Report - goo.su/NrYKt

Report Overview

Submitted URL
goo.su/NrYKt
IP
172.67.139.105
ASN
#13335 CLOUDFLARENET
Submitted
2023-02-05 07:26:23
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
3
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
1.cj7.workers.dev	unknown	2023-01-23T11:32:34Z	2023-02-05T08:25:08Z	355 B	887 B	104.21.235.144
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	409 B	630 B	142.250.74.106
goo.su	377451	2017-05-12T21:35:59Z	2023-03-13T04:29:05Z	784 B	2.4 kB	104.21.38.221
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	1.0 kB	45 kB	142.250.74.35
ssl.gstatic.com	unknown	2012-05-23T08:57:57Z	2023-03-13T07:54:16Z	421 B	1.5 kB	142.250.74.131
play.google.com	34	2013-05-31T01:24:35Z	2023-03-13T08:27:10Z	1.9 kB	1.2 kB	216.58.207.238
peoplestackwebexperiments-pa.clients6.google.com	316	2019-12-11T03:15:39Z	2023-03-13T09:11:08Z	2.5 kB	3.3 kB	216.58.211.10
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
blobcomments-pa.clients6.google.com	5190	2017-03-08T13:00:25Z	2023-03-13T08:25:08Z	1.9 kB	1.8 kB	142.250.74.106
drive.google.com	321	2012-10-03T09:10:02Z	2023-03-13T09:03:07Z	724 B	1.2 kB	142.250.74.142
lh3.googleusercontent.com	66	2012-05-22T09:35:05Z	2023-03-13T05:09:32Z	436 B	8.5 kB	142.250.74.97
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	95.101.11.115
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	5.2 kB	10 kB	142.250.74.131
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.160.15.145
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	935 B	674 kB	142.250.74.3
apis.google.com	105	2013-05-06T22:20:21Z	2023-03-13T05:09:32Z	910 B	39 kB	142.250.74.46
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	57 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-05 07:26:49	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-02-05 07:26:49	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-02-05 07:26:49	medium	Client IP	104.21.38.221	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing	5.8 kB	2023-03-13	2023-03-13
Pretty URL drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing IP 142.250.74.142 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:25:48 Last Seen2023-03-13 17:25:48 Times Seen1 Hash 716bb024af0aaad5510f96fc80db1ec6 20eed582690131580be7788d30dcf060b484d6ef c8e1ba50608b93ce96cea4d4c166687115ccb4e10c6dba1bf62800d22ccf9701 Loading...

	drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing	1.7 kB	2023-03-13	2023-03-13
Pretty URL drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing IP 142.250.74.142 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:34:56 Last Seen2023-03-13 17:41:13 Times Seen1 Hash f79bdf4825fcd7e07c32795ea42e991a cb540a472b888f4e38747fde870cd7e71475c057 d5da6a006e6fc6ad05b6f31f7a66fee67f5cab49f4af1a15cbf1de00593ea0c2 Loading...

	www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=1/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=v,wb	1.4 MB	2023-03-13	2023-03-13
Pretty URL www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=1/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=v,wb IP 142.250.74.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:25:48 Last Seen2023-03-13 19:19:57 Times Seen1 Hash 1d7126696c3108c3d4435c5e2aed88d3 f6246b478c4d7396be7bb7d68487237dc5d76807 65961736e0b00cab864068713194f766cded5c483398ba2a634c95f426259052 Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0	113 kB	2023-03-13	2023-10-28
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0 IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:20:33 Last Seen2023-10-28 21:52:45 Times Seen3 Hash 77cc675a0c3fc8a996aedfe12b01edfa 5f95b29dd05a60095fd9b25f12c717c046a00eee 00501daa7120b25bc7e42e6c80fa4d4ecf22fd605884e124f48346ca91481283 Loading...

	apis.google.com/js/googleapis.proxy.js?onload=startup	18 kB	2023-03-13	2023-03-14
Pretty URL apis.google.com/js/googleapis.proxy.js?onload=startup IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:18:55 Last Seen2023-03-14 14:22:04 Times Seen1 Hash bbb6fbe84d48b6198af4a2095d5a1d46 bbab3e9b83f65ed7bb2a63162931d7b0e1cd6def 73b91da67b8311b8d84ebb5c38d2b806b9ad18ff7a236321a49d19cf69f5dee1 Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_1	212 kB	2023-03-13	2023-03-14
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:30:30 Last Seen2023-03-14 11:33:47 Times Seen1 Hash 49fbcfb63787247b767ee84787d2eebb b5cfd15389d65c18798caf2a47cf2993dd30c805 3623d07ae7df186f03dbc240d080a57e56a1b30cd6300bc80c2470531c80f31b Loading...

	drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing	3.1 kB	2023-03-13	2023-03-13
Pretty URL drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing IP 142.250.74.142 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:25:48 Last Seen2023-03-13 17:25:48 Times Seen1 Hash 4bbdfbe1ddaecbbba9461374c6910f4a ffe4d9caca97f92d47b3231945dcfba0f7d6a5e3 914d9a57ec4d3c6e2f331c15739058850b8715f6d03649804d8a64061365131b Loading...

	drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing	34 kB	2023-03-13	2023-03-13
Pretty URL drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing IP 142.250.74.142 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:25:48 Last Seen2023-03-13 17:25:48 Times Seen1 Hash 71fede9f4d2d672c4bc5ee724807aa97 5df3047cfc3527416832950250cd3de48b26d59d 6ee39bcb8dbbca45a301d2a3897ef222d36531ffb1113610905bdbdfdfa752a7 Loading...

	www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=0/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=syg,sys,syr,syt,T807ad,J9ssyb	15 kB	2023-03-13	2023-03-13
Pretty URL www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=0/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=syg,sys,syr,syt,T807ad,J9ssyb IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:25:48 Last Seen2023-03-13 17:25:48 Times Seen1 Hash e55541abdeaf129b3f826ac14567e283 7c8584af6157299bb777466c961ba49d60c57ffc 90af8c2173a089b14d4b639c3618f75cf513631b7a44a20e92635f9532922582 Loading...

	www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=0/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=sy4,syk,b96Luc,sye,dflQFd,HyHasc,sy5,sy8,sy7,E7aOmb,syb,syc,sy6,Yfyhhd,sy9,sya,syd,syf,syh,syi,syj,syl,syo,syp,syq,AtsVYc	755 kB	2023-03-13	2023-03-13
Pretty URL www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=0/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=sy4,syk,b96Luc,sye,dflQFd,HyHasc,sy5,sy8,sy7,E7aOmb,syb,syc,sy6,Yfyhhd,sy9,sya,syd,syf,syh,syi,syj,syl,syo,syp,syq,AtsVYc IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:25:49 Last Seen2023-03-13 17:25:49 Times Seen1 Hash cf5ede7bc557d01ad0873e6d738fa1e6 09f263aae903e25e9814059ecda7a9daf6a30a7b 237005576922101b4b19a0351b0f892f9e15c852ba8ae8fc7cf43ba6a4aeaeed Loading...

	drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing	4.6 kB	2023-03-13	2023-03-13
Pretty URL drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing IP 142.250.74.142 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:34:57 Last Seen2023-03-13 17:41:13 Times Seen1 Hash 9d34cd6c2a631078f572e9283e3a9ed4 b406e39d6d49aa76b3529dbc40934bbf9469d86a f0c077ce8d13eb1c8113fc6eb15b67462db5092d98ed5a7feb847d8c9e2077e6 Loading...

	www.gstatic.com/og/_/js/k=og.qtm.en_US.5_mdVUF1WKE.es5.O/rt=j/m=qabr,q_dnp,qapid/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTvqzArM6rjqBj9PfAKqzyX8TDz3FA	92 kB	2023-03-13	2023-03-13
Pretty URL www.gstatic.com/og/_/js/k=og.qtm.en_US.5_mdVUF1WKE.es5.O/rt=j/m=qabr,q_dnp,qapid/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTvqzArM6rjqBj9PfAKqzyX8TDz3FA IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:34:57 Last Seen2023-03-13 17:41:12 Times Seen1 Hash 79e6ce2c8ceaf5c99969b5e91c95d2cb dddcc86ea7e7b701b4c2a78eadca067736f1234d bde12aba284845f8915385e668ecc7ccf404985ff634cd113ae02aae0a8de177 Loading...

	www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=0/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=MpJwZc,UUJqVe,sym,sy1z,sy2d,s39S4,syn,sy21,pw70Gc	11 kB	2023-03-13	2023-03-13
Pretty URL www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=0/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=MpJwZc,UUJqVe,sym,sy1z,sy2d,s39S4,syn,sy21,pw70Gc IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:25:49 Last Seen2023-03-13 19:19:57 Times Seen1 Hash 8237cebb29e9f81a2b008afdd7206f5b e46ea633507927bc965a1044b8b203ef20e3a097 b8a4d8091228cbddedd705782172c71c2d0a2eec9131512ee06563c681436055 Loading...

	content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.3R2S2iMRC9o.O%2Fd%3D1%2Frs%3DAHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA%2Fm%3D__features__#parent=https%3A%2F%2Fdrive.google.com&rpctoken=921097994	71 B	2023-03-07	2023-04-05
Pretty URL content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.3R2S2iMRC9o.O%2Fd%3D1%2Frs%3DAHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA%2Fm%3D__features__#parent=https%3A%2F%2Fdrive.google.com&rpctoken=921097994 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:49 Last Seen2023-04-05 02:11:17 Times Seen65 Hash 4cb932da0f92ef918dbeb885268891be 5836540c0e59fa3af5a395f69ffe99a07b355bd0 9ccd099b5047f017c81d60433e9d3de6ccfbd5fc27addc83d472cdfc07b4c704 Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0?le=scs	71 kB	2023-03-13	2023-03-14
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0?le=scs IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:30:30 Last Seen2023-03-14 11:33:47 Times Seen1 Hash 307a069bd493a7a7d70049952c167340 d389353d16fbdb14e9ffb23dcf8c1c067e5cf88e 5de7e2babc4ee695824822d14db3d5f55283f5583216612b9a686eb1f2d9c887 Loading...

	www.gstatic.com/feedback/js/help/prod/service/lazy.min.js	97 kB	2023-03-13	2023-03-13
Pretty URL www.gstatic.com/feedback/js/help/prod/service/lazy.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:20:41 Last Seen2023-03-13 19:06:41 Times Seen1 Hash 6d07473374fcde08e102bbc920b3bdda c9ca25f126c273e8cdec90b955faa5eef4a51e8d 8d97ef1f18aa2c1493e6a754a0e84c2a542eb388c0a797e416b5492aeb22321b Loading...

HTTP Transactions (56)

URL IP Response Size

goo.su/NrYKt

104.21.38.221

301 Moved Permanently

187 B

URL HTTP/1.1
goo.su/NrYKt
IP
104.21.38.221:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
187 B (187 bytes)
Hash
a3ff447f49262fbe83ee1fea4302ee5e
2ed41905d0e02243822a695cf515f32c99b47844
f15d59be3d28bf3b10791fcfa6ea99423e1fc049f49104b68d8aad978b0d5fee

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /NrYKt HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2023 07:26:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://goo.su/NrYKt
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hlxZBpm1lB4Zni4%2BWw%2FhpajbyS2f%2BdHDZ3EadgSXl3WQFRd0jXX1ygFGE3DYC2rax9B77lLGYBhNQI0%2B44bHNqWSUscwIFtK4Ah5Y4OXmJ8BWINShNYg1%2F8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7949ea945b89b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7798
Expires: Sun, 05 Feb 2023 09:36:08 GMT
Date: Sun, 05 Feb 2023 07:26:10 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4600
Expires: Sun, 05 Feb 2023 08:42:50 GMT
Date: Sun, 05 Feb 2023 07:26:10 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 06:33:54 GMT
content-type: application/json
age: 3136
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15407
Expires: Sun, 05 Feb 2023 11:42:57 GMT
Date: Sun, 05 Feb 2023 07:26:10 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: tjImBqXibYXb5DhfvMAEs6OWq3qFuNpkqxeUok8F7grOvUTKpcLBms7mJUGtdOJjIYV4ApdWQc0=
x-amz-request-id: K74NG42HG407SS96
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 06:53:10 GMT
age: 1980
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/TOB3ExjSLG4

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/TOB3ExjSLG4
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b540fed7138ce71048e1f579e7845cd0
67bdb5c3eba603361dd56b19d0e4edb89503b05f
adb02334e6a23f2ae7c60dfe1e5c480e734ddfbaa7d1330961f878641d473401

HTTP Headers

POST /s/gts1p5/TOB3ExjSLG4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:11 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 07:26:10 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/TOB3ExjSLG4

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/TOB3ExjSLG4
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b540fed7138ce71048e1f579e7845cd0
67bdb5c3eba603361dd56b19d0e4edb89503b05f
adb02334e6a23f2ae7c60dfe1e5c480e734ddfbaa7d1330961f878641d473401

HTTP Headers

POST /s/gts1p5/TOB3ExjSLG4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:11 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 07:07:20 GMT
age: 1131
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4795
Expires: Sun, 05 Feb 2023 08:46:06 GMT
Date: Sun, 05 Feb 2023 07:26:11 GMT
Connection: keep-alive

push.services.mozilla.com/

35.160.15.145

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.160.15.145:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VMLy6IE2wYpjbSrVS/AseQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kyWZLNACFZY584zBmUYWMkVqQz0=

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/_/apps-fileview/_/ss/k=apps-fileview.v.VAAwgeEkuD8.L.F4.O/am=ACA/d=0/rs=AO0039vWYdavBoHufKT140auR0pMsvP-tg

142.250.74.3

200 OK

210 kB

URL HTTP/2
www.gstatic.com/_/apps-fileview/_/ss/k=apps-fileview.v.VAAwgeEkuD8.L.F4.O/am=ACA/d=0/rs=AO0039vWYdavBoHufKT140auR0pMsvP-tg
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
210 kB (209925 bytes)
Hash
9421a51a3a25760707e50bd63d4711d1
581e41946c4d572e2085bffef8f45cc0e280a842
9349472c94879c990db7d6a746ba5061bf73ac23dd84195d01fdc76334eb92c9

HTTP Headers

GET /_/apps-fileview/_/ss/k=apps-fileview.v.VAAwgeEkuD8.L.F4.O/am=ACA/d=0/rs=AO0039vWYdavBoHufKT140auR0pMsvP-tg HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-fileview
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-fileview"
report-to: {"group":"apps-fileview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-fileview"}]}
content-length: 209925
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 15:52:57 GMT
expires: Thu, 01 Feb 2024 15:52:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 26 Jan 2023 10:05:58 GMT
content-type: text/css; charset=UTF-8
age: 315195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=1/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=v,wb

142.250.74.3

200 OK

462 kB

URL HTTP/2
www.gstatic.com/_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=1/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=v,wb
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (593)
Size
462 kB (462202 bytes)
Hash
748ff8b8290ace47ff50486b0d07dfc7
487dea3251a8f6bf8e943ee4842e759eeb9d9488
c3592d15046f3703db679c44130bf0f403a049d0d03d40451306df2a85f30346

HTTP Headers

GET /_/apps-fileview/_/js/k=apps-fileview.v.no.xrYnTyHJaGg.O/am=ACA/d=1/rs=AO0039tMMqUDaaQ-mrrDak-XKgNbVJHDmQ/m=v,wb HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-fileview
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-fileview"
report-to: {"group":"apps-fileview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-fileview"}]}
content-length: 462202
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 15:49:28 GMT
expires: Thu, 01 Feb 2024 15:49:28 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 26 Jan 2023 12:04:32 GMT
content-type: text/javascript; charset=UTF-8
age: 315404
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

15 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://drive.google.com/
Origin: https://drive.google.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 21:48:03 GMT
expires: Fri, 02 Feb 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 207489
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png

142.250.74.131

200 OK

831 B

URL HTTP/2
ssl.gstatic.com/images/branding/product/1x/drive_2020q4_32dp.png
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
831 B (831 bytes)
Hash
916c9bcccf19525ad9d3cd1514008746
9ccce6978d2417927b5150ffaac22f907ff27b6e
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

HTTP Headers

GET /images/branding/product/1x/drive_2020q4_32dp.png HTTP/1.1
Host: ssl.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 831
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 Feb 2023 15:34:40 GMT
expires: Sun, 04 Feb 2024 15:34:40 GMT
cache-control: public, max-age=31536000
age: 57092
last-modified: Fri, 21 Aug 2020 00:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
809a7850a3128b4f377ac5af280b3e6c
811eb0840ea685aa7abdc954bd7b1ca9c3bc262d
a634b51e8c436173f4d06fe162b0e2164d12600ac8e6c0c32c0fa01c64db10a4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0

142.250.74.46

200 OK

38 kB

URL HTTP/2
apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1448)
Size
38 kB (37983 bytes)
Hash
8b7b7fbb3b03a6363147f827f1c7548c
1989538f1b6d6f4adebcc4752e2851d87dda996d
42f93e826e154983acb5940d49ea3d36dfb20b2c169867754bfb7ffb2d74e79e

HTTP Headers

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.3R2S2iMRC9o.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8-ukmJKpOYaCGRb909wNTowBRXFA/cb=gapi.loaded_0 HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
Connection: keep-alive
Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883; NID=511=K354uvuIZWwK7iVdZlxbUZayPstahYoENRjuFSOV8HZ3yvz7SXOZm4suaGnM_gTHCnrSYBVB1_q73MxG5PbnIVxY1ZG8awy46o2shuHpnfCcgxcY_8Bbd8fD6-DcvRvlBmKFCB2LnMYuZZkAxlFhkSOW4THTLUJvHth0gXBlZIk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 37983
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 04:05:42 GMT
expires: Fri, 02 Feb 2024 04:05:42 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 07 Jan 2023 15:18:57 GMT
content-type: text/javascript; charset=UTF-8
age: 271230
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

142.250.74.35

200 OK

28 kB

URL HTTP/2
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 28288, version 1.0\012- data
Size
28 kB (28288 bytes)
Hash
53b5e785dfdca21fa7adf7119fa1f8cc
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

HTTP Headers

GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://drive.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 14:34:21 GMT
expires: Fri, 02 Feb 2024 14:34:21 GMT
cache-control: public, max-age=31536000
age: 233512
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18547
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 07:26:13 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18547
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 07:26:13 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18547
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 07:26:13 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18547
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 07:26:13 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18547
Expires: Sun, 05 Feb 2023 12:35:20 GMT
Date: Sun, 05 Feb 2023 07:26:13 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6202 bytes)
Hash
251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 13:05:46 GMT
age: 66027
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

play.google.com/log?format=json&hasfast=true

216.58.207.238

200 OK

131 B

URL HTTP/2
play.google.com/log?format=json&hasfast=true
IP
216.58.207.238:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
babb6f090aeebc6f421624475b4aefff
06079b7547949822c118224e51604f4c5ebf80c8
b2fe8b91f31edc7284cc9690e90dd4a38d985598374df68967d917590beb55dd

HTTP Headers

POST /log?format=json&hasfast=true HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 633
Origin: https://drive.google.com
Connection: keep-alive
Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883; _ga=GA1.3.374087793.1654401397; NID=511=K354uvuIZWwK7iVdZlxbUZayPstahYoENRjuFSOV8HZ3yvz7SXOZm4suaGnM_gTHCnrSYBVB1_q73MxG5PbnIVxY1ZG8awy46o2shuHpnfCcgxcY_8Bbd8fD6-DcvRvlBmKFCB2LnMYuZZkAxlFhkSOW4THTLUJvHth0gXBlZIk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Sun, 05 Feb 2023 07:26:13 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7288 bytes)
Hash
b1092c4dd4d9ca4d09462ae46e1dd7c1
17444ff60be1afbc40d3653fa936f9eaf9478068
ea8362c7249080b34288ee675f70333607fc3be37e716fdcf63e4901849def9f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7288
x-amzn-requestid: 1aa297f5-2f9a-45be-b823-1eb4d5887769
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WrwH-iIAMFyhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded17e-2b630b4a302b8ae118883b71;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:43:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z2oKgp1keqEkvN6jjsUepMbrxD4JCXKAOHrMNJHcuXN0CpulUh5GLA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:39 GMT
etag: "17444ff60be1afbc40d3653fa936f9eaf9478068"
content-type: image/jpeg
age: 34954
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

play.google.com/log?format=json&hasfast=true

216.58.207.238

200 OK

131 B

URL HTTP/2
play.google.com/log?format=json&hasfast=true
IP
216.58.207.238:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
babb6f090aeebc6f421624475b4aefff
06079b7547949822c118224e51604f4c5ebf80c8
b2fe8b91f31edc7284cc9690e90dd4a38d985598374df68967d917590beb55dd

HTTP Headers

POST /log?format=json&hasfast=true HTTP/1.1
Host: play.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 2305
Origin: https://drive.google.com
Connection: keep-alive
Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883; _ga=GA1.3.374087793.1654401397; NID=511=K354uvuIZWwK7iVdZlxbUZayPstahYoENRjuFSOV8HZ3yvz7SXOZm4suaGnM_gTHCnrSYBVB1_q73MxG5PbnIVxY1ZG8awy46o2shuHpnfCcgxcY_8Bbd8fD6-DcvRvlBmKFCB2LnMYuZZkAxlFhkSOW4THTLUJvHth0gXBlZIk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://drive.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Sun, 05 Feb 2023 07:26:13 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11056 bytes)
Hash
3e0c38abfcd86f8074d4182d49fc354f
1367bebb73fa652695242100b26c394f1bfe4457
e42d110060133ac05e6cdfafa6473c55473220fdc7eaf03e3a89f58aa3603670

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11056
x-amzn-requestid: 4acc3364-4a33-4934-bdcb-41284d952113
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPFrwEW4IAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8317-33872f461a2faab552322837;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:04:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XhPm-ZDoEjlgeiXUwMRQZ5pOMs4qJzXagWZg302DcrYpUm5X7O8ZZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:46:47 GMT
age: 34766
etag: "1367bebb73fa652695242100b26c394f1bfe4457"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10905 bytes)
Hash
1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jIvBQjGh9JzWQM0YpEYiqP5CcBrkwqLVjAYhMWJ1P1H0MRkm7kpnpg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:12:06 GMT
age: 33247
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (5014 bytes)
Hash
5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 14:53:45 GMT
age: 59548
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3474 bytes)
Hash
d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:10:58 GMT
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
age: 33315
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
18e91fdb704902eff76068ca8fc0e9f7
5737dc79a38469c950be517e04e589972a10a93d
5d764e6bbe991be9307998f0a633c556b681ebbca5b90a45e0802ed92784a9a8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
18e91fdb704902eff76068ca8fc0e9f7
5737dc79a38469c950be517e04e589972a10a93d
5d764e6bbe991be9307998f0a633c556b681ebbca5b90a45e0802ed92784a9a8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

blobcomments-pa.clients6.google.com/v1/metadata?docId=1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre&revisionId=0B1ZF4npPdp5KVEhIOXFBOW93WEVwcXpiRkhLdEpjZFJZU2Y4PQ&userLocale=no&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797

142.250.74.106

200 OK

0 B

URL HTTP/2
blobcomments-pa.clients6.google.com/v1/metadata?docId=1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre&revisionId=0B1ZF4npPdp5KVEhIOXFBOW93WEVwcXpiRkhLdEpjZFJZU2Y4PQ&userLocale=no&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /v1/metadata?docId=1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre&revisionId=0B1ZF4npPdp5KVEhIOXFBOW93WEVwcXpiRkhLdEpjZFJZU2Y4PQ&userLocale=no&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/1.1
Host: blobcomments-pa.clients6.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
Referer: https://drive.google.com/
Origin: https://drive.google.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
access-control-allow-origin: https://drive.google.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: x-clientdetails,x-goog-authuser,x-goog-encode-response-if-executable,x-javascript-user-agent,x-requested-with
access-control-max-age: 3600
date: Sun, 05 Feb 2023 07:26:14 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
18e91fdb704902eff76068ca8fc0e9f7
5737dc79a38469c950be517e04e589972a10a93d
5d764e6bbe991be9307998f0a633c556b681ebbca5b90a45e0802ed92784a9a8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4b89c5c00cc87658461f2b7f7b4286d7
4ebc7969c342e80d97cbc96c397f9f90789d6124
93ced48af967cdfd78f47bb15ee0ac4c4600754a9cfc984dd268b9a7d1ac2451

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lh3.googleusercontent.com/a-/AD5-WCnYsyjx445XtKvflXMPDZDj_lbPa2CCFeJhV4t7Dw=s64

142.250.74.97

200 OK

8.0 kB

URL HTTP/2
lh3.googleusercontent.com/a-/AD5-WCnYsyjx445XtKvflXMPDZDj_lbPa2CCFeJhV4t7Dw=s64
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
8.0 kB (7952 bytes)
Hash
3da7a949fff99a4e0bb0c05566a85074
0c3aadb836ed18d61f3de5ca6ff4f5dcd66244b1
8a385c39d6f204ddf2695736fb306b530a4f16a31b95c9e6d03d77b9443ca660

HTTP Headers

GET /a-/AD5-WCnYsyjx445XtKvflXMPDZDj_lbPa2CCFeJhV4t7Dw=s64 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 7952
x-xss-protection: 0
date: Sun, 05 Feb 2023 07:26:14 GMT
expires: Fri, 03 Feb 2023 16:20:49 GMT
cache-control: public, max-age=86400, no-transform
etag: "vba"
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.106

200 OK

558 B

URL HTTP/2
blobcomments-pa.clients6.google.com/v1/metadata?docId=1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre&revisionId=0B1ZF4npPdp5KVEhIOXFBOW93WEVwcXpiRkhLdEpjZFJZU2Y4PQ&userLocale=no&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1285)
Size
558 B (558 bytes)
Hash
0de41ac47b5816fecb8bc24e739ec4f9
8567bf858d854778a800d92f210a0d6b4a699d9e
aa65a9e4a0b41fc1cdab90874651d3b0d0b1751c6f973e4fa9495ca7e77b8e1f

HTTP Headers

GET /v1/metadata?docId=1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre&revisionId=0B1ZF4npPdp5KVEhIOXFBOW93WEVwcXpiRkhLdEpjZFJZU2Y4PQ&userLocale=no&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc797 HTTP/1.1
Host: blobcomments-pa.clients6.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
X-Goog-AuthUser: 0
X-JavaScript-User-Agent: google-api-javascript-client/1.1.0
X-Requested-With: XMLHttpRequest
X-Goog-Encode-Response-If-Executable: base64
X-ClientDetails: appVersion=5.0%20(X11)&platform=Linux%20x86_64&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0
Origin: https://drive.google.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=UTF-8
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 05 Feb 2023 07:26:14 GMT
server: ESF
cache-control: private
content-length: 558
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://drive.google.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4b89c5c00cc87658461f2b7f7b4286d7
4ebc7969c342e80d97cbc96c397f9f90789d6124
93ced48af967cdfd78f47bb15ee0ac4c4600754a9cfc984dd268b9a7d1ac2451

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 07:26:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

216.58.211.10

200 OK

0 B

URL HTTP/2
peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags
IP
216.58.211.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/1.1
Host: peoplestackwebexperiments-pa.clients6.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://drive.google.com/
Origin: https://drive.google.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
access-control-allow-origin: https://drive.google.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sun, 05 Feb 2023 07:26:16 GMT
content-type: text/html
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

216.58.211.10

401 Unauthorized

274 B

URL HTTP/2
peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags
IP
216.58.211.10:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (421), with no line terminators
Size
274 B (274 bytes)
Hash
0df0b101f6d78f9ea7d789c95ed65f86
81130f5cc78613668eebad6027fedd4518803d2e
0656c7105bdf581b7f5618479912af6e1b385f5be426453cb52a889b03bcb483

HTTP Headers

POST /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/1.1
Host: peoplestackwebexperiments-pa.clients6.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
X-Goog-Api-Key: AIzaSyABqJ85_R2irnKzMtGBL0iHuyFBi6Efk1w
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 39
Origin: https://drive.google.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 401 Unauthorized
www-authenticate: Bearer realm="https://accounts.google.com/"
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin, X-Origin, Referer
content-type: application/json+protobuf; charset=UTF-8
content-encoding: gzip
date: Sun, 05 Feb 2023 07:26:16 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 274
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://drive.google.com
access-control-allow-credentials: true
access-control-expose-headers: www-authenticate,vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

216.58.211.10

200 OK

43 B

URL HTTP/2
peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags
IP
216.58.211.10:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
43 B (43 bytes)
Hash
31ae8cca9644f1b9e4474797b47df066
506a325769be64a214386cfd32fc1a0a1eb31550
add7ee764e1c0872e6da863f7a7c6036f9ba28e9beb8838b8d203aabd6963452

HTTP Headers

OPTIONS /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/1.1
Host: peoplestackwebexperiments-pa.clients6.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://drive.google.com/
Origin: https://drive.google.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
access-control-allow-origin: https://drive.google.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sun, 05 Feb 2023 07:26:16 GMT
content-type: text/html
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags

216.58.211.10

401 Unauthorized

273 B

URL HTTP/2
peoplestackwebexperiments-pa.clients6.google.com/$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags
IP
216.58.211.10:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (421), with no line terminators
Size
273 B (273 bytes)
Hash
fa5770427dd81581d3262bba95c9ed48
c68a1c6dc3d959333ae46636ede8ad9672423952
615d3e4953d92283527cba7c635437cec489dfa7f6cc8299b04316656f358456

HTTP Headers

POST /$rpc/peoplestackwebexperiments.PeopleStackExperimentsService/GetExperimentFlags HTTP/1.1
Host: peoplestackwebexperiments-pa.clients6.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
X-Goog-Api-Key: AIzaSyABqJ85_R2irnKzMtGBL0iHuyFBi6Efk1w
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 39
Origin: https://drive.google.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 401 Unauthorized
www-authenticate: Bearer realm="https://accounts.google.com/"
strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin, X-Origin, Referer
content-type: application/json+protobuf; charset=UTF-8
content-encoding: gzip
date: Sun, 05 Feb 2023 07:26:16 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 273
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://drive.google.com
access-control-allow-credentials: true
access-control-expose-headers: www-authenticate,vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5801 bytes)
Hash
c1f3df5bbad5048923e29c0767d703d3
48c408d37a7bd7f96653174359178eed46ddf298
c8bae041c3d64334964b2aa771a07bc2709ced4c497e1795f864d9416fed728f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 5801
x-amzn-requestid: 441284a8-923a-4b22-b39f-95dec713c292
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fjj9jHu_IAMFZ-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d7b389-788174a773fcd695540cc95e;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 12:09:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DgvqiQwdytO2caPNzg2OhGcv8ly9N_YeQTzpuf6iwAVt8AQZEXRLqw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:52 GMT
age: 34948
etag: "48c408d37a7bd7f96653174359178eed46ddf298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

goo.su/NrYKt

104.21.38.221

301 Moved Permanently

0 B

URL HTTP/2
goo.su/NrYKt
IP
104.21.38.221:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /NrYKt HTTP/1.1
Host: goo.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
date: Sun, 05 Feb 2023 07:26:11 GMT
content-type: text/html; charset=UTF-8
location: https://drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing
x-powered-by: PHP/8.0.15
set-cookie: XSRF-TOKEN=eyJpdiI6Ik9tM2d0djRYZy92TnJ4aHZXQ1JrMUE9PSIsInZhbHVlIjoiL1F3OS9ySGw2dTlIM1dEajhvdGkrMi9NYm8wdHRDSDlkK2ZsanJtdkgydHg4ait4dDRvUGdkcVRQdXlrVFpHdWd0cW9rcCtBWlVsUFdPOUErNE52djVrOFJKeFBGM0VLOWNuVUhxVnZvbXQyVldjdmpKMC9BSGtjVGRGbW9UaUoiLCJtYWMiOiI2NDAzOWVlNTljMTM5MmMyOTFkNWU2OTAyZTI1ZTliMDRmOTM4OTNlZmI2NDg4OTg5N2RhZTQ0MWRlMGY4YTcxIiwidGFnIjoiIn0%3D; expires=Mon, 06-Feb-2023 02:06:11 GMT; Max-Age=67200; path=/; samesite=lax
goosu_session=eyJpdiI6InkvcGhmaFlQWmM2NC9ZTVFQQ3drWHc9PSIsInZhbHVlIjoieDM1UVI0SnVGUk9ISFFBTkx6UGZTcFQ1bXdpZ3hOMEt3ZGxSNEhvekZaRDVvWjFWRHI0RHRKN3FvM2xwOE8wSGZ1RHRTNDVnL3lxSmhGNGxFT3dkeU9uSVFWR2FrajEvNENXRVJtQUtmR1NnNkVUSUJBNkNtdTFEYWhIR3NVVzQiLCJtYWMiOiJlMTc2MzU1NzMwMDM2ZmIwN2MwYzhmMGUwYWFiMzgyNDBjNDU1YjAyYmNjNzg5NTFhMDRhZjk4MTViNTBhZWM2IiwidGFnIjoiIn0%3D; expires=Mon, 06-Feb-2023 02:06:11 GMT; Max-Age=67200; path=/; httponly; samesite=lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CjxjCCszTMP1MBz8NiDrBB6WRyf1ZK82M9%2FYLzvFD27F0abtLnQ9ILqT0gRESn2j8IRTMJoUyZh%2BOrT8a0iZlj6%2BfM2VZoHCg64n76ihveV7fbK06QVfU4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7949ea96ef210b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing

142.250.74.142

200 OK

0 B

URL HTTP/2
drive.google.com/file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /file/d/1ID712y6AxTdFlJ4Iw33fxk9WegGSWRre/view?usp=sharing HTTP/1.1
Host: drive.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-robots-tag: noindex, nofollow, nosnippet
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Feb 2023 07:26:12 GMT
content-encoding: gzip
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: script-src 'report-sample' 'nonce-kAjW8xFxO1yt8zrgBh1z5A' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/viewer/
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: GSE
set-cookie: NID=511=K354uvuIZWwK7iVdZlxbUZayPstahYoENRjuFSOV8HZ3yvz7SXOZm4suaGnM_gTHCnrSYBVB1_q73MxG5PbnIVxY1ZG8awy46o2shuHpnfCcgxcY_8Bbd8fD6-DcvRvlBmKFCB2LnMYuZZkAxlFhkSOW4THTLUJvHth0gXBlZIk; expires=Mon, 07-Aug-2023 07:26:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Google+Sans:300,400,500,700

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Google+Sans:300,400,500,700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Google+Sans:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://drive.google.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 07:26:12 GMT
date: Sun, 05 Feb 2023 07:26:12 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1.cj7.workers.dev/12:/2.21.22.KissToonAnime/KissToonWise.com%20-%20Winx%20Club%202004%20Season%203%20Complete%20TVRip%20x264%20[i_c].zip

104.21.235.144

200 OK

0 B

URL HTTP/1.1
1.cj7.workers.dev/12:/2.21.22.KissToonAnime/KissToonWise.com%20-%20Winx%20Club%202004%20Season%203%20Complete%20TVRip%20x264%20[i_c].zip
IP
104.21.235.144:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /12:/2.21.22.KissToonAnime/KissToonWise.com%20-%20Winx%20Club%202004%20Season%203%20Complete%20TVRip%20x264%20[i_c].zip HTTP/1.1
Host: 1.cj7.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 07:26:13 GMT
Content-Type: application/zip
Content-Length: 5240458696
Connection: keep-alive
CF-Ray: 7949ea9ae82e88b9-LHR
Cache-Control: private, max-age=0, must-revalidate
Content-Disposition: attachment
Expires: Sun, 05 Feb 2023 07:26:12 GMT
Vary: Origin, X-Origin, Accept-Encoding
CF-Cache-Status: DYNAMIC
alt-svc: h2=":443"; ma=60
x-goog-hash: crc32c=eTSe4A==
x-guploader-uploadid: ADPycdsQVYG8wP8i1XTcrnrggRn_GvKcWdmjkwmUHa-vNDmDOR4SyKTVSHIzsB0POLvCcLNwHRQEX7-nOKVqjIVoEkDjzz_bdV3b
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xrC65uctTkgktsZgm4F7SifEdmNIU2ote108xNZoRxdtiAlnV3PduB0H0xBCwDNROefD1RPGtYWYXxtoK3ttx8ll8RVYhfwQrqkwCi%2BAAidFuXnWKs0YomL2h5XQdHFuvmGKw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML