Nov 2022 16:45:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15007
Expires: Sun, 27 Nov 2022 20:55:28 GMT
Date: Sun, 27 Nov 2022 16:45:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15007
Expires: Sun, 27 Nov 2022 20:55:28 GMT
Date: Sun, 27 Nov 2022 16:45:21 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
age: 68587
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f80a9a9b55da31c98663e157dde74a19
26b8dd82140c0db021048e11bff65a391dc6b444
680c39e4ea1d784db9831958942a64f3e83618dc443c8bcaa34223d85bb5b926
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6859
x-amzn-requestid: 4a1b13ad-9455-401d-a914-c1ada2191977
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYTHRroAMFR8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-4e5d630b23cdeb2e4b6d75d1;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qk03VFAQ1od0YzamiePUE8VQp9kBv_fy5gDUrVSlLGLSdn5v4JQbvw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 13:39:07 GMT
age: 11174
etag: "26b8dd82140c0db021048e11bff65a391dc6b444"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
age: 68587
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1db6041a0bdb2319ae85afcc30caaeec
3b0ec6a7188dadf986f72fda8110296d9abd6f35
05f1f9b7834e7268dc34e3233434217f58cb68ee43a403cd08d0bb0ab4f37815
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13049
x-amzn-requestid: 2755f206-af23-4597-b4b9-7dae5001d6be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBsvpHDJoAMFhFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d5b30-600008f573bd7e0024585eb1;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 23:28:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: y0ofyT6UcPjB8mfRR1VMjHSTW64Qb_EQ0rrjsOdbby1CG-xMIFJMPw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:49:19 GMT
age: 68162
etag: "3b0ec6a7188dadf986f72fda8110296d9abd6f35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
age: 68587
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: K2eKLQhrsCdd4ASsfEibRuZAYW4CpPTlO3fZs7xdoKrw1HBxfTGkEA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
age: 68587
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
blog.faceutil.com/autoapps/modules/tmp/splintercell%20bl%20kor-2_13955.exe?t=1669545396
211.233.33.250302 Found 20 B URL HTTP/1.1 blog.faceutil.com/autoapps/modules/tmp/splintercell%20bl%20kor-2_13955.exe?t=1669545396
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /autoapps/modules/tmp/splintercell%20bl%20kor-2_13955.exe?t=1669545396 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Date: Sun, 27 Nov 2022 16:45:21 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.40
Set-Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Link: <https://blog.faceutil.com/wp-json/>; rel="https://api.w.org/"
location: https://blog.faceutil.com/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Type: text/html; charset=UTF-8
blog.faceutil.com/
211.233.33.250200 OK 14 kB IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1743), with CRLF, LF line terminators
Hash d16711a143e93b0146ccaa5c8668c41f
76eb481be26da804408e1b80b159b19d5e18f08f
fd98d725c83b3b2a603cb0dc01ebe572d9abf9104607a861228828b9d8e8360b
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:22 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.40
Expires: 0
Cache-Control: no-cache,must-revalidate
Pragma: no-cache
Link: <https://blog.faceutil.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/8tjpA>; rel=shortlink
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14484
Connection: close
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-KE6875C4VY
142.250.74.168200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-KE6875C4VY
IP 142.250.74.168:0
File type ASCII text, with very long lines (21484)
Hash ab9f39cdd44816431e0418c582ee20ac
03368da20c76dfbdb625594ca46d92510760ea71
b1f712c6db4348585b329b60afe1d0ae1215f25f19d43d5345267132f93a5739
GET /gtag/js?id=G-KE6875C4VY HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 16:45:24 GMT
expires: Sun, 27 Nov 2022 16:45:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76565
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wcs.naver.net/wcslog.js
23.195.255.54200 OK 6.8 kB IP 23.195.255.54:0
File type ASCII text, with very long lines (20124), with no line terminators
Hash 843a08a1540a6ef318459433f0d7e92a
8b367a0abbbb3aa407b3285939b242dd90af8e10
e9c2885f3be79e610f1a995a5d9d403671417e056cdccf427416509263c11883
GET /wcslog.js HTTP/1.1
Host: wcs.naver.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 14 Jun 2022 02:08:57 GMT
ETag: "62a7edb9-4e9c"
Server: nginx
Content-Type: application/javascript
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=599
Expires: Sun, 27 Nov 2022 16:55:23 GMT
Date: Sun, 27 Nov 2022 16:45:24 GMT
Content-Length: 6834
Connection: keep-alive
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b8a7986e5a7e01bbfdde56f3ef8aa794
f806aeb48467c8cfe8804b0bc1e739e6341eddc2
bb1e99a7ff28d05fb135ddad6e3a572255281a40b1ee3ebd75ec215147fe731b
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2490
Cache-Control: max-age=90546
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:24 GMT
Etag: "6382491c-1d7"
Expires: Mon, 28 Nov 2022 17:54:30 GMT
Last-Modified: Sat, 26 Nov 2022 17:13:00 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0
211.233.33.250200 OK 7.1 kB URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (30837)
Hash 52f1a8a2ce85fa8432308b33bc1a2e79
fd80917af5371c8ecad0198592a1e7cce4b77b0e
07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:24 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100761-7918-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7053
Connection: close
Content-Type: text/css
blog.faceutil.com/wp-content/themes/education-hub/style.css?ver=4.7.2
211.233.33.250200 OK 12 kB URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/style.css?ver=4.7.2
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (755)
Hash e9e1f860010f7ba348310b76a91ee9e7
62f74f49d0928745f178bb915aeaf7b8707d8368
1120841ffd369da93d45ba8dea051390b3c03c578c4e121866601d4b11dfd514
GET /wp-content/themes/education-hub/style.css?ver=4.7.2 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:24 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100779-f896-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11977
Connection: close
Content-Type: text/css
blog.faceutil.com/wp-content/themes/education-hub-child/style.css?ver=1.9.4
211.233.33.250200 OK 231 B URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub-child/style.css?ver=1.9.4
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash ea0a8a30eb4bc2290c0148fe7c53117b
b3049616697baac9b226d145badda39d56a2861b
7ac2f2612c592278db75f3d88f488c2a5f6627d0da3625cc79b100f5d4249615
GET /wp-content/themes/education-hub-child/style.css?ver=1.9.4 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:24 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 28 Feb 2017 05:44:55 GMT
ETag: "1009f7-10d-54990b20f03c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 231
Connection: close
Content-Type: text/css
blog.faceutil.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
211.233.33.250200 OK 4.0 kB URL HTTP/1.1 blog.faceutil.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (9959)
Hash a6c81e2f02bd04160d2de88c4e8f3559
e3f3c91427d785820ca97dabe738f01faf041f36
b734d83af5da0eb627e04d3e62ce652b9eb7de19667a1b91da6b93f0ea5d7ffe
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:24 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 20 May 2016 06:11:28 GMT
ETag: "e1581-2748-5333ff613c400"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4014
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/plugins/jetpack/css/jetpack.css?ver=4.6
211.233.33.250200 OK 11 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/css/jetpack.css?ver=4.6
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (19706)
Hash 83f25568506bc6dcb77770c00b8d30a4
4fa79545986405da8c4e890043984892df8a1fe1
5842e64c4d06fa785536e109d77c53478072a19b852bc4e25d1b4c190249a631
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/css/jetpack.css?ver=4.6 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:24 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "1000ef-f585-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11159
Connection: close
Content-Type: text/css
blog.faceutil.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=4.7.2
211.233.33.250200 OK 489 B URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=4.7.2
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash e7310e3fcdaade0614b48b2154b4599b
6286153658b9dc345836e4b06f5f1993370acea6
f0ecedd6a50945a0295fc3c92db1770a58ec16df95cc120eac718e684f200679
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/modules/wpgroho.js?ver=4.7.2 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:19 GMT
ETag: "10033a-3f7-54a09a6e8f7c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 489
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/themes/education-hub/js/skip-link-focus-fix.min.js?ver=20130115
211.233.33.250200 OK 308 B URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/js/skip-link-focus-fix.min.js?ver=20130115
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (557), with no line terminators
Hash b31a1bcaa74a44673c2fa2d93a60c060
392ffc0fb6b17fd294826634c4c17926f27d480c
59be1508205f1f5de4302adc72a699f1c84ca4361fbaf47b734573ef867b6e94
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/js/skip-link-focus-fix.min.js?ver=20130115 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100756-22d-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 308
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/themes/education-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6
211.233.33.250200 OK 7.1 kB URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (10280)
Hash 65a20a0793f7f89dea24ae92d0e5f435
284ea412e8378ca3ee26eab098bbb4f24b4f1ee7
65a54c9ce5edfbf6359461928b424cd21491c8155da20c6b162a202c3918fead
GET /wp-content/themes/education-hub/third-party/cycle2/js/jquery.cycle2.min.js?ver=2.1.6 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "10076c-599c-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7100
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/themes/education-hub/js/custom.min.js?ver=1.0
211.233.33.250200 OK 200 B URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/js/custom.min.js?ver=1.0
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with no line terminators
Hash 1db5ff5e7a9e6eeb9508bf6f0be8071c
25bbc18ec2eb75a280bbe0110a7eb90b9177923b
62928f2bb9c292404f841367488e755e0f2aa484b5b3fb5e93b9d12526b65e84
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/js/custom.min.js?ver=1.0 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100757-126-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 200
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/themes/education-hub/js/navigation.min.js?ver=20120206
211.233.33.250200 OK 404 B URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/js/navigation.min.js?ver=20120206
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (919), with no line terminators
Hash ccd744990d910a7efe7741a2054bf324
ace6fedfeba034ab1b2e3af9f24088d4f5123c90
b7fb0bc3d617951dba4d0dd9ac031801789d5b39d36896db58d36993df1f0a1d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/js/navigation.min.js?ver=20120206 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "10075a-397-5492d44d94940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 404
Connection: close
Content-Type: text/javascript
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash cad303026e4807c1f5f92406a5ffabb2
447fedd2815eaef8537b0ed3eb4a6dd324600f76
94f67492f8f72960d7f7a412a02be506d9b4ef1c12790ac1e2f052cee69363d0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 22:56:37 GMT
Expires: Sat, 03 Dec 2022 22:56:36 GMT
Etag: "447fedd2815eaef8537b0ed3eb4a6dd324600f76"
Cache-Control: max-age=540070,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770c5587acf6b52d-OSL
blog.faceutil.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
211.233.33.250200 OK 34 kB URL HTTP/1.1 blog.faceutil.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (32077)
Hash d417f4d673009b01654915bbf1f4f872
f432ea8e89e5f4ef50e506019899e539a068f415
24560d81ded58e8befabf32ff51f5b6ae6f21eead0a5f87c255e3b47b988d1cc
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:24 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 23 May 2016 09:00:29 GMT
ETag: "e1557-17ba0-5337eac0d4540"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33766
Connection: close
Content-Type: text/javascript
i2.wp.com/pds.faceutil.com/img/2017/04/30/1493550124.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 6.0 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2017/04/30/1493550124.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a25afd7408f1f6028d0db05abbb79903
8873f085204ba58015037fafa1f10f27fe74478a
c2741617687abea1c61068ed47ec01e3f210bd7d64608c3e7b70a071f29ba276
GET /pds.faceutil.com/img/2017/04/30/1493550124.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 5990
last-modified: Sat, 26 Nov 2022 10:57:10 GMT
expires: Mon, 25 Nov 2024 22:57:10 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/04/30/1493550124.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "f65462d650a727c6"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/pds.faceutil.com/img/2020/05/14/1589431508.gif?resize=200%2C200&ssl=1
192.0.77.2200 OK 418 B URL HTTP/2 i0.wp.com/pds.faceutil.com/img/2020/05/14/1589431508.gif?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash f8396f987045e9f6e16de19b0caccc09
3be227a1f8d8b88d15aee8c31ac01ce40877a403
619f749160129eab4ad2b0d2b9c843d64b2d466fe418fba86c703fa207a6a0e9
GET /pds.faceutil.com/img/2020/05/14/1589431508.gif?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 418
last-modified: Thu, 03 Nov 2022 03:20:10 GMT
expires: Sat, 02 Nov 2024 15:20:10 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2020/05/14/1589431508.gif>; rel="canonical"
x-content-type-options: nosniff
etag: "3c9dcc009ebdd341"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i1.wp.com/pds.faceutil.com/img/2020/07/10/1594372179.png?resize=200%2C200&ssl=1
192.0.77.2200 OK 13 kB URL HTTP/2 i1.wp.com/pds.faceutil.com/img/2020/07/10/1594372179.png?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5484f4c8e3543ce76843a8a38b377811
940d61782117e0efbb708cd8e0b4c3806b6adb73
35199b42b1f52ebf2d820838e5adede1c606243e73cc7e50c9600360ee2ab795
GET /pds.faceutil.com/img/2020/07/10/1594372179.png?resize=200%2C200&ssl=1 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 13298
last-modified: Sat, 26 Nov 2022 14:30:55 GMT
expires: Tue, 26 Nov 2024 02:30:55 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2020/07/10/1594372179.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0bd9095f020d70b5"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/pds.faceutil.com/img/2020/07/17/1594965865.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 8.9 kB URL HTTP/2 i0.wp.com/pds.faceutil.com/img/2020/07/17/1594965865.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 61cb7b157c75c530a5d690e89f1fd64c
4b28417f353f23ee86723262f1aa136b15e5d682
8a43601224a69ea2687c391a2c5d1ff5a99f68bace65882a00340a7d5c91cf38
GET /pds.faceutil.com/img/2020/07/17/1594965865.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 8914
last-modified: Sat, 26 Nov 2022 00:56:43 GMT
expires: Mon, 25 Nov 2024 12:56:43 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2020/07/17/1594965865.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "625d0b05bf26d09f"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i2.wp.com/pds.faceutil.com/img/2017/04/25/1493107273.gif?resize=200%2C200&ssl=1
192.0.77.2200 OK 1.4 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2017/04/25/1493107273.gif?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 33bcc4355aeb1549067faa23b9425c09
d966e10f5dc8e35985aa7294ecd98fb0d21e8fc9
9bbdc17ed688af3b317a28ee5260b752a83bc3d00607f80e1afed1f4abae892c
GET /pds.faceutil.com/img/2017/04/25/1493107273.gif?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 1386
last-modified: Sun, 27 Nov 2022 03:00:29 GMT
expires: Tue, 26 Nov 2024 15:00:29 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/04/25/1493107273.gif>; rel="canonical"
x-content-type-options: nosniff
etag: "3721544651887d18"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i1.wp.com/pds.faceutil.com/img/2020/07/29/1596013824.png?resize=200%2C200&ssl=1
192.0.77.2200 OK 26 kB URL HTTP/2 i1.wp.com/pds.faceutil.com/img/2020/07/29/1596013824.png?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 58c6425149eddc28d6c4f92968a64b7f
2a5094266cbc252990e1514a9c595440fa71f263
22d333986e4da3dc618ed4b9a4e4606f0e080e4a67328c301813b44df12e6281
GET /pds.faceutil.com/img/2020/07/29/1596013824.png?resize=200%2C200&ssl=1 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 26372
last-modified: Sat, 12 Nov 2022 17:13:43 GMT
expires: Tue, 12 Nov 2024 05:13:43 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2020/07/29/1596013824.png>; rel="canonical"
x-content-type-options: nosniff
etag: "8e56e85f2ff3b78f"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i2.wp.com/pds.faceutil.com/img/2017/03/23/1490256035.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 6.6 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2017/03/23/1490256035.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c4bc4d99f3c5ee0f0f63772b8776315f
f0621addd59e1fb8139394b1cadb1e2e739c6721
15172e9a63744fe6e0401a0e33cbc87188c2645b110d9e5c7e5889412c4d94a1
GET /pds.faceutil.com/img/2017/03/23/1490256035.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 6588
last-modified: Thu, 17 Nov 2022 10:55:20 GMT
expires: Sat, 16 Nov 2024 22:55:20 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/03/23/1490256035.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "ff512cd28e47fc8b"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i2.wp.com/pds.faceutil.com/img/2017/04/04/1491265501.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 2.9 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2017/04/04/1491265501.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 60f8b1683f1b3e1e4abd5033e03f73c5
c989d3297ce70dda0ca890bae18c2f5162c7f290
95966527017d24a0cb83926a9d6dcf600235bc2a0b028725d256f9af29eba222
GET /pds.faceutil.com/img/2017/04/04/1491265501.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 2916
last-modified: Sun, 27 Nov 2022 06:26:39 GMT
expires: Tue, 26 Nov 2024 18:26:39 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/04/04/1491265501.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "911aceb4867d9af1"
vary: Accept
x-nc: MISS arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i2.wp.com/pds.faceutil.com/img/2020/03/16/1584340882.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 7.6 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2020/03/16/1584340882.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3fd4a21851d959fa69a133523a655105
13c28a02f18768028d1647389e74dd59010b7eb9
c0dac591681549937ebc50742bc1eaf2f02007e0bedc766409ec45674f4fa7e6
GET /pds.faceutil.com/img/2020/03/16/1584340882.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 7566
last-modified: Fri, 18 Nov 2022 16:24:56 GMT
expires: Mon, 18 Nov 2024 04:24:56 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2020/03/16/1584340882.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "654c0c50a0c6bb41"
vary: Accept
x-nc: HIT arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i2.wp.com/pds.faceutil.com/img/2017/03/29/1490765278.jpg?resize=200%2C200&ssl=1
192.0.77.2200 OK 7.2 kB URL HTTP/2 i2.wp.com/pds.faceutil.com/img/2017/03/29/1490765278.jpg?resize=200%2C200&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1ae3f9a610ed5c408795acfdf2259df5
aceffe86aa3ab17962a33d2bbed275249419a094
57eda56a4e965e5096bae4f99b4b6bfa825c8dcda5e7822a05d68e238787fd23
GET /pds.faceutil.com/img/2017/03/29/1490765278.jpg?resize=200%2C200&ssl=1 HTTP/1.1
Host: i2.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:25 GMT
content-type: image/webp
content-length: 7230
last-modified: Sun, 27 Nov 2022 08:23:10 GMT
expires: Tue, 26 Nov 2024 20:23:10 GMT
cache-control: public, max-age=63115200
link: <https://pds.faceutil.com/img/2017/03/29/1490765278.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "d03d1cb818d34935"
vary: Accept
x-nc: MISS arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
blog.faceutil.com/wp-content/plugins/jetpack/_inc/facebook-embed.js
211.233.33.250200 OK 446 B URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/_inc/facebook-embed.js
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash ad943d4b2e744f22ccc1d4b7e9805c54
267c32877bf9e58fba19625a8c5aee3e7dccdc96
3af899d7a4532f0cf738724b2b4ecb9368d7cec9380993ca6b39cbe4b975be53
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/_inc/facebook-embed.js HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "10055f-328-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 446
Connection: close
Content-Type: text/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.wp.com/e-202247.js
192.0.76.3200 OK 38 kB IP 192.0.76.3:0
File type ASCII text, with very long lines (2690)
Hash 11cb2a83579b2e24c3c969339d127c37
845eeeca71ab0e3d66a5b7c6602fa25aa5b8c3db
b76cabbf5d2e91331cb2a9208715136778d3b7b7f5a2b4821be1f58fbd1dfe89
GET /e-202247.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:24 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 13 Nov 2023 09:17:34 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
216.58.207.195200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 26240, version 1.0\012- data
Hash 4a90976686fcbd8296c7d7fccc04c273
bcb82e93ac7ad1fa2af6a37009a200f79f4cb4e5
59bd288e64c57e034672999e33ebda6eb5ad1575945eb563dbfb5b44f226e1e1
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26240
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:10:08 GMT
expires: Fri, 24 Nov 2023 21:10:08 GMT
cache-control: public, max-age=31536000
age: 243317
last-modified: Mon, 15 Aug 2022 18:14:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 298954
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
216.58.207.195200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Hash 3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31
GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 19:07:15 GMT
expires: Tue, 21 Nov 2023 19:07:15 GMT
cache-control: public, max-age=31536000
age: 509890
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2
216.58.207.195200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 21048, version 1.0\012- data
Hash 22c793ce2678cfa2f8c88b123af3bd95
81ac3d0faa06b9dae82faf2f608fa0a329ca1a5a
0c018fe9d09945d93f6f5aa5f1c53a2975621c3043a22344eaf86d6500c245c6
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21048
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:57:50 GMT
expires: Thu, 23 Nov 2023 18:57:50 GMT
cache-control: public, max-age=31536000
age: 337655
last-modified: Mon, 15 Aug 2022 18:13:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.soonwe.com/ad_js/101926_ad.js
180.67.204.123200 OK 592 B URL HTTP/1.1 www.soonwe.com/ad_js/101926_ad.js
IP 180.67.204.123:0
ASN #9318 SK Broadband Co Ltd
File type ASCII text, with CRLF line terminators
Hash 776976a580c4e30e1cfeb4ed98504999
fee6ba79e2bb06ef5be28b1a5b72dc29a2b2f9ee
bf20aaf59b3c738070b89b2c9e1211d18d4efb3f1e48d6a20ba6ee0054c23cdb
GET /ad_js/101926_ad.js HTTP/1.1
Host: www.soonwe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Tue, 30 Nov 2021 07:39:39 GMT
Accept-Ranges: bytes
ETag: "6769316ebde5d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sun, 27 Nov 2022 16:45:20 GMT
Content-Length: 592
blog.faceutil.com/wp-content/plugins/jetpack/_inc/twitter-timeline.js?ver=4.0.0
211.233.33.250200 OK 260 B URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/_inc/twitter-timeline.js?ver=4.0.0
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash 63cdc5aedadbc565eeb7e53f076c259a
16a7714b0441ca4eb260d4153d1bae0481d928e2
dc2cb5e406eec1fd4bc0dadc63f3e74cbd90257475d6f8b20ce200c036d5ce9b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/_inc/twitter-timeline.js?ver=4.0.0 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "10055e-157-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 260
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-includes/js/wp-embed.min.js?ver=4.7.2
211.233.33.250200 OK 751 B URL HTTP/1.1 blog.faceutil.com/wp-includes/js/wp-embed.min.js?ver=4.7.2
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type ASCII text, with very long lines (1398), with no line terminators
Hash 7542039ce963ffd18ad4fb7be13bd2be
8385e433e8e65739fc27b6bd16b1a7ae71b11084
a70bca1336a4ac7592ce631cbb22c9ebb01d60461d221ac7a46f91a4ccfd1255
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-embed.min.js?ver=4.7.2 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 23 Nov 2016 13:38:33 GMT
ETag: "e144b-576-541f8014be840"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 751
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/plugins/jetpack/_inc/spin.js?ver=1.3
211.233.33.250200 OK 3.8 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/_inc/spin.js?ver=1.3
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash fbffaa6dcda4e19a7ac5cf067191b4c3
25333714fe3bac0bd608fbd6e4921e94d4dfd07f
fb31d5b515aa7e48c7c5a70a067d6dca25a050c5390e936055b5e18fa146bf21
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/_inc/spin.js?ver=1.3 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "10053a-27d5-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3808
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/plugins/jetpack/_inc/jquery.spin.js?ver=1.3
211.233.33.250200 OK 1.2 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/_inc/jquery.spin.js?ver=1.3
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash ea8e88c6a70d40551fed82a9a026ae32
70b78afd236ad9ef06459c9c9f58f414c40fd6e3
d3e5ac1299380977ea0a9e0affce0a689a7633ea8a92d2b4bfa3c583fa8fb3d4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/_inc/jquery.spin.js?ver=1.3 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "100510-d02-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1156
Connection: close
Content-Type: text/javascript
blog.faceutil.com/wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.js?ver=20160325
211.233.33.250200 OK 14 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.js?ver=20160325
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
Hash 42043a55ad6ed5ddbc43f5e97d4d3fee
1fdb4e79f6b823229849bf373debde3208122d80
e8bfffab5c235af4e678aabcc6ddd58bf3a7c73b53f88f8e2f47a08ae66e6f2b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.js?ver=20160325 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:26 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "100222-cf6a-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14235
Connection: close
Content-Type: text/javascript
pixel.wp.com/g.gif?v=ext&j=1%3A4.6&blog=125196822&post=0&tz=9&srv=blog.faceutil.com&host=blog.faceutil.com&ref=&fcp=6069&rand=0.91127730548639
192.0.76.3200 OK 50 B URL HTTP/2 pixel.wp.com/g.gif?v=ext&j=1%3A4.6&blog=125196822&post=0&tz=9&srv=blog.faceutil.com&host=blog.faceutil.com&ref=&fcp=6069&rand=0.91127730548639
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&j=1%3A4.6&blog=125196822&post=0&tz=9&srv=blog.faceutil.com&host=blog.faceutil.com&ref=&fcp=6069&rand=0.91127730548639 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:26 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-KE6875C4VY>m=2oeb90&_p=1642871678&cid=221500480.1669567525&ul=en-us&sr=1280x1024&_s=1&sid=1669567525&sct=1&seg=0&dl=https%3A%2F%2Fblog.faceutil.com%2F&dt=%ED%8E%98%EC%9D%B4%EC%8A%A4%EC%9C%A0%ED%8B%B8%20%7C%20%EB%AC%B4%EB%A3%8C%EA%B2%8C%EC%9E%84%20%EC%86%8C%ED%94%84%ED%8A%B8%EC%9B%A8%EC%96%B4%20%EB%8B%A4%EC%9A%B4%EB%A1%9C%EB%93%9C&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-KE6875C4VY>m=2oeb90&_p=1642871678&cid=221500480.1669567525&ul=en-us&sr=1280x1024&_s=1&sid=1669567525&sct=1&seg=0&dl=https%3A%2F%2Fblog.faceutil.com%2F&dt=%ED%8E%98%EC%9D%B4%EC%8A%A4%EC%9C%A0%ED%8B%B8%20%7C%20%EB%AC%B4%EB%A3%8C%EA%B2%8C%EC%9E%84%20%EC%86%8C%ED%94%84%ED%8A%B8%EC%9B%A8%EC%96%B4%20%EB%8B%A4%EC%9A%B4%EB%A1%9C%EB%93%9C&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-KE6875C4VY>m=2oeb90&_p=1642871678&cid=221500480.1669567525&ul=en-us&sr=1280x1024&_s=1&sid=1669567525&sct=1&seg=0&dl=https%3A%2F%2Fblog.faceutil.com%2F&dt=%ED%8E%98%EC%9D%B4%EC%8A%A4%EC%9C%A0%ED%8B%B8%20%7C%20%EB%AC%B4%EB%A3%8C%EA%B2%8C%EC%9E%84%20%EC%86%8C%ED%94%84%ED%8A%B8%EC%9B%A8%EC%96%B4%20%EB%8B%A4%EC%9A%B4%EB%A1%9C%EB%93%9C&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://blog.faceutil.com
date: Sun, 27 Nov 2022 16:45:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blog.faceutil.com/wp-content/plugins/jetpack/images/rss/orange-large.png
211.233.33.250200 OK 2.5 kB URL HTTP/1.1 blog.faceutil.com/wp-content/plugins/jetpack/images/rss/orange-large.png
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash 444af470b2d36623da32551fb16a1647
95394c083c0fb42783624e3e9f077e3e0399da08
aca3978b854d733c9e09e0a8bcbf22a47af0ad1ecab4fbb09520b18a8f9316da
GET /wp-content/plugins/jetpack/images/rss/orange-large.png HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:26 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 06 Mar 2017 06:03:18 GMT
ETag: "1000ca-9bf-54a09a6d9b580"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2518
Connection: close
Content-Type: image/png
img.mobon.net/js/common/HawkEyesMaker.js
14.0.113.206200 OK 101 kB URL HTTP/1.1 img.mobon.net/js/common/HawkEyesMaker.js
IP 14.0.113.206:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 101 kB (101002 bytes)
Hash 3d018aa70b1e54a34e228d24e93cbb92
4eddafa98a083d27fe16d74da703b4f06391d769
7cd8f9bb7da936d9afcf4b7fd9679bc44c3215169d15a636446929ded9b4c1fc
GET /js/common/HawkEyesMaker.js HTTP/1.1
Host: img.mobon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:25 GMT
Content-Type: text/javascript
Content-Length: 101002
Connection: keep-alive
Server: PWS/8.3.1.0.8
Last-Modified: Thu, 21 Jul 2022 05:31:18 GMT
ETag: "f42ab2-18a8a-5e44a06ed039c"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Age: 39412
Via: 1.1 PShgseSEL5ii162:3 (W), 1.1 PShgseSEL4cy114:14 (W)
X-Px: ht PShgseSEL4cy114GMP
X-Ws-Request-Id: 63839425_PShgseSEL4bh115_36180-12340
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fceadd29a92f709d4ef819992a2768dd
8ed3901ba3fac75cf653039f4b9dec6c70e94ff8
252c5fef33aa04343622b93d62c1f94608ba462cd21252157527c99c10a334b2
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2362
Cache-Control: max-age=140824
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:26 GMT
Etag: "63830e04-1d7"
Expires: Tue, 29 Nov 2022 07:52:30 GMT
Last-Modified: Sun, 27 Nov 2022 07:13:08 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f644f0926906031ea7e36a057585a796
7370a438d3aecf33451e81722ba5576820af2491
ab43c27a6662ff07d4debbb17f10818bef76c3962c39c21551c9234dd8f26fdd
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3692
Cache-Control: max-age=85644
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:27 GMT
Etag: "63823147-1d7"
Expires: Mon, 28 Nov 2022 16:32:51 GMT
Last-Modified: Sat, 26 Nov 2022 15:31:19 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f644f0926906031ea7e36a057585a796
7370a438d3aecf33451e81722ba5576820af2491
ab43c27a6662ff07d4debbb17f10818bef76c3962c39c21551c9234dd8f26fdd
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3692
Cache-Control: max-age=85644
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:27 GMT
Etag: "63823147-1d7"
Expires: Mon, 28 Nov 2022 16:32:51 GMT
Last-Modified: Sat, 26 Nov 2022 15:31:19 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
wcs.naver.com/m?u=https%3A%2F%2Fblog.faceutil.com%2F&e=&wa=4f674946a5e760&bt=-1&os=Linux%20x86_64&ln=en-US&sr=1280x1024&bw=1280&bh=939&c=24&j=N&jv=1.8&k=Y&ct=&cs=UTF-8&tl=%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8%2520%257C%2520%25EB%25AC%25B4%25EB%25A3%258C%25EA%25B2%258C%25EC%259E%2584%2520%25EC%2586%258C%25ED%2594%2584%25ED%258A%25B8%25EC%259B%25A8%25EC%2596%25B4%2520%25EB%258B%25A4%25EC%259A%25B4%25EB%25A1%259C%25EB%2593%259C&vs=0.8.6&nt=1669567525034&EOU
110.93.147.30200 OK 43 B URL HTTP/2 wcs.naver.com/m?u=https%3A%2F%2Fblog.faceutil.com%2F&e=&wa=4f674946a5e760&bt=-1&os=Linux%20x86_64&ln=en-US&sr=1280x1024&bw=1280&bh=939&c=24&j=N&jv=1.8&k=Y&ct=&cs=UTF-8&tl=%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8%2520%257C%2520%25EB%25AC%25B4%25EB%25A3%258C%25EA%25B2%258C%25EC%259E%2584%2520%25EC%2586%258C%25ED%2594%2584%25ED%258A%25B8%25EC%259B%25A8%25EC%2596%25B4%2520%25EB%258B%25A4%25EC%259A%25B4%25EB%25A1%259C%25EB%2593%259C&vs=0.8.6&nt=1669567525034&EOU
IP 110.93.147.30:0
ASN #23576 NAVER Cloud Corp.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /m?u=https%3A%2F%2Fblog.faceutil.com%2F&e=&wa=4f674946a5e760&bt=-1&os=Linux%20x86_64&ln=en-US&sr=1280x1024&bw=1280&bh=939&c=24&j=N&jv=1.8&k=Y&ct=&cs=UTF-8&tl=%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8%2520%257C%2520%25EB%25AC%25B4%25EB%25A3%258C%25EA%25B2%258C%25EC%259E%2584%2520%25EC%2586%258C%25ED%2594%2584%25ED%258A%25B8%25EC%259B%25A8%25EC%2596%25B4%2520%25EB%258B%25A4%25EC%259A%25B4%25EB%25A1%259C%25EB%2593%259C&vs=0.8.6&nt=1669567525034&EOU HTTP/1.1
Host: wcs.naver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 16:45:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
set-cookie: NWB=c8c8a5b26e096336611c149af2f9538b.1669567527223; Expires=Fri, 26-Nov-27 16:45:27 GMT; Domain=wcs.naver.com; Path=/; Secure; SameSite=None
NWB_LEGACY=c8c8a5b26e096336611c149af2f9538b.1669567527223; Expires=Fri, 26-Nov-27 16:45:27 GMT; Domain=wcs.naver.com; Path=/
p3p: CP = "ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
server: wcs
accept-ch: Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: Tue, 01 Jan 1980 09:00:00 GMT
x-content-type-options: nosniff
access-control-allow-credentials: true
X-Firefox-Spdy: h2
www.mediacategory.com/servlet/adbnMobileBanner?from=&s=598131&types=ico_m&bCover=true
119.205.238.29200 2.2 kB URL HTTP/1.1 www.mediacategory.com/servlet/adbnMobileBanner?from=&s=598131&types=ico_m&bCover=true
IP 119.205.238.29:0
File type ISO-8859 text, with very long lines (415)
Hash b4dd9abd09a5864377d913b67eb7a324
3965155c4d97b51baf6eb57655ec274f29130d5b
31772813798c3916db926999e5a27f481e85e8ad5207c6b2afaa412a54648fbe
GET /servlet/adbnMobileBanner?from=&s=598131&types=ico_m&bCover=true HTTP/1.1
Host: www.mediacategory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
P3P: CP='CAO PSA CONi OTR OUR DEM ONL'
Set-Cookie: Start_Time=2022112801; Domain=.mediacategory.com; Expires=Tue, 26-Nov-2024 16:45:26 GMT; Path=/
IP_info=91.90.42.154.1032512; Domain=.mediacategory.com; Expires=Tue, 26-Nov-2024 16:45:26 GMT; Path=/
au_id=19ff45c3d16ceb41684812ee184b9f0bafb6594; Domain=.mediacategory.com; Expires=Tue, 26-Nov-2024 16:45:26 GMT; Path=/
vary: accept-encoding
Content-Encoding: gzip
Content-Type: text/html;charset=euc-kr
Transfer-Encoding: chunked
Date: Sun, 27 Nov 2022 16:45:26 GMT
Keep-Alive: timeout=5
Connection: keep-alive
www.mediacategory.com/script/common/media/629392
119.205.238.29200 355 B URL HTTP/1.1 www.mediacategory.com/script/common/media/629392
IP 119.205.238.29:0
Hash 6d829394fdabaf8c322d8a26eae11a61
5bcd93202b1173a322e1b16126cdc1a125ead945
715f02750f68aaf653b1fb1caa33bf682d7a3279d14b279aebd9a250c783be57
GET /script/common/media/629392 HTTP/1.1
Host: www.mediacategory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Set-Cookie: Start_Time=2022112801; Domain=.mediacategory.com; Expires=Tue, 26-Nov-2024 16:45:26 GMT; Path=/
IP_info=91.90.42.154.1120981; Domain=.mediacategory.com; Expires=Tue, 26-Nov-2024 16:45:26 GMT; Path=/
Content-Type: text/javascript
Content-Length: 355
Date: Sun, 27 Nov 2022 16:45:26 GMT
Keep-Alive: timeout=5
Connection: keep-alive
blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
211.233.33.250200 OK 77 kB URL HTTP/1.1 blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 211.233.33.250:0
ASN #3786 LG DACOM Corporation
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/education-hub/third-party/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: blog.faceutil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://blog.faceutil.com/wp-content/themes/education-hub/third-party/font-awesome/css/font-awesome.min.css?ver=4.7.0
Cookie: PHPSESSID=8stmoerrusqv5l9bekmpj7vjf2; wcs_bt=4f674946a5e760:1669567525
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:26 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 23 Feb 2017 07:07:41 GMT
ETag: "100769-12d68-5492d44d94940"
Accept-Ranges: bytes
Content-Length: 77160
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=euckr
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f79de44e08c43da30a3c6c5291fdc427
1a07b622d844d4793fe4767199f5f33f0f3229e2
d536b31b46e283bf64ff0c3e3bf29c706f1d5c2b63d82bc41c76e15bf4a06fe2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6018
Cache-Control: max-age=128250
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:27 GMT
Etag: "6382ce9f-1d7"
Expires: Tue, 29 Nov 2022 04:22:57 GMT
Last-Modified: Sun, 27 Nov 2022 02:42:39 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
platform.twitter.com/widgets.js
93.184.220.66200 OK 29 kB URL HTTP/1.1 platform.twitter.com/widgets.js
IP 93.184.220.66:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 7899fffaf0046efb7f9be2495d9dc928
d4c60d88e8deea577a50f9d20e1b6b3a20cba2cf
07d50450f22df0588cc1b67f5a124cb91d99a032a229586eb7dc490cce9f7f30
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 1427
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 16:45:27 GMT
Etag: "6633f9603c759c40d9b200995454f17c+gzip"
Last-Modified: Wed, 02 Nov 2022 19:43:37 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F70F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
x-amzn-internal-status: 304
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 29221
www.google-analytics.com/analytics.js
216.239.32.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.32.178:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 27 Nov 2022 14:46:55 GMT
expires: Sun, 27 Nov 2022 16:46:55 GMT
cache-control: public, max-age=7200
age: 7112
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ca9a5a187a9301acd15cc891755a13c8
1522515a371821fe1c94ce773898f2e913e03012
469bcc07c9e15d43d093697277d75eaa3199cb3f455b6fd32daaa0153f4e0f98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/js/platform.js?ver=4.7.2
142.250.74.174200 OK 21 kB URL HTTP/2 apis.google.com/js/platform.js?ver=4.7.2
IP 142.250.74.174:0
File type ASCII text, with very long lines (1279)
Hash 7ac44ef24e267df17ff72f195b252806
62db12d9ce11a576ccd7fa3544d851c5fd42f3b7
aae7897e7b55999c1b3166309381d19ac488dced51e14071339d8b193a686a61
GET /js/platform.js?ver=4.7.2 HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Sun, 27 Nov 2022 16:45:27 GMT
expires: Sun, 27 Nov 2022 16:45:27 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7446758f13887885"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/ko_KR/sdk.js?_=1669567525026
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/ko_KR/sdk.js?_=1669567525026
IP 31.13.72.12:0
File type ASCII text, with very long lines (1957)
Hash 64329f444665f7b5671d4a5bd317d46d
466bb0876a9b7570888ce9b038617377dc9bd8ff
d112905837d4dd3225ce6f17cf152723819c08c214d699203b8ee0e616ed58a1
GET /ko_KR/sdk.js?_=1669567525026 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: fee4f7611fd9fd6f199e4369ed5747d9
etag: "c1886bb8a6d522294e2383c45d68e34b"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 27 Nov 2022 17:05:27 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: ZDKfREZl97VnHUpb0xfUbQ==
x-fb-debug: H5QBUsWyGMhNO4lLp+VeDsvRpsX6/aWcyPOxWxghP1CXqdg9xTmps1Kf+uQaoBX9zG1NQRCqHI+YOwCt17V8dw==
content-length: 1687
priority: u=3,i
x-fb-trip-id: 1904183273
date: Sun, 27 Nov 2022 16:45:27 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fblog.faceutil.com
93.184.220.66200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fblog.faceutil.com
IP 93.184.220.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash 2b4968b185495eddda0d85b2351ebb71
c665785ca0f4039f8c71d94631cd50a879d866b5
eb8af089d8082a58a6e90fedc23007f17a9e89ddbc6a29b6e535e4847ba94160
GET /widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fblog.faceutil.com HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2139874
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sun, 27 Nov 2022 16:45:27 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=person/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs
142.250.74.174200 OK 42 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=person/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (661)
Hash 20624924ddb3032daa27b9b57720401c
2cd1d53d4fd8c33f533dd78af548f7d883ae4210
e7166629454e0d6c8e3c1bb2739c30ad69eaa4ba94de34e00db664aa0cfef028
GET /_/scs/abc-static/_/js/k=gapi.lb.en.geaHZXF2-fw.O/m=auth/exm=person/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ/cb=gapi.loaded_1?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 42350
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 12:42:26 GMT
expires: Thu, 23 Nov 2023 12:42:26 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
content-type: text/javascript; charset=UTF-8
age: 360181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f79de44e08c43da30a3c6c5291fdc427
1a07b622d844d4793fe4767199f5f33f0f3229e2
d536b31b46e283bf64ff0c3e3bf29c706f1d5c2b63d82bc41c76e15bf4a06fe2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6018
Cache-Control: max-age=128250
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:27 GMT
Etag: "6382ce9f-1d7"
Expires: Tue, 29 Nov 2022 04:22:57 GMT
Last-Modified: Sun, 27 Nov 2022 02:42:39 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
apis.google.com/u/0/_/widget/render/person?usegapi=1&href=https%3A%2F%2Fplus.google.com%2F116698397072408224308&layout=portrait&theme=light&showcoverphoto=true&showtagline=true&width=220&origin=https%3A%2F%2Fblog.faceutil.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
142.250.74.174301 Moved Permanently 226 B URL HTTP/2 apis.google.com/u/0/_/widget/render/person?usegapi=1&href=https%3A%2F%2Fplus.google.com%2F116698397072408224308&layout=portrait&theme=light&showcoverphoto=true&showtagline=true&width=220&origin=https%3A%2F%2Fblog.faceutil.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
IP 142.250.74.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4df07581948280a6e769a24c5d99d775
843a2c95362347eb8894a6acb607f139be65ded4
3561b93a48d81fac116ccd6e60163bd382abb1d594c81240f5718feb1f197f73
GET /u/0/_/widget/render/person?usegapi=1&href=https%3A%2F%2Fplus.google.com%2F116698397072408224308&layout=portrait&theme=light&showcoverphoto=true&showtagline=true&width=220&origin=https%3A%2F%2Fblog.faceutil.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__ HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: http://developers.google.com/
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 16:45:27 GMT
expires: Sun, 27 Nov 2022 17:15:27 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.mediacategory.com/servlet/iadbn?from=&location=https%3A//blog.faceutil.com/&s=629392&psb=99
119.205.238.29200 1.9 kB URL HTTP/1.1 www.mediacategory.com/servlet/iadbn?from=&location=https%3A//blog.faceutil.com/&s=629392&psb=99
IP 119.205.238.29:0
File type HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (419)
Hash a12c60f2ca157550018f12de1cc19102
1e2700b4555e18507cb57a41f07446e24935e5ce
f621fb670cd4d8b1f959956ec60477cb0c6168b202f7e93debe46a8f19a913c1
GET /servlet/iadbn?from=&location=https%3A//blog.faceutil.com/&s=629392&psb=99 HTTP/1.1
Host: www.mediacategory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Set-Cookie: Start_Time=2022112801; Domain=.mediacategory.com; Expires=Tue, 26-Nov-2024 16:45:27 GMT; Path=/
IP_info=91.90.42.154.6685956; Domain=.mediacategory.com; Expires=Tue, 26-Nov-2024 16:45:27 GMT; Path=/
au_id=282c66b4066319b0-7b5f68c184b9efd9cc7782; Domain=.mediacategory.com; Expires=Tue, 26-Nov-2024 16:45:27 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
P3P: CP='CAO PSA CONi OTR OUR DEM ONL'
vary: accept-encoding
Content-Encoding: gzip
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Sun, 27 Nov 2022 16:45:27 GMT
Keep-Alive: timeout=5
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 6e7a9737056c0944fb160616617816b7
ef02228d621f14f18ad967641ece868a680625bf
2522de4f2972e4feabfb37dce08f6d6bc684d927ff2cac3a5ad4c1945241d3e3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5710
Cache-Control: max-age=136569
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:27 GMT
Etag: "6382f052-13a"
Expires: Tue, 29 Nov 2022 06:41:36 GMT
Last-Modified: Sun, 27 Nov 2022 05:06:26 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 314
connect.facebook.net/ko_KR/sdk.js?hash=c573811bbcec32f927d73ca6cb05b9b1
31.13.72.12200 OK 88 kB URL HTTP/2 connect.facebook.net/ko_KR/sdk.js?hash=c573811bbcec32f927d73ca6cb05b9b1
IP 31.13.72.12:0
File type ASCII text, with very long lines (18530)
Hash cafa20323be13bb8acf804bd49d2f5b8
eb46abf1c8250569910d2a10792cefb25570a97a
f68850fd09bf314b7d5a4c457bc459478b68572d3e548f4f771e7f5f34f36028
GET /ko_KR/sdk.js?hash=c573811bbcec32f927d73ca6cb05b9b1 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blog.faceutil.com
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: bf6f320efcc46f3e20b5bd08d4b7e552
etag: "b91475fb87a2bdc5687f8d87873e8966"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Mon, 27 Nov 2023 16:45:27 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: yvogMjvhO7is+AS9SdL1uA==
x-fb-debug: q0wSJbXjjCLEHhhjQk5gYcxVbDxBrQTfaae/1nMJsfSqD48nySptqO/RRFVjqplEX5CMJDk0MyQCqg9te2eX5g==
content-length: 88534
priority: u=3,i
x-fb-trip-id: 1904183273
date: Sun, 27 Nov 2022 16:45:27 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
secure.gravatar.com/dist/css/hovercard.min.css?ver=2022Novaa
192.0.73.2200 OK 7.0 kB URL HTTP/2 secure.gravatar.com/dist/css/hovercard.min.css?ver=2022Novaa
IP 192.0.73.2:0
File type ASCII text, with very long lines (7814), with no line terminators
Hash f13f1f969785c08329d46876125fe911
cfc7b6733597053234173afa5937c31367e6f131
77b579d90f85e423ff61f3d1ba514a96edde9e3672b1229cf08d171879b00b24
GET /dist/css/hovercard.min.css?ver=2022Novaa HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:27 GMT
content-type: text/css
last-modified: Wed, 11 Nov 2020 15:57:10 GMT
etag: W/"5fac09d6-1e86"
content-encoding: br
expires: Sun, 04 Dec 2022 16:45:27 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2034c4f478581061d113c3cb87e2f362
e9950a76f355c510f0449153fc23f67a9757bbe6
07e5f139ebbc8e61741506be27710036806f9e369c267e80eb9ec12587feab95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 16:45:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
secure.gravatar.com/dist/css/services.min.css?ver=2022Novaa
192.0.73.2200 OK 7.1 kB URL HTTP/2 secure.gravatar.com/dist/css/services.min.css?ver=2022Novaa
IP 192.0.73.2:0
File type ASCII text, with very long lines (2644), with no line terminators
Hash 1c11a9c3816c70dcf52b1fb2e2c4a3d8
ecb1eed53ac69d8b5286c5f7c744892f0072e06d
d84f270bc9c8f1a98bbeab4d950287e135fd5d7577a0c42ae7ab7207689f642e
GET /dist/css/services.min.css?ver=2022Novaa HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:27 GMT
content-type: text/css
last-modified: Thu, 22 Mar 2018 09:46:04 GMT
etag: W/"5ab37b5c-a54"
content-encoding: br
expires: Sun, 04 Dec 2022 16:45:27 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=13d6f9d9cf215546c40594ccde786dd43b276567
104.244.42.72200 OK 391 B URL HTTP/2 syndication.twitter.com/settings?session_id=13d6f9d9cf215546c40594ccde786dd43b276567
IP 104.244.42.72:0
File type JSON data\012- , ASCII text, with very long lines (973), with no line terminators
Hash 90cb574369f4e891ef98010ea1b58fc3
2e2746aae98e45c2a4a6bb1110822965a5c4778f
7a30028b0926f280bf4bf1ebb2491bb89b8b9fdeb8f162087604fe7e0da4524c
GET /settings?session_id=13d6f9d9cf215546c40594ccde786dd43b276567 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 16:45:27 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Sun, 27 Nov 2022 16:45:27 GMT
content-length: 391
content-encoding: gzip
x-transaction-id: d0a79e5dfa205bdc
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 112
x-connection-hash: 77194f92cb6d8a7b803da4eaf7960118e79b5f978f666b61672b71ed9cc0b3b3
X-Firefox-Spdy: h2
platform.twitter.com/js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js
93.184.220.66200 OK 3.0 kB URL HTTP/1.1 platform.twitter.com/js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js
IP 93.184.220.66:0
File type Unicode text, UTF-8 text, with very long lines (8274), with no line terminators
Hash 9dcf6c8cba8fe3e8cb99b94ee63af2d5
ec132eb470954fdf2ff629d8344942b47ce4a5d1
2783e866faf68e4f6bc1775136ac1fa7b05d4adc7522f350763eb09a0e91b80d
GET /js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2139874
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 16:45:27 GMT
Etag: "be517337a860b30e72096680d8dde0eb+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:52 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71C)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 2977
ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
142.250.74.99200 OK 4.3 kB URL HTTP/2 ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
IP 142.250.74.99:0
File type ASCII text, with very long lines (2267)
Hash 3f7502705229ccec9d066c5cd75e6c31
ede1663155afaa5a5213d075e6295c6d839b05c3
2be5113d3022d1819a19f327235d287a2538a03741fc08ccd9d55cc1d78b6282
GET /accounts/o/1832714284-postmessagerelay.js HTTP/1.1
Host: ssl.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-length: 4294
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 10:55:51 GMT
expires: Wed, 22 Nov 2023 10:55:51 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 19 Nov 2022 03:11:36 GMT
content-type: text/javascript
age: 452976
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df36f0c4dbaefae2%26domain%3Dblog.faceutil.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.faceutil.com%252Ff280fffe4ec9868%26relation%3Dparent.parent&container_width=263&height=432&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8-1656053511364043%2F&locale=ko_KR&sdk=joey&show_facepile=true&show_posts=false&width=340
31.13.72.36302 Found 0 B URL HTTP/2 www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df36f0c4dbaefae2%26domain%3Dblog.faceutil.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.faceutil.com%252Ff280fffe4ec9868%26relation%3Dparent.parent&container_width=263&height=432&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8-1656053511364043%2F&locale=ko_KR&sdk=joey&show_facepile=true&show_posts=false&width=340
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df36f0c4dbaefae2%26domain%3Dblog.faceutil.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.faceutil.com%252Ff280fffe4ec9868%26relation%3Dparent.parent&container_width=263&height=432&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2F%25ED%258E%2598%25EC%259D%25B4%25EC%258A%25A4%25EC%259C%25A0%25ED%258B%25B8-1656053511364043%2F&locale=ko_KR&sdk=joey&show_facepile=true&show_posts=false&width=340 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df36f0c4dbaefae2%2526domain%253Dblog.faceutil.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fblog.faceutil.com%25252Ff280fffe4ec9868%2526relation%253Dparent.parent%26container_width%3D263%26height%3D432%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2525ED%25258E%252598%2525EC%25259D%2525B4%2525EC%25258A%2525A4%2525EC%25259C%2525A0%2525ED%25258B%2525B8-1656053511364043%252F%26locale%3Dko_KR%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dfalse%26width%3D340
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
facebook-api-version: v9.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: lIqpbmEiq7L1bgSGl8PtTl8XzWBF55L4m4NmV8P0ZkToRjFkgsouYxo0dDyWfnV4Nhtzv2JZfbo6wS+YCWIfCQ==
content-length: 0
date: Sun, 27 Nov 2022 16:45:27 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
syndication.twitter.com/i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669567527617%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=13d6f9d9cf215546c40594ccde786dd43b276567
104.244.42.72200 OK 43 B URL HTTP/2 syndication.twitter.com/i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669567527617%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=13d6f9d9cf215546c40594ccde786dd43b276567
IP 104.244.42.72:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669567527617%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=13d6f9d9cf215546c40594ccde786dd43b276567 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 16:45:27 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: image/gif
cache-control: must-revalidate, max-age=600
last-modified: Sun, 27 Nov 2022 16:45:28 GMT
content-length: 43
x-transaction-id: 4f699e4703c6f905
strict-transport-security: max-age=631138519
x-response-time: 108
x-connection-hash: 77194f92cb6d8a7b803da4eaf7960118e79b5f978f666b61672b71ed9cc0b3b3
X-Firefox-Spdy: h2
syndication.twitter.com/srv/timeline-profile/screen-name/faceutil21?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWxhdGVkX3ZpZGVvc18xNTEyOCI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6Mn0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=ko&limit=15&origin=https%3A%2F%2Fblog.faceutil.com%2F&partner=jetpack&sessionId=13d6f9d9cf215546c40594ccde786dd43b276567&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940
104.244.42.72200 OK 2.0 kB URL HTTP/2 syndication.twitter.com/srv/timeline-profile/screen-name/faceutil21?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWxhdGVkX3ZpZGVvc18xNTEyOCI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6Mn0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=ko&limit=15&origin=https%3A%2F%2Fblog.faceutil.com%2F&partner=jetpack&sessionId=13d6f9d9cf215546c40594ccde786dd43b276567&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940
IP 104.244.42.72:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5493), with no line terminators
Hash 7305aeb41521a1fc6c04543b03c9747a
81b1620ab38e8b6005798016c5575730a03e4661
6bdcee962436692855cb141d469845add8f9bebf30aaf8c7a5fa222d65f8d58e
GET /srv/timeline-profile/screen-name/faceutil21?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWxhdGVkX3ZpZGVvc18xNTEyOCI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6Mn0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=ko&limit=15&origin=https%3A%2F%2Fblog.faceutil.com%2F&partner=jetpack&sessionId=13d6f9d9cf215546c40594ccde786dd43b276567&showHeader=true&showReplies=false&theme=light&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 16:45:28 GMT
etag: "1575-2kbOd6zur0N5BFuYuIHEXgn3aro"
perf: 7626143928
server: tsa_o
content-type: text/html; charset=utf-8
cache-control: must-revalidate, max-age=60
x-transaction-id: e24b4ff27a31e3d4
x-xss-protection: 0
strict-transport-security: max-age=631138519
content-encoding: gzip
content-length: 1969
x-response-time: 208
x-connection-hash: 77194f92cb6d8a7b803da4eaf7960118e79b5f978f666b61672b71ed9cc0b3b3
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/runtime-a148fbcbc5efcd91d3a7.js
93.184.220.66200 OK 2.1 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/runtime-a148fbcbc5efcd91d3a7.js
IP 93.184.220.66:0
File type ASCII text, with very long lines (3835), with no line terminators
Hash a7a94df486e306b619ab921142d234e2
1386bcf32860c146b6b7d912b92a540662cc7361
f4de548de8d166e7872adeefa8e8345f952b9001b40ca56622cd40033a34bf22
GET /_next/static/chunks/runtime-a148fbcbc5efcd91d3a7.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2062601
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 16:45:28 GMT
Etag: "581beb14123ea389fe5c0fe24167fe0a+gzip"
Last-Modified: Thu, 03 Nov 2022 19:46:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71B)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=2
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 2097
www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df36f0c4dbaefae2%2526domain%253Dblog.faceutil.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fblog.faceutil.com%25252Ff280fffe4ec9868%2526relation%253Dparent.parent%26container_width%3D263%26height%3D432%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2525ED%25258E%252598%2525EC%25259D%2525B4%2525EC%25258A%2525A4%2525EC%25259C%2525A0%2525ED%25258B%2525B8-1656053511364043%252F%26locale%3Dko_KR%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dfalse%26width%3D340
31.13.72.36200 OK 99 kB URL HTTP/2 www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df36f0c4dbaefae2%2526domain%253Dblog.faceutil.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fblog.faceutil.com%25252Ff280fffe4ec9868%2526relation%253Dparent.parent%26container_width%3D263%26height%3D432%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2525ED%25258E%252598%2525EC%25259D%2525B4%2525EC%25258A%2525A4%2525EC%25259C%2525A0%2525ED%25258B%2525B8-1656053511364043%252F%26locale%3Dko_KR%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dfalse%26width%3D340
IP 31.13.72.36:0
Hash a7e22869131e44dd4298371ee16d5f37
0a925fa8290bf96c92c23668e612cacc180a22d4
e10b9e6927c101e72a7a022255b527dd57238c7e3bdf18d66e0c925b8267da30
GET /login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df36f0c4dbaefae2%2526domain%253Dblog.faceutil.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fblog.faceutil.com%25252Ff280fffe4ec9868%2526relation%253Dparent.parent%26container_width%3D263%26height%3D432%26hide_cover%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252F%2525ED%25258E%252598%2525EC%25259D%2525B4%2525EC%25258A%2525A4%2525EC%25259C%2525A0%2525ED%25258B%2525B8-1656053511364043%252F%26locale%3Dko_KR%26sdk%3Djoey%26show_facepile%3Dtrue%26show_posts%3Dfalse%26width%3D340 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blog.faceutil.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: dmj7AOasLr2C4tHfnTttRqyFqBwz6inPMDcByEWpeEHs3dp+pGFFgN94AJauWs5DsAqnv8lyQliTcJVh3JRk2g==
date: Sun, 27 Nov 2022 16:45:28 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/main-e9db78f5e7b3d83edd5e.js
93.184.220.66200 OK 90 B URL HTTP/1.1 platform.twitter.com/_next/static/chunks/main-e9db78f5e7b3d83edd5e.js
IP 93.184.220.66:0
File type ASCII text, with no line terminators
Hash 8e33207e7b788da9abde5b6d33da0b00
23e48f1b412b3a0a406639f297fb6f4c4740efe8
80534a6e1ec41d37acec8be383f8d1112dbbeea31dd51ead47463095c13bff3a
GET /_next/static/chunks/main-e9db78f5e7b3d83edd5e.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2139875
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 16:45:28 GMT
Etag: "8e33207e7b788da9abde5b6d33da0b00"
Last-Modified: Wed, 28 Sep 2022 17:24:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 90
platform.twitter.com/_next/static/chunks/pages/_app-446fb4a338b215deec8c.js
93.184.220.66200 OK 668 B URL HTTP/1.1 platform.twitter.com/_next/static/chunks/pages/_app-446fb4a338b215deec8c.js
IP 93.184.220.66:0
File type ASCII text, with very long lines (1338), with no line terminators
Hash 79fd032d8d5d9fa6b966e0a2b0e5a3e1
092828885b8721858c80381d92622760aa6b2188
d08463c097b4b77e9db4acb6fdf01a44f3b80db66cd368c76185a363c9bf0863
GET /_next/static/chunks/pages/_app-446fb4a338b215deec8c.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2139875
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 16:45:28 GMT
Etag: "be3e428d416daa9027cecf70b5f26bf9+gzip"
Last-Modified: Wed, 28 Sep 2022 17:24:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 668
platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c8b4c96951cf24f547b4.js
93.184.220.66200 OK 1.3 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c8b4c96951cf24f547b4.js
IP 93.184.220.66:0
File type ASCII text, with very long lines (13043), with no line terminators
Hash 9a40466b77e5f5f4a525cf508afee546
410eb7a6ee4ee31950b33844fd21efcc8850e3e0
aae2810ee062cd3d5a1d770d2f1b287c84d5ae6276c90914ab21c9cce6686538
GET /_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c8b4c96951cf24f547b4.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2139874
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 16:45:28 GMT
Etag: "1efc61e416c7f4f293501e877fbec836+gzip"
Last-Modified: Wed, 28 Sep 2022 17:24:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F714)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 1285
platform.twitter.com/_next/static/octaUlqc-A_Am4qAPnvU1/_buildManifest.js
93.184.220.66200 OK 414 B URL HTTP/1.1 platform.twitter.com/_next/static/octaUlqc-A_Am4qAPnvU1/_buildManifest.js
IP 93.184.220.66:0
File type ASCII text, with very long lines (1208), with no line terminators
Hash 19e50b016c2418a8b7178a219a9fe03d
68c691a19558f28e9111b35f0c0f182addd31e3f
ff39afa732cf28797d8c7d8170b9e4dcc5ab8bcbd688b44be3dc0d82a5b3bbe4
GET /_next/static/octaUlqc-A_Am4qAPnvU1/_buildManifest.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2062601
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 16:45:28 GMT
Etag: "12a5a08767706f15b6b316996cd057c1+gzip"
Last-Modified: Thu, 03 Nov 2022 19:46:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F70D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 414
img.mobon.net/js/jquery-1.6.2.min.js
14.0.113.206200 OK 0 B URL HTTP/1.1 img.mobon.net/js/jquery-1.6.2.min.js
IP 14.0.113.206:0
GET /js/jquery-1.6.2.min.js HTTP/1.1
Host: img.mobon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mediacategory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:27 GMT
Content-Type: text/javascript
Content-Length: 91556
Connection: keep-alive
Server: PWS/8.3.1.0.8
Last-Modified: Thu, 05 May 2016 06:31:46 GMT
ETag: "f021d0-165a4-532127f0e5880"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 40917
Via: 1.1 PShgseSEL7vn105:10 (W), 1.1 PShgseSEL4aj113:12 (W)
X-Px: ht PShgseSEL4aj113GMP
X-Ws-Request-Id: 63839427_PShgseSEL4bh115_36180-12406
Cache-Control: max-age=86400
s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=202247
192.0.77.32200 OK 0 B URL HTTP/2 s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=202247
IP 192.0.77.32:0
GET /wp-content/js/devicepx-jetpack.js?ver=202247 HTTP/1.1
Host: s0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:24 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"5bffef65-52b6"
content-encoding: br
expires: Mon, 20 Nov 2023 23:42:53 GMT
cache-control: max-age=31536000
x-ac: 4.arn _dca BYPASS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT arn 1
X-Firefox-Spdy: h2
secure.gravatar.com/js/gprofiles.js?ver=2022Novaa
192.0.73.2200 OK 0 B URL HTTP/2 secure.gravatar.com/js/gprofiles.js?ver=2022Novaa
IP 192.0.73.2:0
GET /js/gprofiles.js?ver=2022Novaa HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 16:45:24 GMT
content-type: application/javascript
last-modified: Thu, 15 Sep 2022 11:48:47 GMT
etag: W/"6323111f-5deb"
content-encoding: br
expires: Sun, 04 Dec 2022 16:45:24 GMT
cache-control: max-age=604800
X-Firefox-Spdy: h2
accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fblog.faceutil.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
216.58.207.237200 OK 0 B URL HTTP/2 accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fblog.faceutil.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
IP 216.58.207.237:0
GET /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fblog.faceutil.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Nov 2022 16:45:27 GMT
content-security-policy: script-src 'nonce-unCsHHEkItARs9ZEhw930w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport, require-trusted-types-for 'script';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A600%2C400%2C400italic%2C300%2C100%2C700%7CMerriweather+Sans%3A400%2C700&ver=4.7.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A600%2C400%2C400italic%2C300%2C100%2C700%7CMerriweather+Sans%3A400%2C700&ver=4.7.2
IP 142.250.74.10:0
GET /css?family=Open+Sans%3A600%2C400%2C400italic%2C300%2C100%2C700%7CMerriweather+Sans%3A400%2C700&ver=4.7.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://blog.faceutil.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 16:45:24 GMT
date: Sun, 27 Nov 2022 16:45:24 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img.mobon.net/newAd/js/jquery-1.9.1.min.js
14.0.113.206200 OK 0 B URL HTTP/1.1 img.mobon.net/newAd/js/jquery-1.9.1.min.js
IP 14.0.113.206:0
GET /newAd/js/jquery-1.9.1.min.js HTTP/1.1
Host: img.mobon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.mediacategory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 16:45:27 GMT
Content-Type: text/javascript
Content-Length: 111552
Connection: keep-alive
Server: PWS/8.3.1.0.8
Last-Modified: Tue, 14 Aug 2018 01:15:32 GMT
ETag: "1001139-1b3c0-5735af24c9f29"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 40917
Via: 1.1 PShgseSEL5pk161:0 (W), 1.1 PShgseSEL4cy114:20 (W)
X-Px: ht PShgseSEL4cy114GMP
X-Ws-Request-Id: 63839427_PShgseSEL4bh115_35180-55096
Cache-Control: max-age=86400