Report - nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start

Report Overview

Submitted URL
nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start
IP
3.72.244.163
ASN
#16509 AMAZON-02
Submitted
2023-03-21 08:06:48
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-25T18:14:26Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-26T05:11:59Z	333 B	391 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-26T05:10:41Z	4.1 kB	8.4 kB	142.250.74.163
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-26T05:56:25Z	452 B	140 kB	142.250.74.3
apis.google.com	105	2013-05-06T22:20:21Z	2023-03-26T05:11:23Z	384 B	7.8 kB	142.250.74.78
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-26T05:10:29Z	606 B	127 B	34.213.220.137
play.google.com	34	2013-05-31T01:24:35Z	2023-03-26T07:58:19Z	1.0 kB	1.5 kB	142.250.74.46
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-26T05:09:08Z	3.2 kB	48 kB	34.120.237.76
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-26T06:22:54Z	954 B	1.3 kB	172.217.21.170
nibirdokan.com	unknown	2019-01-28T02:25:48Z	2023-03-24T02:34:08Z	396 B	458 B	3.72.244.163
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-25T18:12:03Z	2.7 kB	7.1 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-26T05:11:12Z	413 B	5.9 kB	34.160.144.191
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-25T22:19:37Z	3.0 kB	132 kB	142.250.74.163
lh5.googleusercontent.com	157	2012-05-22T09:35:05Z	2023-03-26T05:16:49Z	479 B	49 kB	216.58.207.193
www.nibirdokan.com	unknown	2019-06-18T07:49:26Z	2023-03-21T15:55:07Z	1.6 kB	1.7 kB	172.217.21.179

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-21	medium	nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start	Phishing
2023-03-21	medium	www.nibirdokan.com/_/view/logImpressions?authuser=0	Phishing
2023-03-21	medium	www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start	Phishing
2023-03-21	medium	www.nibirdokan.com/_/view/logImpressions?authuser=0	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.Oupypiulh58.O/m=gapi_rpc/exm=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CVmSAWqMsGCHgMRyaSvlE8hY6sw/cb=gapi.loaded_1?le=scs	261 B	2023-03-14	2023-03-26
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.Oupypiulh58.O/m=gapi_rpc/exm=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CVmSAWqMsGCHgMRyaSvlE8hY6sw/cb=gapi.loaded_1?le=scs IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 09:29:22 Last Seen2023-03-26 13:09:27 Times Seen112 Hash 86b7b2516a1032925b9f3f79108d0f71 d2324271b2ac804f52794fca07ed8cffc44bf18b 59931fe9a9972b171343e67ce85b3452a07dd7bdc6e3e34631b9d6841f592591 Loading...

	www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start	37 B	2023-03-07	2024-04-18
Pretty URL www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start IP 172.217.21.179 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:08 Last Seen2024-04-18 15:34:58 Times Seen1357 Hash 278a1fde660b456524bac51f78574a09 9299ca406f8c85dcf8127283ad24b7c971eac8f8 537028ea4a4d59d93a18a6f92e8cc51ad5d8928f7406f69353b809ac4efba0fb Loading...

	www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start	167 B	2023-03-08	2023-11-28
Pretty URL www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start IP 172.217.21.179 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:24:26 Last Seen2023-11-28 03:07:22 Times Seen956 Hash b2e4025e8778a2dad8b55f32f753b9c0 156441e72f8380a2b4a7ba59dfb6cb828696502b d97d5d1b2889ff7d225c69788b178016838bba9e3ae41b1f01784ba75b3308d1 Loading...

	www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start	463 B	2023-03-07	2024-04-18
Pretty URL www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start IP 172.217.21.179 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:08 Last Seen2024-04-18 15:34:59 Times Seen836 Hash ba62c114275d5fe6454780a3d9eb3c20 958b480fb44cfff057e97319868d1ad06edae8c9 63846bca36b23a5f1e2d6a718b0e73b640d647d321d3e3425391b09398ea329f Loading...

	www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=sy2m,TRvtze	850 B	2023-03-26	2023-03-29
Pretty URL www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=sy2m,TRvtze IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:40:40 Last Seen2023-03-29 23:17:45 Times Seen41 Hash 004104d9c29326f8dc0f17c071c42b34 df595d2afe1fd7cf803c8e9125aef5585c60f8ee 724a45da919ed0fe01633124c34df8dbf2beca6006e49e992cd7f8d6287a23f1 Loading...

