ier.ai/2WRX6ty
172.67.189.117301 Moved Permanently 0 B IP 172.67.189.117:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2WRX6ty HTTP/1.1
Host: ier.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Sep 2022 19:48:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 04 Sep 2022 20:48:03 GMT
Location: https://ier.ai/2WRX6ty
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2RY7vAmDzS%2FfReIBGvVOdbtZXPnIEQcfizkebBbmZHeaeEN46YnU2eNhqaq5Bam8HMGbzwsuniWX4hiLuoqvyQ3PoZVg%2Fc9AAyl5nAKH9hTU1j3mZ%2BHmvE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74593d921fa5b4ee-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 04 Sep 2022 19:44:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QbzknnAGxaghfQAyKhdc4ZlzfFSmwcqu4JMWOl2Kg3WEj1mAWqjovQ==
Age: 224
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2965
Expires: Sun, 04 Sep 2022 20:37:28 GMT
Date: Sun, 04 Sep 2022 19:48:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yL_akKMaA9Uvj0GW5eUg0VINqdbPl50pgBGJgej-C2NC_oyEW3Vzbw==
age: 66766
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 04 Sep 2022 19:38:16 GMT
Expires: Sun, 04 Sep 2022 20:06:12 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bWMxbY5d3JLwIeWkyxG_SYTglqV3qGfc6QQNqc6tLYX2LslKzkq2lA==
Age: 588
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 77d035f38a45e8a1ec30d5fe9611880b
01cf34de95257da64dac90edf5a86203f1160271
7dc687d6bb1679ba5567e58b4f8c1e78766e7ee36273ba7f62068c595d57f7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3722
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:48:04 GMT
Last-Modified: Sun, 04 Sep 2022 18:46:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.160.250.221101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.250.221:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: k9nm3To6NXci3SH1TXsxRw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ye4oeF5NI7kNAvfYSYcSceqvmmw=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cc6ea3e01d1d6b8c4b28ff64d3b795a7
017457c6f5a63157102485a956c667aad36d33ef
e6fe903f67363d3e92b929e274f0de7c2f6a15b6df1806198199440ed0fe221e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:48:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1278db78948279716d72ac203ad8fb0d
1746b9863b781ed9a0c26a126b9b80d36c903974
8d9e31a35490bc2ebef4c4c2152c89b62491c0cdfc31ec0594bc21fd2e9f43f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:48:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47257790d3d86398af971857a2fb98f5
16bf02f4d77305b05a310399cdf6ec8a235e25ae
225adc2934109ea1412f87607c75b124d2a376524e3f7bc701f243f006af2d08
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "225ADC2934109EA1412F87607C75B124D2A376524E3F7BC701F243F006AF2D08"
Last-Modified: Fri, 02 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4600
Expires: Sun, 04 Sep 2022 21:04:44 GMT
Date: Sun, 04 Sep 2022 19:48:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 666e70387901aa9d3fcdfea33555ecbd
c7252a608ea665cba06c1544649a86556f5b2853
7c3172d02fe38f1e635e6cf8b87f505f362c3f880a8759c0f7199c6c0790469f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C3172D02FE38F1E635E6CF8B87F505F362C3F880A8759C0F7199C6C0790469F"
Last-Modified: Sat, 03 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2339
Expires: Sun, 04 Sep 2022 20:27:03 GMT
Date: Sun, 04 Sep 2022 19:48:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0d6fdc8a8b1a7e76800258dfd2c57815
10990a232d75148f51a56193a6f6cd8422c0beb9
616305c23d1eb9aaca9e2c76665745be94ed4e68cf0456e8cd290b62c4255965
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "616305C23D1EB9AACA9E2C76665745BE94ED4E68CF0456E8CD290B62C4255965"
Last-Modified: Sat, 03 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1281
Expires: Sun, 04 Sep 2022 20:09:25 GMT
Date: Sun, 04 Sep 2022 19:48:04 GMT
Connection: keep-alive
www.google.com/recaptcha/api.js
142.250.74.164200 OK 553 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 528455474b03fa8ad71a558347e43fe1
597b34487415fa60028f80afd7ab2cf27383ace5
af9ee6f9ce7bd44e5dbbfcab2a528e062f9dec4640a98a396170d46c494dafb5
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 04 Sep 2022 19:48:04 GMT
date: Sun, 04 Sep 2022 19:48:04 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ier.ai/2WRX6ty
104.21.41.57200 OK 144 kB IP 104.21.41.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63085), with CRLF, LF line terminators
Size 144 kB (143946 bytes)
Hash 441372bc02c58011603b6073452ec3dc
63f9a0d775d0368f5e3dd8ce029d6ee40f94bb28
e8bb955bddf320f6cdc381682dcd61f565cc2b64e0d064a5e09cc37158218a4d
GET /2WRX6ty HTTP/1.1
Host: ier.ai
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 04 Sep 2022 19:48:04 GMT
content-type: text/html; charset=UTF-8
set-cookie: AppSession=ee82a29660fd285343d5feb1ea4e3ed5; path=/; HttpOnly; secure
ref2WRX6ty=NTZjNTIxYmU2NDllMmViZWJlNjYyMjk2N2IwZDY5N2E2NzA5NTUxMmViZmI0ODJkZGM5YWFiYjQ2MDdjZTQzMXvSu8jm5mI7U7IFV%2FYZb%2B2I5pj5V1DNLAOnvY%2Bid6u%2F; expires=Sun, 04-Sep-2022 19:53:02 GMT; Max-Age=300; path=/; HttpOnly; secure
csrfToken=50664687c72c9a0b1598a6d8da785e64b7e6a7fc7a341b7c2e6dc1a4c5123453214df8cdaeb4062d6e778eb7c30d0fbae5c0c0afe1f1dd471419752360590c4a; path=/; HttpOnly; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pCJGp94PggczaFAbG62HD9Jo%2Fql7brBc5Jf6HUC5Ch4sHtKsw7IgplnpcsPj666Bs0wMzM5IZH8L0o0t2Uij%2Fgy9NPMHqVZDDOq6anIHbQNOrpU0o2i9Rw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74593d93dc24b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
trustbummler.com/tSXyF1oQpqC/14504
23.109.87.184200 OK 25 B URL HTTP/1.1 trustbummler.com/tSXyF1oQpqC/14504
IP 23.109.87.184:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
Analyzer Verdict Alert quad9 Sinkholed
GET /tSXyF1oQpqC/14504 HTTP/1.1
Host: trustbummler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2022 19:48:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ier.ai
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Mon, 05-Sep-2022 19:48:04 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Mon, 05-Sep-2022 19:48:04 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
upgulpinon.com/1?z=5324394
139.45.197.242200 OK 4.0 kB URL HTTP/2 upgulpinon.com/1?z=5324394
IP 139.45.197.242:0
Hash 732ab9ac0fa171565b9b157911149911
b2e41c520929758fb38f87ed2f0290d3835bfa63
59eb4124121f311153374c8ee9b3671ae8dc29fe52aabec7afaf57b2241b7572
Analyzer Verdict Alert fortinet Malware
GET /1?z=5324394 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:04 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 457fa867f8eb997fb11a939bce1d2a3e
access-control-expose-headers: X-Sc
x-sc: RNmo9U_t5xIYmwGg3l3X-JcMLcl7T0kOz0C_u8aeEcN24d0Ud74wcI9sjiItuIwq8y0Tj50HqvKY8vj8MbviLMKkYYw=
set-cookie: scm=1; expires=Mon, 04 Sep 2023 19:48:04 GMT; secure; SameSite=None
OAID=c33f116f305c4b9e8528bd760cc51142; expires=Mon, 04 Sep 2023 19:48:04 GMT; secure; SameSite=None
oaidts=1662320884; expires=Mon, 04 Sep 2023 19:48:04 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 194d72d26ddeaa8a8a266839eb707300
86427a0db92a3b4bd2690ad361109559c7212992
ab77f42ccfa0c649217777139f0d14a6742039596ee37a045c5fe96e7ca32338
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:48:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 86175f387b509e6ca6a3ff8556281e24
c0c0dfa1aaf19def080126b7af80e85cbe6d6a9e
75e2c4e2498af0a856ea82ccdb5f4e6f23afc45ffdb18a2141dbeea7b892d87e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
142.250.74.131200 OK 584 B URL HTTP/2 www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
IP 142.250.74.131:0
File type ASCII text, with very long lines (921), with no line terminators
Hash 07e9beb2b26c91b000671bb9a28c4010
d849c3f03345cf22dec1bdaf601aa0372be98eda
cf19284220294fba13b459cedcbd45382a2818617c5f8c6e00cb9dba2034f180
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 04 Sep 2022 19:48:05 GMT
date: Sun, 04 Sep 2022 19:48:05 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js
142.250.74.163200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js
IP 142.250.74.163:0
File type HTML document, ASCII text, with very long lines (579)
Size 158 kB (158056 bytes)
Hash d63a69f898e1d00cfc7c871744ded8c4
e166540eccb571c95c8c1135c2168cf5df306991
ed7892ca1498d6dfc0ff8b354ab8c409eed81b1fa77b427467815d0c7f45021c
GET /recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ier.ai
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 21:31:14 GMT
expires: Sat, 02 Sep 2023 21:31:14 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
content-type: text/javascript
age: 166611
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a08d7f46f2cea67b831f5eab0527ce37
a3ee67da4682b0d79b30c95470853fc7292910d1
059713d90da012594837c1b36835aa1f0903ba93485efbbc96db173f166881e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "059713D90DA012594837C1B36835AA1F0903BA93485EFBBC96DB173F166881E5"
Last-Modified: Fri, 02 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12434
Expires: Sun, 04 Sep 2022 23:15:19 GMT
Date: Sun, 04 Sep 2022 19:48:05 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
upgulpinon.com/42/38?z=5324394
139.45.197.242200 OK 51 kB URL HTTP/2 upgulpinon.com/42/38?z=5324394
IP 139.45.197.242:0
Hash 866aa3cdb96ec9dffb7234021dc29bf6
c3d91d6774d88e1254aa235f6c5e4db12d78f7e2
b08fa6de2489437149eeb2377e8d35b3fc1f1cd0234b4a1e9e3e35e71310525a
GET /42/38?z=5324394 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Cookie: scm=1; OAID=c33f116f305c4b9e8528bd760cc51142; oaidts=1662320884
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:04 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 4818ef7cf58df14726b0bc07998fcec9
access-control-expose-headers: X-Sc
set-cookie: OAID=c33f116f305c4b9e8528bd760cc51142; expires=Mon, 04 Sep 2023 19:48:04 GMT; secure; SameSite=None
oaidts=1662320884; expires=Mon, 04 Sep 2023 19:48:04 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 86175f387b509e6ca6a3ff8556281e24
c0c0dfa1aaf19def080126b7af80e85cbe6d6a9e
75e2c4e2498af0a856ea82ccdb5f4e6f23afc45ffdb18a2141dbeea7b892d87e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 7dad27bc3c085ccd2f7b51d4350d9fd7
c0f84b565f68bec24ad547383a485fe69e44c277
af5c500a7fff645e0b9dfa22e5bdc967e6adb55173f13e5f536c3a5e8202fa2c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 19:48:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Sep 2022 03:02:16 GMT
Expires: Fri, 09 Sep 2022 03:02:15 GMT
Etag: "c0f84b565f68bec24ad547383a485fe69e44c277"
Cache-Control: max-age=371049,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74593d9bb9a1b518-OSL
iclickcdn.com/tag.min.js
104.26.13.118200 OK 91 kB IP 104.26.13.118:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 823c0e31da71fac49dd124915c26794c
ada62d14b4709fa863a6e574a0c14a5d4c1f240e
7302252cf4e22f000241de5de29f6788fdab00571662925900d5b4de216c5843
GET /tag.min.js HTTP/1.1
Host: iclickcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 19:48:04 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 0cc54e4ef8f7178af4403c43db249fc5
cache-control: max-age=86400
last-modified: Thu, 01 Sep 2022 10:02:12 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Mon, 05 Sep 2022 00:04:14 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 71029
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GIb1wTQcEYUm6rRNlX3%2BeZ6h%2B8T52ZaByAz8rLr92IgH4r%2B02RxDvkfc2Hkd%2FIpD0zcZYw76JXStCnSMtVV%2FM1w09pzKJJH%2Bg6%2BXx3l5j1hjh40fBgF7DDRmaOBpvz0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74593d9a895d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 34c3dbc602590a3a0b681bac5b92dad5
82a4c8b0497ffa45e9d1579f792df9f43a7cd3c2
5cc3afc1b318a01013aa280998c723a805eb4aadcc80c8e47ea22c4ba5ca3198
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CC3AFC1B318A01013AA280998C723A805EB4AADCC80C8E47EA22C4BA5CA3198"
Last-Modified: Sat, 03 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18905
Expires: Mon, 05 Sep 2022 01:03:10 GMT
Date: Sun, 04 Sep 2022 19:48:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47bed69503454bcde8b7510761cf0756
bf47d5476a5c36113b3e866dd4d020578e214eb1
9336dab04b636aafe2fa4d66742d74bd6d09f811e7113237dd010f0816444ae6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9336DAB04B636AAFE2FA4D66742D74BD6D09F811E7113237DD010F0816444AE6"
Last-Modified: Fri, 02 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4577
Expires: Sun, 04 Sep 2022 21:04:22 GMT
Date: Sun, 04 Sep 2022 19:48:05 GMT
Connection: keep-alive
upgulpinon.com/27/8ccc88619026835a3c9fe26852e41eb0
139.45.197.242200 OK 131 kB URL HTTP/2 upgulpinon.com/27/8ccc88619026835a3c9fe26852e41eb0
IP 139.45.197.242:0
Size 131 kB (131226 bytes)
Hash 6667d8f22c299d61e43a2433805b79d3
91856d0d424a17897d02e3aeda49657236b12787
ffca15546d96522d0aaef3c9162c748c8f5f2fa2d36c2d7a340821da2afdaf09
Analyzer Verdict Alert fortinet Malware
GET /27/8ccc88619026835a3c9fe26852e41eb0 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Cookie: scm=1; OAID=c33f116f305c4b9e8528bd760cc51142; oaidts=1662320884
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:04 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 01 Sep 2022 07:56:33 GMT
expires: Thu, 01 Oct 2082 07:56:33 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d7e6d6f714c30fc35359c05ddbf72bb
9d168e385447f25ed566aca84b3245d30498b221
d179621c3fd23e710cad80f5bf4af30b72361a737e98d441756fb52c0999153f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D179621C3FD23E710CAD80F5BF4AF30B72361A737E98D441756FB52C0999153F"
Last-Modified: Sat, 03 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14270
Expires: Sun, 04 Sep 2022 23:45:55 GMT
Date: Sun, 04 Sep 2022 19:48:05 GMT
Connection: keep-alive
punoocke.com/401/5292343
139.45.197.236200 OK 46 kB IP 139.45.197.236:0
Hash a5c0714e229f3831472148c9c014b581
af12c875d765d009e4c185030f3965c90199483a
43d943a5d4b6814b65aec2acc0432498bb145f8d89cf1016e1e44dca4f82b2bb
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5292343 HTTP/1.1
Host: punoocke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
content-type: application/javascript
x-trace-id: a635a7ed29d0144adb0ae85ac19cef02
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fc87cf9b7cee46929daa3d35802882e6; expires=Mon, 04 Sep 2023 19:48:05 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
belickitungchan.com/400/5292343
139.45.197.239200 OK 52 kB URL HTTP/2 belickitungchan.com/400/5292343
IP 139.45.197.239:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 75867228cceb5e6003fd358613eef3d0
c8f9a63b94f9b0cc586f967ad6be9b199c6f5f7c
18ac2e79304f3cc63ee56c0bc1b9d6df8a9f7a57c449bb131a25b92eeefe9eff
GET /400/5292343 HTTP/1.1
Host: belickitungchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
content-type: application/javascript
x-trace-id: a5f20c2776eeda05f09f99feb53793fd
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d1bd1523e22a4cf687b1d4a235104a67; expires=Mon, 04 Sep 2023 19:48:05 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 41ea586f0e66dcd46f50ab3938543b12
d7a3d6a40066652fc85cdaab9e613246b6af4aab
60b133ec87e89ec28689b760f6ce265eee0e935dca93f42543885a05f8b19a79
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 19:48:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 18:25:21 GMT
Expires: Thu, 08 Sep 2022 18:25:20 GMT
Etag: "d7a3d6a40066652fc85cdaab9e613246b6af4aab"
Cache-Control: max-age=340034,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74593d9dac73b518-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 998b0b535de9d949f3bc1deb5aefc213
d1ff02e1fb5e65bf2dd4dc078154faba724baa34
4b43790b14778ac802a92a8942bc6b0bd07ea099990b901dc12479a9244a2388
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ier.ai
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ier.ai
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=6198e863a970496bbcdb9d02de0570dd; expires=Mon, 04 Sep 2023 19:48:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5324394&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=6198e863a970496bbcdb9d02de0570dd
139.45.197.242204 No Content 0 B URL HTTP/2 upgulpinon.com/9?z=5324394&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=6198e863a970496bbcdb9d02de0570dd
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /9?z=5324394&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=6198e863a970496bbcdb9d02de0570dd HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ier.ai/
Origin: https://ier.ai
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://ier.ai
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e950bc202cc8f17d4818bbd6c6fb0027
6245446fbd737bec75fb98f9c540bf69d53614a8
d1b1339d7c04a2e0910c9046e4a47175dfb44062685a1ffb294467d21ac7618d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1B1339D7C04A2E0910C9046E4A47175DFB44062685A1FFB294467D21AC7618D"
Last-Modified: Fri, 02 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4740
Expires: Sun, 04 Sep 2022 21:07:05 GMT
Date: Sun, 04 Sep 2022 19:48:05 GMT
Connection: keep-alive
upgulpinon.com/11?rnd=3567860383&z=5324394&b=14589406&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R&ruid=84a30685-82dc-4b2a-8684-0048c5cf7dfc&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=81
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/11?rnd=3567860383&z=5324394&b=14589406&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R&ruid=84a30685-82dc-4b2a-8684-0048c5cf7dfc&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=81
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=3567860383&z=5324394&b=14589406&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R&ruid=84a30685-82dc-4b2a-8684-0048c5cf7dfc&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=81 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ier.ai
Connection: keep-alive
Referer: https://ier.ai/
Cookie: scm=1; OAID=6198e863a970496bbcdb9d02de0570dd; oaidts=1662320884
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://ier.ai
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 0120430afb9db2eadbd46a0626857763
access-control-expose-headers: X-Sc
set-cookie: OAID=6198e863a970496bbcdb9d02de0570dd; expires=Mon, 04 Sep 2023 19:48:05 GMT; secure; SameSite=None
oaidts=1662320884; expires=Mon, 04 Sep 2023 19:48:05 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
forfrogadiertor.com/500/3487732?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 forfrogadiertor.com/500/3487732?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/3487732?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: forfrogadiertor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ier.ai/
Origin: https://ier.ai
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://ier.ai
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 802a5c09ca2e921bfdcd304944277006
90cac7f0e305f2bf520dd97df1c908bd8f5ecfc8
a5970de89cad194d8e37f1fcc88b92284b7374bc66779833c83ac85fafb4dc6e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5970DE89CAD194D8E37F1FCC88B92284B7374BC66779833C83AC85FAFB4DC6E"
Last-Modified: Sat, 03 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17791
Expires: Mon, 05 Sep 2022 00:44:37 GMT
Date: Sun, 04 Sep 2022 19:48:06 GMT
Connection: keep-alive
region1.google-analytics.com/g/collect?v=2&tid=G-8X8EKR7KXR>m=2oe8v0&_p=631441336&cid=1596904940.1662320882&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662320881&sct=1&seg=0&dl=https%3A%2F%2Fier.ai%2F2WRX6ty&dt=Health2Wealth&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-8X8EKR7KXR>m=2oe8v0&_p=631441336&cid=1596904940.1662320882&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662320881&sct=1&seg=0&dl=https%3A%2F%2Fier.ai%2F2WRX6ty&dt=Health2Wealth&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-8X8EKR7KXR>m=2oe8v0&_p=631441336&cid=1596904940.1662320882&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662320881&sct=1&seg=0&dl=https%3A%2F%2Fier.ai%2F2WRX6ty&dt=Health2Wealth&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ier.ai
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://ier.ai
date: Sun, 04 Sep 2022 19:48:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
belickitungchan.com/500/5292343?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 belickitungchan.com/500/5292343?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5292343?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: belickitungchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ier.ai/
Origin: https://ier.ai
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://ier.ai
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8288
Expires: Sun, 04 Sep 2022 22:06:14 GMT
Date: Sun, 04 Sep 2022 19:48:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8288
Expires: Sun, 04 Sep 2022 22:06:14 GMT
Date: Sun, 04 Sep 2022 19:48:06 GMT
Connection: keep-alive
offerimage.com/www/images/e737027d1376f9277c99e68048d441cc.png
104.22.32.172200 OK 50 kB URL HTTP/2 offerimage.com/www/images/e737027d1376f9277c99e68048d441cc.png
IP 104.22.32.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash e737027d1376f9277c99e68048d441cc
d102eda710502202134c74eaa576c6e8a76a23a3
a83162955bfc853f1d09d18a704fbe8400169a71e6f2e212b65c146d766bf6bc
GET /www/images/e737027d1376f9277c99e68048d441cc.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 19:48:06 GMT
content-type: image/png
content-length: 49738
last-modified: Thu, 10 Dec 2020 15:50:46 GMT
etag: "5fd243d6-c24a"
expires: Mon, 05 Sep 2022 06:06:45 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 49281
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74593da1eba998ea-ARN
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fc4ceb10dd9fcaab21ae58dcf10c401f
6ce530af682094dc5413db9de02565691fab4da7
84ad58e126cce2ab6b1568ffe89a116bc1de0310bb72d4530eead2fb8191572c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11380
x-amzn-requestid: 61f37e21-33a8-49e6-b384-4ca1fcfbffa5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8TLFA3oAMFQjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117414-42de5c4128eb9e011d848356;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s0voKdiDdj0mq8-VRFSWcYcQXaWti7929bpdKSQMWDoVCmOAPepuDg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 03:48:57 GMT
age: 57549
etag: "6ce530af682094dc5413db9de02565691fab4da7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10318189f33f071dda64249ab9c8c5bb
e5b5b649a243e5c004d9923d19d4421d1ea96d23
3e775a1990e4d185024faf2fdff7a5eb9063f7ee19784f32fb4f7f10643c8102
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5652
x-amzn-requestid: 05fffcb2-43c0-4acf-81b2-1b914459e1e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwHErUIAMFmNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-47fe166763992ab271a87aa4;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oU-qOKW_Jy8MV0HLQWofKsOi_qseUcyZRoP5LoyLsCclpCgf6NHiBA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:02:43 GMT
age: 78323
etag: "e5b5b649a243e5c004d9923d19d4421d1ea96d23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1bdfdf7e36f78f2f0e4d7ede9fdb76a8
babb88202741bbf2d4fd25e0731a4a7a6fcc28f8
949ea108642789e1014150909060f11d99608f082760d0e868a90282f2768d43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9690
x-amzn-requestid: 614c99f8-116a-4603-bcde-3fbd5bfa14d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wx1HInIAMFiYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c80b-25c09c3227d72395408782f0;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5_jCLvdAC-XR-ax3RUbbx9275KPwACOPtAMxSbmv-aP-Lra4sC5zvw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:51:41 GMT
age: 78985
etag: "babb88202741bbf2d4fd25e0731a4a7a6fcc28f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca50f9c56ff869b0b63ca71b1a9f8170
13b16ca74113dfd52ccf23e6bb39307fc713f984
76b85dd7e018ab4b3d4b2610f90dbca61d0f05d38a3b905fee789af131ae7538
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14855
x-amzn-requestid: 65cf850b-227a-4318-a00e-d7cd4ef81489
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wjuGtpoAMFvvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7b1-54bc36741984491b0509d173;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: M9Y8U9vqVs1ATiPP9jLPybTJ-xwC--5oiRUpj9-imTWfh6_rmtL5Kw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:54:46 GMT
age: 78800
etag: "13b16ca74113dfd52ccf23e6bb39307fc713f984"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c475e9b-fa82-4942-8a4a-d6d3f5061558.webp
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c475e9b-fa82-4942-8a4a-d6d3f5061558.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8cdd0826b7d8be62cc2ed532e04e137b
383a0661fa09d9b48745b507389d0505303b6182
f2d04cf1ee9b5a885c246060c1036b21af4ecd3e51e5d05a529dbe0d63f7c2ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c475e9b-fa82-4942-8a4a-d6d3f5061558.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10713
x-amzn-requestid: d546a12c-c549-4ad3-80ad-6bad452927d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5winGzHIAMFTPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7aa-2060c6611eb4abb777cc17a8;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rnd2mdQQcKzRP5RAJXmcJUSmO_AnlUgVrkT5tBR38PtfK_bThFBTtg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:47:53 GMT
age: 79213
etag: "383a0661fa09d9b48745b507389d0505303b6182"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb4b1d74f1443bc3328301ab3ae6464
2768253dacaaad6cb498c6b2eb7694208b0ce0a6
07dcc95dab7757402998a5a61b540c965ce95c8bd51a814a09438981693b563a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8688
x-amzn-requestid: 1c5fbc89-8ce8-4792-b713-f2c0ceeab737
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wifFJYoAMFi0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7a9-214311e155c661ff77d89906;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wd9SF3txQNTVUaSPcKQ_nQfPt1pBjFbuHzSZiQjfbGBSb-i7J8Rgjg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:44:29 GMT
age: 79417
etag: "2768253dacaaad6cb498c6b2eb7694208b0ce0a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/8b/98/c2/85d66bc081991bf1b6a5577bdf/046307037700.jpeg
139.45.197.153200 OK 8.9 kB URL HTTP/2 interstitial-07.com/contents/s/8b/98/c2/85d66bc081991bf1b6a5577bdf/046307037700.jpeg
IP 139.45.197.153:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 8b98c285d66bc081991bf1b6a5577bdf
e35f81ebca3f8a99d30507aea4df94e24dd51d1a
c5ebc11683499b27d527a76c2d895583b1e99e506cf6d5b044635c694a4938f5
GET /contents/s/8b/98/c2/85d66bc081991bf1b6a5577bdf/046307037700.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=YO0LSje6b9fYV33&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1710715929%26z%3D5324394%26b%3D14589406%26c%3D6014442%26var%3D%26d%3Dhttp%253A%252F%252Fshedating.me%252Fbase.php%253Fc%253D3068%2526key%253D695b5e8dd72a14bff4cbf821bf88e0df%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D84a30685-82dc-4b2a-8684-0048c5cf7dfc%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fier.ai%252F2WRX6ty%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
content-type: image/jpeg
content-length: 8869
last-modified: Mon, 18 Jul 2022 02:40:32 GMT
etag: "62d4c820-22a5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/21/e5/6d/765d55eb820f03c83efd09a89f/01056354286609.jpeg
139.45.197.153200 OK 40 kB URL HTTP/2 interstitial-07.com/contents/s/21/e5/6d/765d55eb820f03c83efd09a89f/01056354286609.jpeg
IP 139.45.197.153:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 21e56d765d55eb820f03c83efd09a89f
58175026c671ddf2cba02cd36e8ffb2b7b47d3f5
4e07ba812e644a236b48e7738c5912338df16ec88dcfc603c5f454c4b7f35672
GET /contents/s/21/e5/6d/765d55eb820f03c83efd09a89f/01056354286609.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=YO0LSje6b9fYV33&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1710715929%26z%3D5324394%26b%3D14589406%26c%3D6014442%26var%3D%26d%3Dhttp%253A%252F%252Fshedating.me%252Fbase.php%253Fc%253D3068%2526key%253D695b5e8dd72a14bff4cbf821bf88e0df%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D84a30685-82dc-4b2a-8684-0048c5cf7dfc%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fier.ai%252F2WRX6ty%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
content-type: image/jpeg
content-length: 39474
last-modified: Mon, 22 Aug 2022 07:34:44 GMT
etag: "63033194-9a32"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d3f119e90267b7b692ff0388e26f459
ba7b92dcaf9f8fa486696bfbdfe2aeec828280ce
2ffb52afe2c56c275517da446c80f869ad97b9edd32566e67022374cfaa6f0b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2FFB52AFE2C56C275517DA446C80F869AD97B9EDD32566E67022374CFAA6F0B4"
Last-Modified: Sat, 03 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5148
Expires: Sun, 04 Sep 2022 21:13:54 GMT
Date: Sun, 04 Sep 2022 19:48:06 GMT
Connection: keep-alive
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: bc26bfde06c4bf2832fc93db3044c760
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
upgulpinon.com/11?rnd=3567860383&z=5324394&b=14589406&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R&ruid=84a30685-82dc-4b2a-8684-0048c5cf7dfc&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/11?rnd=3567860383&z=5324394&b=14589406&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R&ruid=84a30685-82dc-4b2a-8684-0048c5cf7dfc&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=3567860383&z=5324394&b=14589406&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R&ruid=84a30685-82dc-4b2a-8684-0048c5cf7dfc&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ier.ai
Connection: keep-alive
Referer: https://ier.ai/
Cookie: scm=1; OAID=6198e863a970496bbcdb9d02de0570dd; oaidts=1662320884
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://ier.ai
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: b6284ab6f3f738ac9d25334cc8467d79
access-control-expose-headers: X-Sc
set-cookie: OAID=6198e863a970496bbcdb9d02de0570dd; expires=Mon, 04 Sep 2023 19:48:06 GMT; secure; SameSite=None
oaidts=1662320884; expires=Mon, 04 Sep 2023 19:48:06 GMT; secure; SameSite=None
oaidvc=1; expires=Mon, 04 Sep 2023 19:48:06 GMT; secure; SameSite=None
CNT=1_v1_3p3eAAEAAAAnSwAA; expires=Sun, 04 Sep 2022 20:48:06 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 2bbf18f3ffdd30d57791b8f405caa296
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
belickitungchan.com/impression/2MS4sXJ0BujYoWLYIp2BOYZQjSjAMndV8BEbBYjCO7eR892B_414FUCI1AcFRNxf0HTAA_UEesxj2aWK20srpgeW5HHkNp9qlxIpDPGEeEw8gIfo-8yea4C1bhJ8ZjKgc72PLurBd3g3_JMArODJzBT6hs7ooimCJIvQEcqJZEe3Ia5OqeHkarA2R46MB3FefCZc4KgSDLr3tq2_UAQAuIQXJiavjqmFM0o1gCu-FtNMMg7XsOxFCx53NCPyXFehFVdClhmT5Ej5UvJJKm53Gl6hGJeyuvx_G9rrzV2MWHWSZ4-OOPKMN6PLyc9F2etPmNJuL61TM9XCcmEspU9Ku06Mn-OCbvymPxpqjR7TzlCacZn0QHpkrIgeJb_tjs1aRafpGck5yuyP8uL1fDmlk0cJxryZGB2cWYwW6RpSxsSFib3AsI-KrGLJCznXuNb1vz8Myj2lRk7pSxhSLqe8up9vsjQpieoOKq1FlJ8zjx9Wp5H4dXWGxdnpXDKyXD4pUg8IUVEC-IFexjgiyILdVSWANpZo5IfPpfw2fTsWTzd1sMiorUA5jqvTQHi94EiGZKI4ysdvKcvQJjRvjkOgtw==?_z=5292343&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 belickitungchan.com/impression/2MS4sXJ0BujYoWLYIp2BOYZQjSjAMndV8BEbBYjCO7eR892B_414FUCI1AcFRNxf0HTAA_UEesxj2aWK20srpgeW5HHkNp9qlxIpDPGEeEw8gIfo-8yea4C1bhJ8ZjKgc72PLurBd3g3_JMArODJzBT6hs7ooimCJIvQEcqJZEe3Ia5OqeHkarA2R46MB3FefCZc4KgSDLr3tq2_UAQAuIQXJiavjqmFM0o1gCu-FtNMMg7XsOxFCx53NCPyXFehFVdClhmT5Ej5UvJJKm53Gl6hGJeyuvx_G9rrzV2MWHWSZ4-OOPKMN6PLyc9F2etPmNJuL61TM9XCcmEspU9Ku06Mn-OCbvymPxpqjR7TzlCacZn0QHpkrIgeJb_tjs1aRafpGck5yuyP8uL1fDmlk0cJxryZGB2cWYwW6RpSxsSFib3AsI-KrGLJCznXuNb1vz8Myj2lRk7pSxhSLqe8up9vsjQpieoOKq1FlJ8zjx9Wp5H4dXWGxdnpXDKyXD4pUg8IUVEC-IFexjgiyILdVSWANpZo5IfPpfw2fTsWTzd1sMiorUA5jqvTQHi94EiGZKI4ysdvKcvQJjRvjkOgtw==?_z=5292343&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/2MS4sXJ0BujYoWLYIp2BOYZQjSjAMndV8BEbBYjCO7eR892B_414FUCI1AcFRNxf0HTAA_UEesxj2aWK20srpgeW5HHkNp9qlxIpDPGEeEw8gIfo-8yea4C1bhJ8ZjKgc72PLurBd3g3_JMArODJzBT6hs7ooimCJIvQEcqJZEe3Ia5OqeHkarA2R46MB3FefCZc4KgSDLr3tq2_UAQAuIQXJiavjqmFM0o1gCu-FtNMMg7XsOxFCx53NCPyXFehFVdClhmT5Ej5UvJJKm53Gl6hGJeyuvx_G9rrzV2MWHWSZ4-OOPKMN6PLyc9F2etPmNJuL61TM9XCcmEspU9Ku06Mn-OCbvymPxpqjR7TzlCacZn0QHpkrIgeJb_tjs1aRafpGck5yuyP8uL1fDmlk0cJxryZGB2cWYwW6RpSxsSFib3AsI-KrGLJCznXuNb1vz8Myj2lRk7pSxhSLqe8up9vsjQpieoOKq1FlJ8zjx9Wp5H4dXWGxdnpXDKyXD4pUg8IUVEC-IFexjgiyILdVSWANpZo5IfPpfw2fTsWTzd1sMiorUA5jqvTQHi94EiGZKI4ysdvKcvQJjRvjkOgtw==?_z=5292343&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: belickitungchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Cookie: OAID=6198e863a970496bbcdb9d02de0570dd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:10 GMT
content-type: image/gif
content-length: 43
x-trace-id: 05a70478b3f8ce025e9f979737fe8e8f
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
belickitungchan.com/500/5292343?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 1.2 kB URL HTTP/2 belickitungchan.com/500/5292343?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1450), with no line terminators
Hash 3426a8ba25f28486c1e1afc5468117f6
30cb1a2c4f6ae921d996a3b2bbe241fe120c16dd
1ac779427c14f033b3096e3b268ecbfe6306c6654449a96df30f74a004b81bc7
GET /500/5292343?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: belickitungchan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ier.ai
Connection: keep-alive
Referer: https://ier.ai/
Cookie: OAID=d1bd1523e22a4cf687b1d4a235104a67
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
content-type: application/javascript
x-trace-id: 325df54d2b588bbfa5e23bdcea76ccd9
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://ier.ai
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=6198e863a970496bbcdb9d02de0570dd; expires=Mon, 04 Sep 2023 19:48:06 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
interstitial-07.com/?l=YO0LSje6b9fYV33&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1710715929%26z%3D5324394%26b%3D14589406%26c%3D6014442%26var%3D%26d%3Dhttp%253A%252F%252Fshedating.me%252Fbase.php%253Fc%253D3068%2526key%253D695b5e8dd72a14bff4cbf821bf88e0df%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D84a30685-82dc-4b2a-8684-0048c5cf7dfc%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fier.ai%252F2WRX6ty%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.153200 OK 0 B URL HTTP/2 interstitial-07.com/?l=YO0LSje6b9fYV33&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1710715929%26z%3D5324394%26b%3D14589406%26c%3D6014442%26var%3D%26d%3Dhttp%253A%252F%252Fshedating.me%252Fbase.php%253Fc%253D3068%2526key%253D695b5e8dd72a14bff4cbf821bf88e0df%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D84a30685-82dc-4b2a-8684-0048c5cf7dfc%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fier.ai%252F2WRX6ty%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.153:0
GET /?l=YO0LSje6b9fYV33&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1710715929%26z%3D5324394%26b%3D14589406%26c%3D6014442%26var%3D%26d%3Dhttp%253A%252F%252Fshedating.me%252Fbase.php%253Fc%253D3068%2526key%253D695b5e8dd72a14bff4cbf821bf88e0df%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7ZVVxOEx4ZJVWLVbj4-yAOAfVKCsF4Q3QCnqOnV00eQB9SxKBxKhVGvMLNDdLxNmRLMLTpLRa7NqQI1GiZjenNuaIiKYDZbhF_Aq9DrXH25qcHkEghONvfuTdvl_dDSQ965GI7jLQ5QquryoSe7r9Zx2PxD-MNNaOxanwimLPcLVTlsj3e6GFKjrhChZMvLVs6uKBTV_UiaR-UKBruNCa1-H4gJlesF5oV3gnTxSwt2PxNTN_RTJPdFe49bfjdmFyx0BQtfgdtv9MF01I50xpm057fGt7z7uT2BNDu8R9GKzByh2KXt291_MlNo1cKnEncaXZVuseSp8wy2xpBfZR5iKRNBgbcgtTDq_uC_ME6UBPYcyP8Xe2LcMMjZBqAvNMTm7WTjORfzYuUFOcA4tLg4NJYZK3Ur3IGnmOfG_S11p7hsKb1jVJAZ_oEikfthKNOlpwb3lgXKENkTS1R9i6piZOgm5TClViooJK3EWxFaFDEyN4zxT3okJRRjfzt2JVHEj4aShTJ9VgyoKWjhXs9OyEO4EyNen-XEm4qeKTqqDpj0D8PeQyalhNAZU6WzQ4M9NnIlefH5TluMPElndzSC4u2tLJq_oHNTaYR0xpp4WEzrjpYcYwIMZEqnayVfXyv2zjKtRs7SFEY3bKsnUMl43rHtQ4hWH6RDLK6jtHH1FR5Kun0L17XfcZiQ1PvDdArtKgzhgzfpRB-2R%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D84a30685-82dc-4b2a-8684-0048c5cf7dfc%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fier.ai%252F2WRX6ty%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=oSRrOv67aoD6IKxFzO2oW2mP_C06HzSxMY-h7MvfN_I; expires=Sun, 04-Sep-2022 20:48:06 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
punoocke.com/401/5292343
139.45.197.236200 OK 0 B IP 139.45.197.236:0
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5292343 HTTP/1.1
Host: punoocke.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
content-type: application/javascript
x-trace-id: e99edb162d9e79b5415e98012f57867e
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d6730fade4ca487bab0468e4e2cad096; expires=Mon, 04 Sep 2023 19:48:05 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.itskiddoan.club/?rb=zElVFIXd250LEvwiCIjXn_Q4lY8Ds39yWNsRKuvfV3EeywMWwPip3BlZRm_DV-qCLFUhJtDsTldj-8Kd2a6JlhEhkU2YlVg3gB1qF8Gd5xxPwJmAbwnlD7Qsteq0BGvSmKXFX4sBxXxZApvPHrW9HPrAw9c4nsTCGPnuqgY2_aHETufT2ro7j-sHew_U4W4tzNE_Nb2HlRtdnF_y6MxQOw%3D%3D&request_ab2=0&zoneid=5225632&js_build=iclick-v1.418.0-rc&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.418.0-rc&bs=4757b3d3-d318-45e3-b368-382fe332dc37&userId=6198e863a970496bbcdb9d02de0570dd&m=link
139.45.197.236200 OK 0 B URL HTTP/2 cdn.itskiddoan.club/?rb=zElVFIXd250LEvwiCIjXn_Q4lY8Ds39yWNsRKuvfV3EeywMWwPip3BlZRm_DV-qCLFUhJtDsTldj-8Kd2a6JlhEhkU2YlVg3gB1qF8Gd5xxPwJmAbwnlD7Qsteq0BGvSmKXFX4sBxXxZApvPHrW9HPrAw9c4nsTCGPnuqgY2_aHETufT2ro7j-sHew_U4W4tzNE_Nb2HlRtdnF_y6MxQOw%3D%3D&request_ab2=0&zoneid=5225632&js_build=iclick-v1.418.0-rc&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.418.0-rc&bs=4757b3d3-d318-45e3-b368-382fe332dc37&userId=6198e863a970496bbcdb9d02de0570dd&m=link
IP 139.45.197.236:0
GET /?rb=zElVFIXd250LEvwiCIjXn_Q4lY8Ds39yWNsRKuvfV3EeywMWwPip3BlZRm_DV-qCLFUhJtDsTldj-8Kd2a6JlhEhkU2YlVg3gB1qF8Gd5xxPwJmAbwnlD7Qsteq0BGvSmKXFX4sBxXxZApvPHrW9HPrAw9c4nsTCGPnuqgY2_aHETufT2ro7j-sHew_U4W4tzNE_Nb2HlRtdnF_y6MxQOw%3D%3D&request_ab2=0&zoneid=5225632&js_build=iclick-v1.418.0-rc&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.418.0-rc&bs=4757b3d3-d318-45e3-b368-382fe332dc37&userId=6198e863a970496bbcdb9d02de0570dd&m=link HTTP/1.1
Host: cdn.itskiddoan.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ier.ai/
Origin: https://ier.ai
Connection: keep-alive
Cookie: OAID=a880a5695ebd40ae9d15abb4d57509a4; oaidts=1662320885
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
content-type: application/json
x-trace-id: 2c5ccd3f68dd5f2cbaae0b18f7540794
access-control-allow-origin: https://ier.ai
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=6198e863a970496bbcdb9d02de0570dd; expires=Mon, 04 Sep 2023 19:48:05 GMT; path=/; secure; SameSite=None
oaidts=1662320885; expires=Mon, 04 Sep 2023 19:48:05 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 11 Sep 2022 19:48:05 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5324394&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=6198e863a970496bbcdb9d02de0570dd
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/9?z=5324394&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=6198e863a970496bbcdb9d02de0570dd
IP 139.45.197.242:0
POST /9?z=5324394&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=6198e863a970496bbcdb9d02de0570dd HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 56
Origin: https://ier.ai
Connection: keep-alive
Referer: https://ier.ai/
Cookie: scm=1; OAID=c33f116f305c4b9e8528bd760cc51142; oaidts=1662320884
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://ier.ai
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 9e7436b8eefbecf1607546fd2f91fab3
access-control-expose-headers: X-Sc
set-cookie: OAID=6198e863a970496bbcdb9d02de0570dd; expires=Mon, 04 Sep 2023 19:48:05 GMT; secure; SameSite=None
oaidts=1662320884; expires=Mon, 04 Sep 2023 19:48:05 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=CgCrbXJEzQYNhYDwWX5byKsU7QEKpu5mDJT2STpVDrO2RvGA8q3Xoq79lTy5lAq_GW5oEhfbwek9C0wrX8nZ4fhJ5Q1kDReg0yHsNnCmc968I-FqLUPE6g4noFGjGVrbGih2mi_5cUsGM162ctlsEnFTqeC-Y4LOsMSJ2xZWy2gm5pPNIVo-icxoE-24ejjjz_keS5ApA3Vb0edClGEC6g%3D%3D&request_ab2=0&zoneid=3491150&js_build=iclick-v1.418.0-rc&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.418.0-rc&bs=a62beb3e-aafc-4fa6-8cac-166650eebb6b&userId=6198e863a970496bbcdb9d02de0570dd&m=link
139.45.197.243200 OK 0 B URL HTTP/2 onmarshtompor.com/?rb=CgCrbXJEzQYNhYDwWX5byKsU7QEKpu5mDJT2STpVDrO2RvGA8q3Xoq79lTy5lAq_GW5oEhfbwek9C0wrX8nZ4fhJ5Q1kDReg0yHsNnCmc968I-FqLUPE6g4noFGjGVrbGih2mi_5cUsGM162ctlsEnFTqeC-Y4LOsMSJ2xZWy2gm5pPNIVo-icxoE-24ejjjz_keS5ApA3Vb0edClGEC6g%3D%3D&request_ab2=0&zoneid=3491150&js_build=iclick-v1.418.0-rc&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.418.0-rc&bs=a62beb3e-aafc-4fa6-8cac-166650eebb6b&userId=6198e863a970496bbcdb9d02de0570dd&m=link
IP 139.45.197.243:0
GET /?rb=CgCrbXJEzQYNhYDwWX5byKsU7QEKpu5mDJT2STpVDrO2RvGA8q3Xoq79lTy5lAq_GW5oEhfbwek9C0wrX8nZ4fhJ5Q1kDReg0yHsNnCmc968I-FqLUPE6g4noFGjGVrbGih2mi_5cUsGM162ctlsEnFTqeC-Y4LOsMSJ2xZWy2gm5pPNIVo-icxoE-24ejjjz_keS5ApA3Vb0edClGEC6g%3D%3D&request_ab2=0&zoneid=3491150&js_build=iclick-v1.418.0-rc&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.418.0-rc&bs=a62beb3e-aafc-4fa6-8cac-166650eebb6b&userId=6198e863a970496bbcdb9d02de0570dd&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ier.ai/
Origin: https://ier.ai
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:05 GMT
content-type: application/json
x-trace-id: 01edd68e67941dea46df64f5fac1a0e5
access-control-allow-origin: https://ier.ai
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=6198e863a970496bbcdb9d02de0570dd; expires=Mon, 04 Sep 2023 19:48:05 GMT; path=/; secure; SameSite=None
oaidts=1662320885; expires=Mon, 04 Sep 2023 19:48:05 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 11 Sep 2022 19:48:05 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
forfrogadiertor.com/500/3487732?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 forfrogadiertor.com/500/3487732?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
GET /500/3487732?excludes=&oaid=6198e863a970496bbcdb9d02de0570dd&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fier.ai%2F2WRX6ty&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: forfrogadiertor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ier.ai
Connection: keep-alive
Referer: https://ier.ai/
Cookie: OAID=67953181a9104c16b8a08c2fc28373ad
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
content-type: application/javascript
x-trace-id: d493e9b6cb36ec42b9d6c8095fdf8760
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://ier.ai
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=6198e863a970496bbcdb9d02de0570dd; expires=Mon, 04 Sep 2023 19:48:05 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=1182132884
139.45.197.236200 OK 0 B URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=1182132884
IP 139.45.197.236:0
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=1182132884 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:06 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 2362754de3df8457ef85d36758cc6859
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
forfrogadiertor.com/400/3487732
139.45.197.239200 OK 0 B URL HTTP/2 forfrogadiertor.com/400/3487732
IP 139.45.197.239:0
GET /400/3487732 HTTP/1.1
Host: forfrogadiertor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ier.ai/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:48:04 GMT
content-type: application/javascript
x-trace-id: cf716bdec0b1631d0693d3bd1db012e3
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=67953181a9104c16b8a08c2fc28373ad; expires=Mon, 04 Sep 2023 19:48:04 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2