	www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start	59 B	2023-03-07	2024-04-18
Pretty URL www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start IP 172.217.21.179 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:08 Last Seen2024-04-18 15:34:58 Times Seen1288 Hash a6e675093ac913b1b3c5bd616350e0ec 3fce18aa4c76382c7bd8be5a7d9da1d202419d5f 6024a6f0412fb6700a75e2c9221311c5230ae6b78a2e0b2e6b8800313c561b21 Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.Oupypiulh58.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CVmSAWqMsGCHgMRyaSvlE8hY6sw/cb=gapi.loaded_0?le=scs	322 kB	2023-03-14	2023-09-07
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.Oupypiulh58.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_CVmSAWqMsGCHgMRyaSvlE8hY6sw/cb=gapi.loaded_0?le=scs IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 08:18:52 Last Seen2023-09-07 20:08:30 Times Seen198 Hash 8d2ef4e0bbf8671cd4ce57245a25eb21 247c630e40de902989668332e641173104715f53 06b63fb25753ca34ef15d1bebd2a7903d9a880bd1ee4459ec51db5f68597514c Loading...

	apis.google.com/js/client.js?onload=gapiLoaded	18 kB	2023-03-14	2023-03-29
Pretty URL apis.google.com/js/client.js?onload=gapiLoaded IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 08:39:35 Last Seen2023-03-29 20:59:55 Times Seen132 Hash b9056622d7a9860845bd58746b08aced 6867df1e9c7e50424cc5dd26f3da1baf7802bd84 5010c60273539ada2860044ed040e1562f729a71c2869367a1defd9187f8f373 Loading...

	www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=sy1b,sy1c,sy1a,FoQBg	37 kB	2023-03-26	2023-03-29
Pretty URL www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=sy1b,sy1c,sy1a,FoQBg IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:40:40 Last Seen2023-03-29 23:17:45 Times Seen41 Hash ff7dbd69e420c6849d492b078c56682f 27c89a0cb9c7dc0ad3c1c36342ad8ba08b89c79c 57fe1ead504da1a4c660ef8b041b18eebe0e2c045cc1dad257a68a527e721b12 Loading...

	www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=MpJwZc,n73qwf,A4UTCb,qAKInc,sy16,TGYpv,sy11,X85Uvc,HIeYee,QxOCld,syz,YXyON,sy2n,abQiW,syj,ruhlUe,KUM7Z,XDKZTc,sy12,qkPXAf,zPx2U,qEW1W,oNFsLb,sy3m,yxTchf,sy3n,sy3o,xQtZb,yf2Bs,sy2,sy8,yyxWAc,qddgKe,sy2p,SM1lmd,sy6,sy5,syy,RRzQxe,sy10,YV8yqd,sy7,sya,syk,sy9,fNFZH,sy2o,sy1g,sy1q,syl,RrXLpc,cgRV2c,sy1r,o1L5Wb,X4BaPc,syf,sy18,Md9ENb,sy1i,sy1j,sy1k,syn,syo,sy1e,sy1f,sy1h,sy1p,syp,syx,KlrXId,NlqxW,sy1n,sy1o,sy1m,syb,sys,sy1l,sy1t,sy1w,sy1y,sy23,sy1u,sy22,sy2a,sy1s,sy1v,sy20,sy1x,sy21,sy24,sy28,sy29,sy2c,sy2d,sy1d,T807ad,sy1z,ZDEHrf,sy25,sy26,sy27,sy2b,oy3iwb,dBhIIb,syq,Yr1Pcb,LUQjOd,J9ssyb,SB123c,UubMM,YoEZUb,JKfHhb,DJtOxf,pA2mAb,gypOCd,X4FC5,kYfebb,XMtvld,rrOIJc,ZdZQ6b,Euz7Lc,sAbmxd,heobjb,R4KMEc,sy2e,sy2f,sy2g,sy2h,UYjpC,sy3,VYKRW	1.2 MB	2023-03-26	2023-03-29
Pretty URL www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=MpJwZc,n73qwf,A4UTCb,qAKInc,sy16,TGYpv,sy11,X85Uvc,HIeYee,QxOCld,syz,YXyON,sy2n,abQiW,syj,ruhlUe,KUM7Z,XDKZTc,sy12,qkPXAf,zPx2U,qEW1W,oNFsLb,sy3m,yxTchf,sy3n,sy3o,xQtZb,yf2Bs,sy2,sy8,yyxWAc,qddgKe,sy2p,SM1lmd,sy6,sy5,syy,RRzQxe,sy10,YV8yqd,sy7,sya,syk,sy9,fNFZH,sy2o,sy1g,sy1q,syl,RrXLpc,cgRV2c,sy1r,o1L5Wb,X4BaPc,syf,sy18,Md9ENb,sy1i,sy1j,sy1k,syn,syo,sy1e,sy1f,sy1h,sy1p,syp,syx,KlrXId,NlqxW,sy1n,sy1o,sy1m,syb,sys,sy1l,sy1t,sy1w,sy1y,sy23,sy1u,sy22,sy2a,sy1s,sy1v,sy20,sy1x,sy21,sy24,sy28,sy29,sy2c,sy2d,sy1d,T807ad,sy1z,ZDEHrf,sy25,sy26,sy27,sy2b,oy3iwb,dBhIIb,syq,Yr1Pcb,LUQjOd,J9ssyb,SB123c,UubMM,YoEZUb,JKfHhb,DJtOxf,pA2mAb,gypOCd,X4FC5,kYfebb,XMtvld,rrOIJc,ZdZQ6b,Euz7Lc,sAbmxd,heobjb,R4KMEc,sy2e,sy2f,sy2g,sy2h,UYjpC,sy3,VYKRW IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:40:40 Last Seen2023-03-29 23:17:45 Times Seen26 Hash 1a96b41143c6d53c15d9ba8196541470 90910161c044b7005eb1302e8b2ace1bda2c8e0e cef873f31044ce2c36f8af165e5b098aab099bceadc5a891d3921dfed438f3f2 Loading...

	www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=sy3d,IZT63,vfuNJf,sy37,sy3b,sy3e,sy3r,sy3p,sy3q,siKnQd,sy35,sy3c,sy3g,YNjGDd,sy3f,sy3h,PrPYRd,iFQyKf,hc6Ubd,sy3s,SpsfSb,sy38,sy3a,wR5FRb,pXdRYb,dIoSBb,zbML3c	27 kB	2023-03-26	2023-03-29
Pretty URL www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=sy3d,IZT63,vfuNJf,sy37,sy3b,sy3e,sy3r,sy3p,sy3q,siKnQd,sy35,sy3c,sy3g,YNjGDd,sy3f,sy3h,PrPYRd,iFQyKf,hc6Ubd,sy3s,SpsfSb,sy38,sy3a,wR5FRb,pXdRYb,dIoSBb,zbML3c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:40:40 Last Seen2023-03-29 23:17:45 Times Seen41 Hash 22fafb5b2ca587dddba731502ee18017 71faf6129b6c48bafe22f7c3fce16c893b7543d2 e609f1eaad1bc5c625a1b95f65ccc674fcced9a0c6d0f4a5808dff781c8f4581 Loading...

	www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=sy13,sy14,sy15,sy17,fuVYe,vVEdxc,sy19,CG0Qwb	32 kB	2023-03-26	2023-03-29
Pretty URL www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=sy13,sy14,sy15,sy17,fuVYe,vVEdxc,sy19,CG0Qwb IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:40:40 Last Seen2023-03-29 23:17:45 Times Seen38 Hash 0e49092d72e3b161d3aedae114f4ef46 96f5e072cff3bbe5631eeeb285a48f6f24e394b1 296f655ba48acb53bb606771685a74cea4cfbd431125ac533be995a9b4b08ada Loading...

	www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=m9oV,sy3i,NTMZac,rCcCxc,RAnnUd,mzzZzc,sy2q,uu7UOe,nAFL3,sy2j,gJzDyc,sy2r,sy2s,soHxf,syv,syu,HYv29e,sy2t,uY3Nvd	33 kB	2023-03-26	2023-03-29
Pretty URL www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=0/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=m9oV,sy3i,NTMZac,rCcCxc,RAnnUd,mzzZzc,sy2q,uu7UOe,nAFL3,sy2j,gJzDyc,sy2r,sy2s,soHxf,syv,syu,HYv29e,sy2t,uY3Nvd IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:40:40 Last Seen2023-03-29 23:17:45 Times Seen35 Hash bea93e6568ecb61fe67212486153d471 1f76f4e0c7a5d922fe3d2f1951e592562020a376 3c144aff3d456415ad1e179d26e953019c498b343b205b730ead6e96ec8a6c2c Loading...

	www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start	2.6 kB	2023-03-26	2023-03-26
Pretty URL www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start IP 172.217.21.179 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:49:30 Last Seen2023-03-26 12:49:30 Times Seen1 Hash ca847a7c1f2062068b5e30fda21a4b01 c866120e19f0d40dd0bbaeda86cde3205c491cb5 504be5944246a4c5038d556c4a0f966e878c7d247f28e8a62b579c6127e9d3f3 Loading...

	www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start	4.3 kB	2023-03-26	2023-03-26
Pretty URL www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start IP 172.217.21.179 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:49:30 Last Seen2023-03-26 12:49:30 Times Seen1 Hash db98becc561b065059433176d0d34656 8dcf64ac7677bfe7dbb06844899ec90b898e8276 7c6cd4d11bbf35f6f14bb1467b5b7df17d460c84e5f7e2a97342f9e964cd27e0 Loading...

	www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start	40 B	2023-03-07	2024-04-18
Pretty URL www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start IP 172.217.21.179 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:08 Last Seen2024-04-18 15:34:59 Times Seen1288 Hash 8dc7198496a693002800c969535719d8 2af910a76b06855faba3c17d869440b55a29e893 a750528f499f276d2fd47264648a292994d3423ee1918dd48e033fc9dfa8f2e6 Loading...

	www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=1/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=view	554 kB	2023-03-26	2023-03-29
Pretty URL www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.KUSiZITL0Hg.O/d=1/rs=AGEqA5kEu2L8Tmj7lTIm-M6pLqmlKyMrSg/m=view IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:40:40 Last Seen2023-03-29 23:17:45 Times Seen38 Hash 0081a1ff8550a728161a473e0dd1b58b 58dd1f2f8974c85cb5b4c9f3d3caff67757819c9 f75a78ddfe8fa3b83d5a68b27f4ed5ef37d70f830f679716483b725d14eddd05 Loading...

HTTP Transactions (48)

URL IP Response Size

nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start

3.72.244.163

301 Moved Permanently

178 B

URL HTTP/1.1
nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start
IP
3.72.244.163:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start HTTP/1.1
Host: nibirdokan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 21 Mar 2023 08:06:37 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start
Cache-Control: public, max-age=3600

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
00e304a3fc0c2f01af0e94fcefe0ca40
833969e75e5e13e823c8d97ee59a9821eb157ee3
c2b7f7ae4861f2dd16867de54c7e47d95582de77887f523841d9683a369d20a7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2B7F7AE4861F2DD16867DE54C7E47D95582DE77887F523841D9683A369D20A7"
Last-Modified: Sun, 19 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12157
Expires: Tue, 21 Mar 2023 11:29:14 GMT
Date: Tue, 21 Mar 2023 08:06:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ec332b81a27117ce9c16b67a5a8e4fac
b6d2afa2c859d000ad830d3d8d73f57bac6ffce2
1dc32c78e4e850303813338fd4e9616a41c8c05d1063748a1e76a92c397a5e8f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DC32C78E4E850303813338FD4E9616A41C8C05D1063748A1E76A92C397A5E8F"
Last-Modified: Mon, 20 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5636
Expires: Tue, 21 Mar 2023 09:40:33 GMT
Date: Tue, 21 Mar 2023 08:06:37 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4e6141892ec4705c6a0134f3157b969d
4169fdea42b0fa9cb565e14b8e8fdb293575c78e
905537ef3e3a4a9030391b44bd6ac6bb5d7c9ec752b1821d683dfbf483096163

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "905537EF3E3A4A9030391B44BD6AC6BB5D7C9EC752B1821D683DFBF483096163"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6944
Expires: Tue, 21 Mar 2023 10:02:21 GMT
Date: Tue, 21 Mar 2023 08:06:37 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 21 Mar 2023 07:14:57 GMT
content-type: application/json
age: 3100
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: +gciQqFswnkVD1+2U4CZUs+0Xr3/gC8a4s9KcvobG51xXR6ph27wdd2ObCEZmOATj2lw01wKTsM=
x-amz-request-id: 8A5NMTAB2QS51M3G
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 21 Mar 2023 07:53:06 GMT
age: 811
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 21 Mar 2023 08:06:37 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/iqzwxSTd8HM

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/iqzwxSTd8HM
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3294e767e5a36f25d308311ad3f1dfd9
c92132387f50f336654968a846f2448b91788a67
e467ddbf6f198d0b80a57205f3a0bcbaeeb2da78d9f848d72009bef512300bdc

HTTP Headers

POST /s/gts1d4/iqzwxSTd8HM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 21 Mar 2023 07:14:33 GMT
age: 3125
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3ac4671deeca3302950bd5fce7f4ce3f
62b5d0c548949ee8d932231fcd01196cefc896aa
e4adf52f426f89cbc5a61507b21d33c817e5b8cee1e2709fe3ffecc1ec0c8731

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3ac4671deeca3302950bd5fce7f4ce3f
62b5d0c548949ee8d932231fcd01196cefc896aa
e4adf52f426f89cbc5a61507b21d33c817e5b8cee1e2709fe3ffecc1ec0c8731

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c26dba42c0d5a8ae943ac677b38929ea
21c68777a8249158f53f6f1bbf33d12769146cec
a890859401ea2f9079622841f24a700215fcab7fe291d0b1f581e675ae130342

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/_/atari/_/ss/k=atari.vw.v4m1Wl9tQew.L.F4.O/d=1/rs=AGEqA5nWTCtAoyp0h-3mGqcXMFPHhF4Ntg

142.250.74.3

200 OK

139 kB

URL HTTP/2
www.gstatic.com/_/atari/_/ss/k=atari.vw.v4m1Wl9tQew.L.F4.O/d=1/rs=AGEqA5nWTCtAoyp0h-3mGqcXMFPHhF4Ntg
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
139 kB (139078 bytes)
Hash
bef644477b0b6e5d0e3e5434bd9f0761
096bfc3f7c13f136619c1f35cbaacdd4dc0e5527
f70b571fbc6e902ce6cbda79565eb868cf01c72cd7f38b74dfb9b9a971dc45dd

HTTP Headers

GET /_/atari/_/ss/k=atari.vw.v4m1Wl9tQew.L.F4.O/d=1/rs=AGEqA5nWTCtAoyp0h-3mGqcXMFPHhF4Ntg HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nibirdokan.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-sites"
report-to: {"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-length: 139078
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 20 Mar 2023 14:48:31 GMT
expires: Tue, 19 Mar 2024 14:48:31 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 14 Mar 2023 12:34:46 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 62287
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3ac4671deeca3302950bd5fce7f4ce3f
62b5d0c548949ee8d932231fcd01196cefc896aa
e4adf52f426f89cbc5a61507b21d33c817e5b8cee1e2709fe3ffecc1ec0c8731

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4c195a3fc0c2abb831630cef1dcfa770
eda338de3063640556177b9db364c33193d7f6dc
c22eb0537cd79666b82fe61dd77fe9b0b3c059a4c65d405412acfc2c6800b444

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C22EB0537CD79666B82FE61DD77FE9B0B3C059A4C65D405412ACFC2C6800B444"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5625
Expires: Tue, 21 Mar 2023 09:40:23 GMT
Date: Tue, 21 Mar 2023 08:06:38 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c26dba42c0d5a8ae943ac677b38929ea
21c68777a8249158f53f6f1bbf33d12769146cec
a890859401ea2f9079622841f24a700215fcab7fe291d0b1f581e675ae130342

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bb99b9844b66c9df3819b987e46b7923
5f996c3d574444a33ed6c6091a076400236dd5a0
d534a628804664c315710e377fd1f7ca467c2d4eb480b217e89040dc8a875c6c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

apis.google.com/js/client.js?onload=gapiLoaded

142.250.74.78

200 OK

6.9 kB

URL HTTP/2
apis.google.com/js/client.js?onload=gapiLoaded
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2054)
Size
6.9 kB (6894 bytes)
Hash
f46619e06f439ccc33690c54d740390f
8f52d887200719be7140675b66d6982a065d317e
52f0209782f29b3defea5bee0ea42015147cde2ff986073168187d5219f73c0d

HTTP Headers

GET /js/client.js?onload=gapiLoaded HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nibirdokan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 6894
date: Tue, 21 Mar 2023 08:06:38 GMT
expires: Tue, 21 Mar 2023 08:06:38 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "e146e87ebc9f2947"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bfa45bb31acdcad04104ab759ca396b0
f8290df5a249f0dd192fec38584618205b2d4bc7
97b4f123c07d8ccbbb7f6757f55e2b2b055ea296a29f52a729efdc996e9c8592

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nibirdokan.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Mar 2023 03:13:04 GMT
expires: Fri, 15 Mar 2024 03:13:04 GMT
cache-control: public, max-age=31536000
age: 449614
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2

142.250.74.163

200 OK

36 kB

URL HTTP/2
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 35888, version 1.0\012- data
Size
36 kB (35888 bytes)
Hash
78be9c1daeadb1ae4f8d1e622d7b2011
60923c3b5dfe1a5a07b9092ec9c5583d004d0c5b
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e

HTTP Headers

GET /s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nibirdokan.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 15 Mar 2023 10:23:20 GMT
expires: Thu, 14 Mar 2024 10:23:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
content-type: font/woff2
age: 510198
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nibirdokan.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Mar 2023 11:57:31 GMT
expires: Fri, 15 Mar 2024 11:57:31 GMT
cache-control: public, max-age=31536000
age: 418147
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nibirdokan.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 15 Mar 2023 22:34:01 GMT
expires: Thu, 14 Mar 2024 22:34:01 GMT
cache-control: public, max-age=31536000
age: 466357
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nibirdokan.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 19 Mar 2023 17:43:08 GMT
expires: Mon, 18 Mar 2024 17:43:08 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 138210
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

142.250.74.163

200 OK

28 kB

URL HTTP/2
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 28288, version 1.0\012- data
Size
28 kB (28288 bytes)
Hash
53b5e785dfdca21fa7adf7119fa1f8cc
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

HTTP Headers

GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nibirdokan.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 15 Mar 2023 22:08:48 GMT
expires: Thu, 14 Mar 2024 22:08:48 GMT
cache-control: public, max-age=31536000
age: 467870
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.213.220.137

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.213.220.137:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zxwURUvQsLd9RNYayXqsLQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LAJcmvitKODju+QyQUJ+sBdm0No=

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7192531b5ad082b63c067aa5932ec07b
1275d7db171b6e336bd755408ae452afa60f48dd
286c0269d72bdc72ae9c52360e8ec2623b2f728f01289b41a206881caf644361

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bfa45bb31acdcad04104ab759ca396b0
f8290df5a249f0dd192fec38584618205b2d4bc7
97b4f123c07d8ccbbb7f6757f55e2b2b055ea296a29f52a729efdc996e9c8592

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bfa45bb31acdcad04104ab759ca396b0
f8290df5a249f0dd192fec38584618205b2d4bc7
97b4f123c07d8ccbbb7f6757f55e2b2b055ea296a29f52a729efdc996e9c8592

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

play.google.com/log?format=json&hasfast=true&authuser=0

142.250.74.46

200 OK

0 B

URL HTTP/2
play.google.com/log?format=json&hasfast=true&authuser=0
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://www.nibirdokan.com/
Origin: https://www.nibirdokan.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://play.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 21 Mar 2023 08:06:39 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+443; expires=Thu, 20-Mar-2025 08:06:39 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 21 Mar 2023 08:06:39 GMT
cache-control: private
X-Firefox-Spdy: h2

lh5.googleusercontent.com/_ZO4h6Fge5RJMgeiqpp6vudVDPnVcwoBlnQQ4qjAsy1w6yu0FDrv_h-cYXTFuBelhRviddmo9mk2ldm-TZWgp48=w16383

216.58.207.193

200 OK

48 kB

URL HTTP/2
lh5.googleusercontent.com/_ZO4h6Fge5RJMgeiqpp6vudVDPnVcwoBlnQQ4qjAsy1w6yu0FDrv_h-cYXTFuBelhRviddmo9mk2ldm-TZWgp48=w16383
IP
216.58.207.193:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 95x95, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=8, xresolution=110, yresolution=118, resolutionunit=2, software=paint.net 4.1.3], baseline, precision 8, 520x457, components 3\012- data
Size
48 kB (48512 bytes)
Hash
066e27de938b41e2239f614582815138
1f2ef62ae9a531457506a917d77ab7555d436649
acd54c3fcfb64ca28e8fafbe70cc0151ea3cd6da5e590d2bbdfb12bf9537eaf6

HTTP Headers

GET /_ZO4h6Fge5RJMgeiqpp6vudVDPnVcwoBlnQQ4qjAsy1w6yu0FDrv_h-cYXTFuBelhRviddmo9mk2ldm-TZWgp48=w16383 HTTP/1.1
Host: lh5.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nibirdokan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 22 Mar 2023 08:06:39 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="n_Dokan_Final.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 21 Mar 2023 08:06:39 GMT
server: fife
content-length: 48512
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7192531b5ad082b63c067aa5932ec07b
1275d7db171b6e336bd755408ae452afa60f48dd
286c0269d72bdc72ae9c52360e8ec2623b2f728f01289b41a206881caf644361

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 08:06:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5759
Expires: Tue, 21 Mar 2023 09:42:39 GMT
Date: Tue, 21 Mar 2023 08:06:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5759
Expires: Tue, 21 Mar 2023 09:42:39 GMT
Date: Tue, 21 Mar 2023 08:06:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5759
Expires: Tue, 21 Mar 2023 09:42:39 GMT
Date: Tue, 21 Mar 2023 08:06:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5759
Expires: Tue, 21 Mar 2023 09:42:39 GMT
Date: Tue, 21 Mar 2023 08:06:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8195 bytes)
Hash
2a940b362660fdee25faaa51e08c439b
85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c
18b99e3e890fdc959421c895ce343b8b3ed88819c83fa0009823e8ded23458f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8195
x-amzn-requestid: c6844a50-a6b2-4ef4-ad28-f1a0fbcec14f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDFESEDGoAMFQ8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6417821b-22fa560d4b7811c233fe07fa;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:43:55 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: hZeMhs-Z5fNn0pvRUSkNcGau_K6EG9EQtDktbLUth0uEveafUgCxeQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 85ee490c179dc0af42b771f11421073e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 22:07:00 GMT
age: 35980
etag: "85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e5e49ed-9ec4-4b75-b7ba-3c4c213d5d27.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4712 bytes)
Hash
d0e5cb0b321323913460ba1efd6b7b63
701eb0eb86c6673bbb6e85cf933bea53187b6048
150d0e93b808b222fcb4b58f0f4a78a403517b84461cb3029fc71c30930bb11b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e5e49ed-9ec4-4b75-b7ba-3c4c213d5d27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4712
x-amzn-requestid: 3c0b3a28-a1a9-4ba0-94ad-29156c2d83c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9yGEE8SIAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641563c0-1937b8bc1e42142720eddd7b;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:09:52 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: AiPPel5fJZ56l-XoDAdJnwrcvrSU1bIO6365983POkVVXhlCnSK7Yg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 5292c0d5844327feadb38f1efe42ebc6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 13:26:29 GMT
age: 67211
etag: "701eb0eb86c6673bbb6e85cf933bea53187b6048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F21a85835-c7c4-48a2-afb8-600f570f7ef8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9062 bytes)
Hash
25023a307b323b4565ee2560c9f16ed1
e8becaaf74fcda8fe5187f589b3cf2f3fa870d93
9f976686d5a33122af889ede6456ed86c0dac867448cc3d81aaac45dfe5e946d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F21a85835-c7c4-48a2-afb8-600f570f7ef8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9062
x-amzn-requestid: d24fccfa-439a-4bcf-a984-456cb90b0bb7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ByllJFJlIAMFZ1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6410e953-05321b2649fdc7a838e1b49a;Sampled=0
x-amzn-remapped-date: Tue, 14 Mar 2023 21:38:27 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: veRZaSgr0vSCPERll8DuDLjQVFx-dM9BIRLKAiVuiZbySy5UYyVfxA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 03:32:14 GMT
age: 16466
etag: "e8becaaf74fcda8fe5187f589b3cf2f3fa870d93"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70f478f5-dd81-4fcb-a03b-ac51035145db.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7949 bytes)
Hash
01dce111a114c023773678c1ec6cba61
666d47c4e5415edbc489a3117b2f054129784ade
0a3d5ef914a64a3356ef8c08b9ab7be43ab335213966878c867ff1317de8bb36

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70f478f5-dd81-4fcb-a03b-ac51035145db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7949
x-amzn-requestid: 5c950a43-5210-4cf2-9491-b4b832f89b8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B6e1jHDhIAMFYEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641411bc-0ac0201f46a7a49c32970994;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 07:07:40 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: A70hNBg1Pfxj21Z0nUEFOWeoYFOnR_jTCHca4NTTUvn91Pi0qAwnhQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 08:12:41 GMT
age: 86039
etag: "666d47c4e5415edbc489a3117b2f054129784ade"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faacc3f97-56a5-4bb4-802f-dc4b529c41d3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6632 bytes)
Hash
59df3b8c484422b14b057fddfd99beb3
d7347bcac5fc585b802d9be262c9536d0f72a498
c05014345e897447f7bdcc3b7d267137bbf76758e8fecfbabcb20d09889769f6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faacc3f97-56a5-4bb4-802f-dc4b529c41d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6632
x-amzn-requestid: e51ff988-1417-4d22-8540-82914428fdcd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CBFaIHZ8IAMF3lQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6416b5da-744c064c55ad8d3401855d0f;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 07:12:26 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: FsFKERMeCkoD4DFnD-sjKYiRB8izHSQszlkxg7L7jaBgGy4ASvpkkQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 12:37:46 GMT
age: 70134
etag: "d7347bcac5fc585b802d9be262c9536d0f72a498"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30f3b190-942a-4719-9acd-24de4ce3cffb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5250 bytes)
Hash
6d65964786df6f0974add4e6e1557e8b
b0516c8fc89a28344607b18953f4ca6a47f3a766
13b494cee4481fda312d2496d64e6bf538af3560c3147e6d4644a55b53b03874

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30f3b190-942a-4719-9acd-24de4ce3cffb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5250
x-amzn-requestid: e58ccd5e-c06b-4151-a89d-e5be457173a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B5YtUFCwoAMF_zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6413a188-2b2a7f1d27d6e0572129b0e6;Sampled=0
x-amzn-remapped-date: Thu, 16 Mar 2023 23:08:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: g02a1S-uNlNZX1Ee0mWQsaxYJ8p07F0b-jT4aMlfTre5bIx1hIKZcA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 21:52:17 GMT
age: 36863
etag: "b0516c8fc89a28344607b18953f4ca6a47f3a766"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

play.google.com/log?format=json&hasfast=true&authuser=0

142.250.74.46

200 OK

0 B

URL HTTP/2
play.google.com/log?format=json&hasfast=true&authuser=0
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Referer: https://www.nibirdokan.com/
Origin: https://www.nibirdokan.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: http://play.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Tue, 21 Mar 2023 08:06:42 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+512; expires=Thu, 20-Mar-2025 08:06:42 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 21 Mar 2023 08:06:42 GMT
cache-control: private
X-Firefox-Spdy: h2

www.nibirdokan.com/_/view/logImpressions?authuser=0

172.217.21.179

200 OK

0 B

URL HTTP/2
www.nibirdokan.com/_/view/logImpressions?authuser=0
IP
172.217.21.179:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_/view/logImpressions?authuser=0 HTTP/1.1
Host: www.nibirdokan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 10952
Origin: https://www.nibirdokan.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 21 Mar 2023 08:06:42 GMT
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
x-content-type-options: nosniff
cross-origin-opener-policy: same-origin-allow-popups
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start

172.217.21.179

404 Not Found

0 B

URL HTTP/2
www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start
IP
172.217.21.179:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start HTTP/1.1
Host: www.nibirdokan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 21 Mar 2023 08:06:38 GMT
cross-origin-opener-policy: unsafe-none
content-security-policy: base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'nonce-Rve73xsxh-lW6I0O1RhiWA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/
referrer-policy: strict-origin-when-cross-origin
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Lora%3A400%2C400italic%2C700%2C700italic%7CGentium%20Basic%3A400%2C400italic%2C700%2C700italic&display=swap

172.217.21.170

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Lora%3A400%2C400italic%2C700%2C700italic%7CGentium%20Basic%3A400%2C400italic%2C700%2C700italic&display=swap
IP
172.217.21.170:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Lora%3A400%2C400italic%2C700%2C700italic%7CGentium%20Basic%3A400%2C400italic%2C700%2C700italic&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nibirdokan.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 21 Mar 2023 08:06:38 GMT
date: Tue, 21 Mar 2023 08:06:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.nibirdokan.com/_/view/logImpressions?authuser=0

172.217.21.179

200 OK

0 B

URL HTTP/2
www.nibirdokan.com/_/view/logImpressions?authuser=0
IP
172.217.21.179:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /_/view/logImpressions?authuser=0 HTTP/1.1
Host: www.nibirdokan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nibirdokan.com/dFRh/a1b2c3/ec1f2a44460500e2a2f851e9c1b4db2a/start
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 3266
Origin: https://www.nibirdokan.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 21 Mar 2023 08:06:39 GMT
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
x-content-type-options: nosniff
cross-origin-opener-policy: same-origin-allow-popups
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap

172.217.21.170

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap
IP
172.217.21.170:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Google+Sans:400,500|Roboto:300,400,500,700|Source+Code+Pro:400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nibirdokan.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 21 Mar 2023 08:06:38 GMT
date: Tue, 21 Mar 2023 08:06:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML