r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8408
Expires: Sat, 28 Jan 2023 22:40:57 GMT
Date: Sat, 28 Jan 2023 20:20:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9191
Expires: Sat, 28 Jan 2023 22:54:01 GMT
Date: Sat, 28 Jan 2023 20:20:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3526
Expires: Sat, 28 Jan 2023 21:19:36 GMT
Date: Sat, 28 Jan 2023 20:20:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 19:35:31 GMT
content-type: application/json
age: 2719
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2wv2hrQJfmGMbdfRlqDvqhF3Hm7wjDMxZz3HK9w3HPYqpDwThdQN8hcKlWlxynxgXOvA21SH8T5B+lNfxd19CA==
x-amz-request-id: J4R32BVHMPZ7E61S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 19:50:02 GMT
age: 1848
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
upbam.org/63rx1sg3au0h/Shahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html
104.21.72.253200 OK 24 kB URL HTTP/1.1 upbam.org/63rx1sg3au0h/Shahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html
IP 104.21.72.253:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (51070)
Hash d98482d0796f0f89b9ce9ab2fe2b6e33
0b11558d0347a9f1e7e7b7e8803dd97f6919af22
ff3c7acd9616aa23920abc8be9e901025bf25692f391f1695afb35c5529a0be8
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
GET /63rx1sg3au0h/Shahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:20:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Fri, 27 Jan 2023 20:20:49 GMT
Set-Cookie: lang=english; domain=.upbam.org; path=/
aff=4588; domain=.upbam.org; path=/; expires=Sat, 11-Feb-2023 20:20:49 GMT
Access-Control-Allow-Origin: https://upbam.org
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FiQMGjV7p0jRJsEx3D0cleSuZiYn1HkI59vU%2BFq7tJRAfOW1WSDtarE9PTgsvMewa1W808T%2B04rUvBO3no%2BGncye9zknuKp5Xhu7RBzGq%2F1%2BTgOPeeYKEPDyhSg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790c6e532a23b527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 839f992874f43406a9e4b3bf78dbf543
5931d414a576be8930236b579aa05e365ad30368
525570fb1fde6295f9149f4ede72a19eddd08c818c5e0b0ca88ddcfb6d3fd42e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1112
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:20:50 GMT
Last-Modified: Sat, 28 Jan 2023 20:02:18 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f517f98d5b9a1d3dedc7b66ef4d26d99
cfb33dcea90de324c9e3d07b0c697bba5e45bf18
ef8268c8d3633983374be78f0f7818839981d103184fe4346068d8844284507d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EF8268C8D3633983374BE78F0F7818839981D103184FE4346068D8844284507D"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14281
Expires: Sun, 29 Jan 2023 00:18:51 GMT
Date: Sat, 28 Jan 2023 20:20:50 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 839f992874f43406a9e4b3bf78dbf543
5931d414a576be8930236b579aa05e365ad30368
525570fb1fde6295f9149f4ede72a19eddd08c818c5e0b0ca88ddcfb6d3fd42e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1112
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:20:50 GMT
Last-Modified: Sat, 28 Jan 2023 20:02:18 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f517f98d5b9a1d3dedc7b66ef4d26d99
cfb33dcea90de324c9e3d07b0c697bba5e45bf18
ef8268c8d3633983374be78f0f7818839981d103184fe4346068d8844284507d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EF8268C8D3633983374BE78F0F7818839981D103184FE4346068D8844284507D"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14343
Expires: Sun, 29 Jan 2023 00:19:53 GMT
Date: Sat, 28 Jan 2023 20:20:50 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 839f992874f43406a9e4b3bf78dbf543
5931d414a576be8930236b579aa05e365ad30368
525570fb1fde6295f9149f4ede72a19eddd08c818c5e0b0ca88ddcfb6d3fd42e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1112
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:20:50 GMT
Last-Modified: Sat, 28 Jan 2023 20:02:18 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f517f98d5b9a1d3dedc7b66ef4d26d99
cfb33dcea90de324c9e3d07b0c697bba5e45bf18
ef8268c8d3633983374be78f0f7818839981d103184fe4346068d8844284507d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EF8268C8D3633983374BE78F0F7818839981D103184FE4346068D8844284507D"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14343
Expires: Sun, 29 Jan 2023 00:19:53 GMT
Date: Sat, 28 Jan 2023 20:20:50 GMT
Connection: keep-alive
upbam.org/images/logo_lgrey.png
104.21.72.253200 OK 1.5 kB URL HTTP/2 upbam.org/images/logo_lgrey.png
IP 104.21.72.253:0
File type PNG image data, 127 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 160d72442f27c6c93a79083a3fb5c3e5
c8ffe65ce9b8b450738c9860a8c7f7c3f871767b
10ac36acacb3b4d445bf562fc5d65dd9d612530b09872b8007d39779f8e0ba81
GET /images/logo_lgrey.png HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: image/png
content-length: 1450
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: "5aa-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 4095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2FpeALdYSp4HzBKt93iKGy3QtGeu9KG0GF7wDhV2%2B776D0LJumUdh0t%2BE9qJZu5tFk76MZT2f0viDAM5axvSARaCv27SmRq2lp7V8uNLVvzXlDUTQxUFOPM%2Bf0Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e56c8f0b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
upbam.org/images/ico_tr.png
104.21.72.253200 OK 954 B URL HTTP/2 upbam.org/images/ico_tr.png
IP 104.21.72.253:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash cfdacc3270555466cfd8439601612231
98dfb7b93226ed5010b70ba7c6869f1749581f4f
fd2f4ce1a46e53289a9dd06ce82eb463668cb4299fb77da46540193db056b960
GET /images/ico_tr.png HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: image/png
content-length: 954
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: "3ba-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 4095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CcK0jqIyhi2LutACBjdTWsBM5zgUskhqjFxEurJL8vUZ%2BBVs4GBK3JEeMS8mfaGkIGZ702ozYCcnU02z6k4W9MIDMexPlzBSBI0YLlTpkV3q0qK2vX%2BhOdiM%2FO4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e56c8f3b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
upbam.org/images/ico_fb.png
104.21.72.253200 OK 953 B URL HTTP/2 upbam.org/images/ico_fb.png
IP 104.21.72.253:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash d0e7effca2da39383436e48cbfa76ed1
2cf16f380c0245b3e4b00f8a1bf00d4f11fed0b7
38546bc01f967331fb1f8eb430e8728d2e2db83837ede86a3d1dc11731086efe
GET /images/ico_fb.png HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: image/png
content-length: 953
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: "3b9-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 4095
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ekIhbJblAymnpe8uOxDUgRIOaXk9JThoK7zuv7lOCJLIHloToYHMCbcAk8hy8924aX0WhRVK5soT7dSgocvmxwdW%2B3vsQdJxmDQGSV9PEMfIz1qN73RV95B3jLo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e56c8f2b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
upbam.org/images/ico_gp.png
104.21.72.253200 OK 1.1 kB URL HTTP/2 upbam.org/images/ico_gp.png
IP 104.21.72.253:0
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 10e7cc1ed61cd88795a18deaacc98f51
7a654c9d4fa15ae70ad021f5d3ce47297a881855
6ce28f4a3f37a4d1151e749942a0d32a4c05e47a6f47c2856134346efddd987e
GET /images/ico_gp.png HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: image/png
content-length: 1114
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: "45a-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 3304
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=552Q00UWuSWpnebMYUBRqAoM2z%2FfFnjjPzzgwobXlyRDns2iv532nO5kgnske6pRW%2Bgb3d5ecD4udhE6D7nWZ6Lv0M3bbayC%2BZGPKVxSxBIHMmCc7vpUriLW3GA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e56d8fcb512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a10c6e58c3b2d93009af0bbf0c1b9876
e1770e14d56bf4f92719aeaf44dc21933230a7d2
ed84c78a7315e66162a609a32a50ebb016243e8f8516248e09531eeef0c3b5ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 957
Cache-Control: max-age=144118
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:20:50 GMT
Etag: "63d50fdb-116"
Expires: Mon, 30 Jan 2023 12:22:48 GMT
Last-Modified: Sat, 28 Jan 2023 12:06:51 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e12ac29bd33c7b853cfd4a244489d12
111de984a1ed850a1aa4d6e402570244ad1a0f73
ac49f253d2db2695102e6a84b6aea231fc41913652e5fcedf7862f32656bd406
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC49F253D2DB2695102E6A84B6AEA231FC41913652E5FCEDF7862F32656BD406"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15785
Expires: Sun, 29 Jan 2023 00:43:55 GMT
Date: Sat, 28 Jan 2023 20:20:50 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 839f992874f43406a9e4b3bf78dbf543
5931d414a576be8930236b579aa05e365ad30368
525570fb1fde6295f9149f4ede72a19eddd08c818c5e0b0ca88ddcfb6d3fd42e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1112
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:20:50 GMT
Last-Modified: Sat, 28 Jan 2023 20:02:18 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a10c6e58c3b2d93009af0bbf0c1b9876
e1770e14d56bf4f92719aeaf44dc21933230a7d2
ed84c78a7315e66162a609a32a50ebb016243e8f8516248e09531eeef0c3b5ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3873
Cache-Control: max-age=147034
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:20:50 GMT
Etag: "63d50fdb-116"
Expires: Mon, 30 Jan 2023 13:11:24 GMT
Last-Modified: Sat, 28 Jan 2023 12:06:51 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 278
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f517f98d5b9a1d3dedc7b66ef4d26d99
cfb33dcea90de324c9e3d07b0c697bba5e45bf18
ef8268c8d3633983374be78f0f7818839981d103184fe4346068d8844284507d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EF8268C8D3633983374BE78F0F7818839981D103184FE4346068D8844284507D"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14343
Expires: Sun, 29 Jan 2023 00:19:53 GMT
Date: Sat, 28 Jan 2023 20:20:50 GMT
Connection: keep-alive
cy.stetssublet.com/r63ae0e569459a63ae0e569459b/40334
172.255.6.123200 OK 25 B URL HTTP/1.1 cy.stetssublet.com/r63ae0e569459a63ae0e569459b/40334
IP 172.255.6.123:0
File type ASCII text, with no line terminators
Hash 2339750dbbbcbd8fe83612a65b72e03d
672074d493c051cffcc96bce7d15f77ec6ef1889
1fa220e7725025343d910d83e9f0e663b82419a3422e5465dc73c092b0853ccd
GET /r63ae0e569459a63ae0e569459b/40334 HTTP/1.1
Host: cy.stetssublet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:50 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://upbam.org
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 29-Jan-2023 20:20:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Sun, 29-Jan-2023 20:20:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a10c6e58c3b2d93009af0bbf0c1b9876
e1770e14d56bf4f92719aeaf44dc21933230a7d2
ed84c78a7315e66162a609a32a50ebb016243e8f8516248e09531eeef0c3b5ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 957
Cache-Control: max-age=144118
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:20:50 GMT
Etag: "63d50fdb-116"
Expires: Mon, 30 Jan 2023 12:22:48 GMT
Last-Modified: Sat, 28 Jan 2023 12:06:51 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278
b.m2track.co/adb/zone/160.js?v=1.22
44.197.62.246200 OK 963 B URL HTTP/1.1 b.m2track.co/adb/zone/160.js?v=1.22
IP 44.197.62.246:0
File type ASCII text, with very long lines (540)
Hash 34fef04ed57ab690821cb842e13cdbf0
fb6a3c67730b21e331b391a77cf5b038a07d0988
c61a0a2a9e91234229c047f793a26a56200441fcf660d97a3a2e2505f09e7f54
GET /adb/zone/160.js?v=1.22 HTTP/1.1
Host: b.m2track.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:50 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
b.m2track.co/adb/zone/160.js?v=1.22
44.197.62.246200 OK 963 B URL HTTP/1.1 b.m2track.co/adb/zone/160.js?v=1.22
IP 44.197.62.246:0
File type ASCII text, with very long lines (540)
Hash 34fef04ed57ab690821cb842e13cdbf0
fb6a3c67730b21e331b391a77cf5b038a07d0988
c61a0a2a9e91234229c047f793a26a56200441fcf660d97a3a2e2505f09e7f54
GET /adb/zone/160.js?v=1.22 HTTP/1.1
Host: b.m2track.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:50 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 19:41:40 GMT
age: 2350
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
b.m2track.co/adb/za/160.js?v=1&v=1.22&t=63d583a6a8b438.49834802&&referer=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&ct=1674937254659
44.197.62.246200 OK 2.9 kB URL HTTP/1.1 b.m2track.co/adb/za/160.js?v=1&v=1.22&t=63d583a6a8b438.49834802&&referer=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&ct=1674937254659
IP 44.197.62.246:0
File type ASCII text, with very long lines (1172)
Hash 5c90e8faf65cf09bcc92fba02ccc13b7
bdc5cf39d754d0a99efe9e5971e4e0c6e3705a69
f8ead91893431d24671834d43a683c65285dab4c384ff3bedb1c228d4725f0cb
GET /adb/za/160.js?v=1&v=1.22&t=63d583a6a8b438.49834802&&referer=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&ct=1674937254659 HTTP/1.1
Host: b.m2track.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:50 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
initiallycompetitionunderwear.com/06/8d/e0/068de0f61fc75f93b5ec620b96ffc803.js
192.243.59.13200 OK 21 kB URL HTTP/1.1 initiallycompetitionunderwear.com/06/8d/e0/068de0f61fc75f93b5ec620b96ffc803.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60159), with no line terminators
Hash 043855bd04066fa1b85362b3e9528de7
ef120f937b8518a506f27f3d86bd4796cc962fdd
711873ac166dd2ddd85560fb53637ece7ceb25db48725613365d49580d1e87a0
Analyzer Verdict Alert quad9 Sinkholed
GET /06/8d/e0/068de0f61fc75f93b5ec620b96ffc803.js HTTP/1.1
Host: initiallycompetitionunderwear.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 20:20:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b7b5515614d20f07333d1c89b3145914
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.madservs.com/storage/uploads/1_1672975978594.png
151.139.128.11200 OK 3.2 kB URL HTTP/1.1 cdn.madservs.com/storage/uploads/1_1672975978594.png
IP 151.139.128.11:0
File type PNG image data, 300 x 250, 8-bit colormap, non-interlaced\012- data
Hash 9c943e96c39adf18f7b152096dd65681
a760860f6ed21e4aa16f28cd0d11b541bcdbbc64
a92cbdaecc2e44c5dfc232c0f6ebf95e8ae0821728051a7bc9ed9b2360175a64
GET /storage/uploads/1_1672975978594.png HTTP/1.1
Host: cdn.madservs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:20:50 GMT
Content-Type: image/png
Last-Modified: Fri, 06 Jan 2023 03:32:58 GMT
Accept-Ranges: bytes
Server: nginx
ETag: "63b7966a-c64"
Cache-Control: max-age=172800, public
Access-Control-Allow-Origin: *
X-HW: 1674937250.cds012.sk1.h2,1674937250.cds212.sk1.c
Connection: keep-alive
Content-Length: 3172
b.m2track.co/adb/za/160.js?v=1&v=1.22&t=63d583a6c978d4.60996736&&referer=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&ct=1674937254787
44.197.62.246200 OK 2.9 kB URL HTTP/1.1 b.m2track.co/adb/za/160.js?v=1&v=1.22&t=63d583a6c978d4.60996736&&referer=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&ct=1674937254787
IP 44.197.62.246:0
File type ASCII text, with very long lines (1172)
Hash df8440ec97642305f0d7a16e5ad44929
2c0153da3ada51928a661535b460219fa85937db
0fa68864639ac75c69d564b57d276bd6d723bed942a25240c196eff4df2463f2
GET /adb/za/160.js?v=1&v=1.22&t=63d583a6c978d4.60996736&&referer=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&ct=1674937254787 HTTP/1.1
Host: b.m2track.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:50 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7892
Expires: Sat, 28 Jan 2023 22:32:22 GMT
Date: Sat, 28 Jan 2023 20:20:50 GMT
Connection: keep-alive
use.fontawesome.com/releases/v5.1.1/css/all.css
172.64.133.15200 OK 10 kB URL HTTP/2 use.fontawesome.com/releases/v5.1.1/css/all.css
IP 172.64.133.15:0
File type ASCII text, with very long lines (45538)
Hash 74ce8bedb8ae580e4964d1e9b45fad39
5dc2ac72b15d17601e0bb7d607381d8fc9008d15
351c7d4f33210039402147a2a72b3196347174ec97f38326f24c5614dc3a908c
GET /releases/v5.1.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: text/css
x-amz-id-2: Wd2x0g7FfoyrOJxDMB5h45n6YkJy38/5Dn5kolyB01oHGbDajAun1ngGzoOBixwvI4Isg84JceY=
x-amz-request-id: VW6SY6HBXF2P8YHX
last-modified: Wed, 30 Jun 2021 15:30:50 GMT
etag: W/"597b70b2ce6b1483f72526c906918fe9"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2343938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L6mxESb24blLmuS7NFYHPN0oZZNlhnTNM2vOBCXz%2FrqAzay8qu5qIYqL5Ofq4qKW%2FrsF1Xm%2B%2FF%2FCNteMkvbThkyoY5tXiIdV4YvZk%2BuVP7PrbQ%2F4E8KkKR9rqoXZZH25YhKbRUr6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e573f007735-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
b.m2track.co/adb/zui/NTg4MjQ2MzktMzI4Mjk4Ni0yMDIzLTAxLTI4LTIwfDkxLjkwLjQyLjE1NHx8NjNkNTgzYTJhYWQxNA==.js?data=ZmdjQTZ0NlZGU2xTRHEyZXQ5UTA2MFVUcm14Yk5vNStaaXNDS0RneGZTZWNrN1JkaThUR01FMWw1ODg5RS9QYzkxazA0NTkzaVh6dzl3Vk5iTUFyaDc4cHRNZkZsY0ZoOE52SThaSkhJUEk9
44.197.62.246200 OK 34 B URL HTTP/1.1 b.m2track.co/adb/zui/NTg4MjQ2MzktMzI4Mjk4Ni0yMDIzLTAxLTI4LTIwfDkxLjkwLjQyLjE1NHx8NjNkNTgzYTJhYWQxNA==.js?data=ZmdjQTZ0NlZGU2xTRHEyZXQ5UTA2MFVUcm14Yk5vNStaaXNDS0RneGZTZWNrN1JkaThUR01FMWw1ODg5RS9QYzkxazA0NTkzaVh6dzl3Vk5iTUFyaDc4cHRNZkZsY0ZoOE52SThaSkhJUEk9
IP 44.197.62.246:0
File type ASCII text, with no line terminators
Hash a06b036222ece809719bd39e71abc21c
3ac40c9b57929a65abc7e31d725e5689eb60b2e8
c4153eea6d15149ba2a18ecb7727a1734b7e49026d1a04af50d6285499329b17
GET /adb/zui/NTg4MjQ2MzktMzI4Mjk4Ni0yMDIzLTAxLTI4LTIwfDkxLjkwLjQyLjE1NHx8NjNkNTgzYTJhYWQxNA==.js?data=ZmdjQTZ0NlZGU2xTRHEyZXQ5UTA2MFVUcm14Yk5vNStaaXNDS0RneGZTZWNrN1JkaThUR01FMWw1ODg5RS9QYzkxazA0NTkzaVh6dzl3Vk5iTUFyaDc4cHRNZkZsY0ZoOE52SThaSkhJUEk9 HTTP/1.1
Host: b.m2track.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:50 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400, public
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
upbam.org/css/style.css
104.21.72.253200 OK 16 kB IP 104.21.72.253:0
Hash cb4d7e0d4c1784900189a866a2af89ff
32a31a9f553b2f4bc1543259db842453270ab51c
27706d5cd459728c272fd89f978ff82b3c340ce6d64eaca6f665666efdf0fd85
GET /css/style.css HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: text/css
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: W/"138f6-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 4095
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PKNtGVtDMfEMXbRmAMlcAgAOEyFB7opl5D7b3wWlIw3s23niUD3FelgUBCGLzFG7nOO7g4PNrZ8cehR%2FoKj%2BtzM2NN8MHzwMsw%2FGdKc2hNuSsM5hqFf89Z%2BCnTc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e56e917b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
104.18.11.207200 OK 11 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP 104.18.11.207:0
File type ASCII text, with very long lines (32033)
Hash 19bc49a93a349fcbac2258612b915caa
ecd95611d9f9401d800c1e7e159fa9d0550d3052
949a9d5135e3ef7ab140cca08f0c1d85372b970640645895e7bcd25aaf4fb1f4
GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 12/13/2021 20:18:53
cdn-edgestorageid: 755
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-proxyver: 1.02
cdn-requestid: 48135f30fbfcba704628453df5764d8f
cdn-cache: HIT
cf-cache-status: HIT
age: 20386735
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 790c6e56d8490b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
b.m2track.co/adb/zi/NTg4MjQ2MzktMzI4Mjk4Ni0yMDIzLTAxLTI4LTIwfDkxLjkwLjQyLjE1NHx8NjNkNTgzYTJjNDc1ZA==.js?data=ZmdjQTZ0NlZGU2xTRHEyZXQ5UTA2MFVUcm14Yk5vNStaaXNDS0RneGZTZWNrN1JkaThUR01FMWw1ODg5RS9QYzkxazA0NTkzaVh6dzl3Vk5iTUFyaDc4cHRNZkZsY0ZoOE52SThaSkhJUEk9
44.197.62.246200 OK 34 B URL HTTP/1.1 b.m2track.co/adb/zi/NTg4MjQ2MzktMzI4Mjk4Ni0yMDIzLTAxLTI4LTIwfDkxLjkwLjQyLjE1NHx8NjNkNTgzYTJjNDc1ZA==.js?data=ZmdjQTZ0NlZGU2xTRHEyZXQ5UTA2MFVUcm14Yk5vNStaaXNDS0RneGZTZWNrN1JkaThUR01FMWw1ODg5RS9QYzkxazA0NTkzaVh6dzl3Vk5iTUFyaDc4cHRNZkZsY0ZoOE52SThaSkhJUEk9
IP 44.197.62.246:0
File type ASCII text, with no line terminators
Hash a06b036222ece809719bd39e71abc21c
3ac40c9b57929a65abc7e31d725e5689eb60b2e8
c4153eea6d15149ba2a18ecb7727a1734b7e49026d1a04af50d6285499329b17
GET /adb/zi/NTg4MjQ2MzktMzI4Mjk4Ni0yMDIzLTAxLTI4LTIwfDkxLjkwLjQyLjE1NHx8NjNkNTgzYTJjNDc1ZA==.js?data=ZmdjQTZ0NlZGU2xTRHEyZXQ5UTA2MFVUcm14Yk5vNStaaXNDS0RneGZTZWNrN1JkaThUR01FMWw1ODg5RS9QYzkxazA0NTkzaVh6dzl3Vk5iTUFyaDc4cHRNZkZsY0ZoOE52SThaSkhJUEk9 HTTP/1.1
Host: b.m2track.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 70d7472a17efeeb35b7d2dd5c625ee24
36a7f7fc8f5388266c71d3910281533a62dfbee5
2f2c18c383b3079bf16d51162805e7d446df72d7fccea0e2f7fd837ab4390063
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:51 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://upbam.org
access-control-allow-credentials: true
set-cookie: uid_id2=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb:2:1; expires=Tue, 25 Jan 2033 20:20:51 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
b.m2track.co/adb/zui/NTg4MjQ2MzktMzI4Mjk4Ni0yMDIzLTAxLTI4LTIwfDkxLjkwLjQyLjE1NHx8NjNkNTgzYTJjNDc1ZA==.js?data=ZmdjQTZ0NlZGU2xTRHEyZXQ5UTA2MFVUcm14Yk5vNStaaXNDS0RneGZTZWNrN1JkaThUR01FMWw1ODg5RS9QYzkxazA0NTkzaVh6dzl3Vk5iTUFyaDc4cHRNZkZsY0ZoOE52SThaSkhJUEk9
44.197.62.246200 OK 34 B URL HTTP/1.1 b.m2track.co/adb/zui/NTg4MjQ2MzktMzI4Mjk4Ni0yMDIzLTAxLTI4LTIwfDkxLjkwLjQyLjE1NHx8NjNkNTgzYTJjNDc1ZA==.js?data=ZmdjQTZ0NlZGU2xTRHEyZXQ5UTA2MFVUcm14Yk5vNStaaXNDS0RneGZTZWNrN1JkaThUR01FMWw1ODg5RS9QYzkxazA0NTkzaVh6dzl3Vk5iTUFyaDc4cHRNZkZsY0ZoOE52SThaSkhJUEk9
IP 44.197.62.246:0
File type ASCII text, with no line terminators
Hash a06b036222ece809719bd39e71abc21c
3ac40c9b57929a65abc7e31d725e5689eb60b2e8
c4153eea6d15149ba2a18ecb7727a1734b7e49026d1a04af50d6285499329b17
GET /adb/zui/NTg4MjQ2MzktMzI4Mjk4Ni0yMDIzLTAxLTI4LTIwfDkxLjkwLjQyLjE1NHx8NjNkNTgzYTJjNDc1ZA==.js?data=ZmdjQTZ0NlZGU2xTRHEyZXQ5UTA2MFVUcm14Yk5vNStaaXNDS0RneGZTZWNrN1JkaThUR01FMWw1ODg5RS9QYzkxazA0NTkzaVh6dzl3Vk5iTUFyaDc4cHRNZkZsY0ZoOE52SThaSkhJUEk9 HTTP/1.1
Host: b.m2track.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400, public
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
use.fontawesome.com/releases/v5.1.1/css/v4-shims.css
172.64.133.15200 OK 4.2 kB URL HTTP/2 use.fontawesome.com/releases/v5.1.1/css/v4-shims.css
IP 172.64.133.15:0
File type ASCII text, with very long lines (26508)
Hash 2c9b3f2676a50e3e594c551936c42c8b
4ca1a900917a289b3a932dbde3106d87a13b8073
1237ec67d6d27e9d0875aeedb60e6c4b1a712a4cd7b83a737d42c85606956a8a
GET /releases/v5.1.1/css/v4-shims.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: text/css
x-amz-id-2: vUTIuOL2XcqAT1m0DFdpRo/hYntV5R5yQk6j9c/Ra4zN8qZImWH1NYoHBEycJ941zDtT1aYIhao=
x-amz-request-id: 9DD2C3JXS0APYSTY
last-modified: Wed, 30 Jun 2021 15:30:50 GMT
etag: W/"01727b5056f65c2ac938f5db4e552b10"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 400706
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lAT%2Fy3uxDDLOGr20eY2zbZ8ShphZpP7sBOH1ga3r2XhmxhnZEHUGOYPgsCNqitrczR3BsPUYPeCd%2Bw%2F6ACTz%2BfHMmv%2B%2FD0GG8xN3xmXiYfuXvVMVd4keIxjuQUKJUJuHai2AlDQY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e573eec7735-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thaudray.com/tag.min.js
139.45.197.237200 OK 25 kB IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0ef679822840cd7cdefb4df6b753e87f
982cfe2d21480129dd1a3c0207ca238fa9e76fa3
b7535ea57e1dab3be62a261787bb532462e83e6bcda2a4832a9febc5cca3eae4
Analyzer Verdict Alert fortinet Malware
GET /tag.min.js HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:51 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 25191
Connection: keep-alive
Content-Encoding: gzip
X-Trace-Id: 48e8acc4ab399f0084997964803791aa
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Accept-Ranges: bytes
Last-Modified: Fri, 27 Jan 2023 14:27:19 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
push.services.mozilla.com/
35.83.217.74101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.83.217.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vHVNtrEcqruIg7JiP+xPig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KnVKf6cGqQ0nORbW7KRkUmFdmeQ=
nanouwho.com/1?z=4861570
139.45.197.242200 OK 7.1 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (17093)
Hash 7682e8f149ad2883cafcdb287c254450
786d7c83cd40fa6f2e792e8df45d9f49ee905e78
ff7381dcb95983645532ba3148a47a93eb95181556d93e0832044528d749b5c3
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=4861570 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:51 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
X-Trace-Id: dae951802722859b254abf10a54a5865
Access-Control-Expose-Headers: X-Sc
X-Sc: _nCGBFmbf-OO6HP5IE4yH6jMuffdmQus5L3Cc5KdDzwH4veoLYonfydVLvKV690TxNB3Q-s7lqbEPARyNDmFdq3ZGlI=
Set-Cookie: scm=1; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
OAID=e809a40539ba49a9b4380ec2f5f3b4b8; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
oaidts=1674937251; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
feignthat.com/pixel/purst?dl=0&th=0&sc=0&rs=1133&rd=1133&fd=674&bv=22.10.v.9&tmpl=70
192.243.61.227200 OK 0 B URL HTTP/1.1 feignthat.com/pixel/purst?dl=0&th=0&sc=0&rs=1133&rd=1133&fd=674&bv=22.10.v.9&tmpl=70
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1133&rd=1133&fd=674&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: feignthat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 20:20:51 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ab744f1fbf03bf793085117f6691a062
f26ee7a876fee3e80c2521374a4c527d55b17e83
fc5b8cb6f5bd7396921cac6bf1bbd6cb41715cdcd19527ae5310e59eafd07928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC5B8CB6F5BD7396921CAC6BF1BBD6CB41715CDCD19527AE5310E59EAFD07928"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4574
Expires: Sat, 28 Jan 2023 21:37:05 GMT
Date: Sat, 28 Jan 2023 20:20:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2dd2e633474f1fd63331566569feb36e
7aa1f210a61b59c7ffa80c6599a4280c7e76877d
db47c77d118f487912c2acd33a4ce2340e0131b8b34f3b01a2ee2a5bf387b7ce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB47C77D118F487912C2ACD33A4CE2340E0131B8B34F3B01A2EE2A5BF387B7CE"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6913
Expires: Sat, 28 Jan 2023 22:16:04 GMT
Date: Sat, 28 Jan 2023 20:20:51 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=ff3efe1df0c34c91b081718e12e93164
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=ff3efe1df0c34c91b081718e12e93164
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 2b922f1be53c7a956af48599f73af3b9
54e1c35376b4d8506b5b8e994be38de918951938
c0a974f6b103ee333b0dd9a61a354c4ccafc01c9ba3fac04a2c7c38b3911ed5b
GET /gid.js?userId=ff3efe1df0c34c91b081718e12e93164 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 20:20:51 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://upbam.org
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ff3efe1df0c34c91b081718e12e93164; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
upgulpinon.com/1?z=5030637
139.45.197.242200 OK 7.1 kB URL HTTP/1.1 upgulpinon.com/1?z=5030637
IP 139.45.197.242:0
File type ASCII text, with very long lines (17093)
Hash 463ef928127e357d9b919b3e35597d91
dfd264bb9fc88d04b15eb5e4cf8d152246ffb7db
9ee05859fb046947a22eb63fa58e81d36655a73046bfb5cb49cfe1a572e5d08e
GET /1?z=5030637 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 20:20:51 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
X-Trace-Id: f210b36bd2a1fcfc8af1951a5c9111f4
Access-Control-Expose-Headers: X-Sc
X-Sc: 3W8GG3Otym2Ps5XtDKqeEKQJAE9Xo8qRPw-re0npIwDahTD0USJRJNE7uuHE4Ch-DxPoN0U08E2Vjw1kId2gNviJ0Zw=
Set-Cookie: scm=1; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
OAID=47bdadfbd2e443bd8c479269aac45062; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
oaidts=1674937251; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
upbam.org/js/paging.js
104.21.72.253200 OK 14 kB IP 104.21.72.253:0
File type HTML document, ASCII text
Hash 501f5220552983db719fc741a22cbcd8
147aa98a5d16d7d12a4ddcdeb0bc86e605a4a284
c61fd6d8d7cc1e20a60ee014cf2ee62b478a63419477e63de9723fe5000b8cde
GET /js/paging.js HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: application/javascript
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: W/"739-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 4095
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=40icDUnwc2WzFWvM8mvgLgwZhn5RGjGNG595hh03GcmTc461j1zPL%2FIFXpeElipPnhIUyU%2FIgjHLyFD9o7E2M7DpzX2A5N2w6LysXV7ofJ6Ud5jx%2FASAWz3M4vw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e57093bb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.59.13200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 20:20:51 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 679916acdfab244f61d6ee82549dfb6d
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 98f5d6b84b8dabddd0f8baa4f88c7c48
e87097e896f3c41dacbcc32bcb4853fd0db1ddc0
99b5722b6d615a3ecf9833440cd8a3fa82153bf724d28fabbac92e2d95e45b5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "99B5722B6D615A3ECF9833440CD8A3FA82153BF724D28FABBAC92E2D95E45B5A"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20187
Expires: Sun, 29 Jan 2023 01:57:18 GMT
Date: Sat, 28 Jan 2023 20:20:51 GMT
Connection: keep-alive
friendshipmale.com/sfp.js
172.64.141.24200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.141.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:20:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 4a5184ad22efd95563d8989af6451f19
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 28 Jan 2023 20:20:51 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BOCu2jZi4tz%2BUJMXz6as8dAw6qt%2Fo36RfD8wTZ7iTUDHXHfuc2nUhUa6iFh6JgP1HSI57DT3wGrJW56RPyg8BIClGfgmnpLzzZtPRs0Hba9ODVhLN2jjdedDMgTe1DZBV2vd2b8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790c6e5d5fe97330-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
upbam.org/63rx1sg3au0h/favicon.ico
104.21.72.253200 OK 3.1 kB URL HTTP/1.1 upbam.org/63rx1sg3au0h/favicon.ico
IP 104.21.72.253:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 2a4687b9a267c7184e9a1a8184e1208e
6b12c33a973173fe6854f2e81e64fc2434b24273
af06a8832a48a55eb7f6e1d128fa6792c638267b535db8087d388b264bbaf046
GET /63rx1sg3au0h/favicon.ico HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/63rx1sg3au0h/Shahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html
Cookie: lang=english; aff=4588; cap160={"zi":{"v":1,"t":1674937255076},"zc":{"v":0,"t":null},"ac":{"i":1,"c":0,"t":null},"c":{"1190":{"i":0,"c":0,"t":null}}}; ppu_show_on_068de0f61fc75f93b5ec620b96ffc803=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb%3A2%3A1; ppu_main_068de0f61fc75f93b5ec620b96ffc803=1; ppu_exp_068de0f61fc75f93b5ec620b96ffc803=1674939055490
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:20:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Fri, 27 Jan 2023 20:20:51 GMT
Access-Control-Allow-Origin: https://upbam.org
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sat, 28 Jan 2023 20:20:51 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ymZrIRh%2Bmb622c6ghySuNAcdc1KsEoSOZaOETSXayl%2Fz3j3vyZo3A1K%2BveQmV4gYcNpGrqqTa09SjxSm5VUOOwBf0uq0YbiUgKRcNTdCeonQU7uWrr1a7qBO3eU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790c6e5e797bb527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
upgulpinon.com/27/dae1eb9bef878cda2f3d5a0907ef4d01
139.45.197.242200 OK 130 kB URL HTTP/2 upgulpinon.com/27/dae1eb9bef878cda2f3d5a0907ef4d01
IP 139.45.197.242:0
File type ASCII text, with very long lines (65523)
Size 130 kB (129865 bytes)
Hash dfe25e7c1029063c8c84652f2fe52e77
f22a251c0cf23c77ecdd0c1600f90776a2bf9836
4a2e10643e691b0c8e789b95a2a755d508e117a534784971582b692e260383d5
GET /27/dae1eb9bef878cda2f3d5a0907ef4d01 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 20:20:51 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Fri, 27 Jan 2023 06:22:51 GMT
expires: Fri, 26 Feb 2083 06:22:51 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/9?z=4861570&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=ff3efe1df0c34c91b081718e12e93164
139.45.197.242200 OK 7 B URL HTTP/2 nanouwho.com/9?z=4861570&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=ff3efe1df0c34c91b081718e12e93164
IP 139.45.197.242:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=4861570&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=ff3efe1df0c34c91b081718e12e93164 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 220
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 20:20:51 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: http://upbam.org
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: c996f6690411c3d71ce9f33bcf9c1b7c
access-control-expose-headers: X-Sc
x-sc: OoFL6EEFOhTPY9iNYdpaN1XXwQbMGDQHsYx2RhxJVVpylLEU4ikRAx4pTOxSDiIpTH6oOWNauwXvbU65K834j-I10eQ=
set-cookie: scm=1; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
OAID=ff3efe1df0c34c91b081718e12e93164; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
oaidts=1674937251; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
nanouwho.com/27/dae1eb9bef878cda2f3d5a0907ef4d01
139.45.197.242200 OK 130 kB URL HTTP/2 nanouwho.com/27/dae1eb9bef878cda2f3d5a0907ef4d01
IP 139.45.197.242:0
File type ASCII text, with very long lines (65523)
Size 130 kB (129865 bytes)
Hash dfe25e7c1029063c8c84652f2fe52e77
f22a251c0cf23c77ecdd0c1600f90776a2bf9836
4a2e10643e691b0c8e789b95a2a755d508e117a534784971582b692e260383d5
Analyzer Verdict Alert quad9 Sinkholed
GET /27/dae1eb9bef878cda2f3d5a0907ef4d01 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 20:20:51 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Fri, 27 Jan 2023 06:22:51 GMT
expires: Fri, 26 Feb 2083 06:22:51 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5030637&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=ff3efe1df0c34c91b081718e12e93164
139.45.197.242200 OK 7 B URL HTTP/2 upgulpinon.com/9?z=5030637&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=ff3efe1df0c34c91b081718e12e93164
IP 139.45.197.242:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
POST /9?z=5030637&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fupbam.org%2F63rx1sg3au0h%2FShahid4U.Com.Boardwalk_Empire_S03E07_720p_WEB-DL.mp4.html&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=ff3efe1df0c34c91b081718e12e93164 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 220
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 20:20:51 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: http://upbam.org
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: fc2e559eff292d3f57daaa67e7c91e45
access-control-expose-headers: X-Sc
x-sc: OoFL6EEFOhTPY9iNYdpaN1XXwQbMGDQHsYx2RhxJVVpylLEU4ikRAx4pTOxSDiIpTH6oOWNauwXvbU65K834j-I10eQ=
set-cookie: scm=1; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
OAID=ff3efe1df0c34c91b081718e12e93164; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
oaidts=1674937251; expires=Sun, 28 Jan 2024 20:20:51 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
upbam.org/js/jquery-1.9.1.min.js
104.21.72.253200 OK 34 kB URL HTTP/2 upbam.org/js/jquery-1.9.1.min.js
IP 104.21.72.253:0
File type ASCII text, with very long lines (32089)
Hash ddde093717867538ac5da51a112704ec
c91b8e368f3db37abc0da1033ea1de47b9af22bb
c76ed609fcd946e4cd31b0538f6430be23ed3e699e7c82437bf637c92d3dd95d
GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: application/javascript
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: W/"169d5-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 4095
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxa77NVr0TF%2FAwIHuAcJynSbs39m12rOwPxrPErndW8Zyq4fG3qzcXj4X2Y7cHU0qivDLCN17TlZEvCWWRzYJin1slMcCCtXEUijVNokLm%2BrrQnTGRS0wPLGM1Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e56c8e7b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=88eb0903395b835e80c1dbf7a07299e3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=88eb0903395b835e80c1dbf7a07299e3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=88eb0903395b835e80c1dbf7a07299e3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 20:20:52 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 994466dc7d187bebcab07809e64f7f17
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3605
Expires: Sat, 28 Jan 2023 21:20:57 GMT
Date: Sat, 28 Jan 2023 20:20:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3605
Expires: Sat, 28 Jan 2023 21:20:57 GMT
Date: Sat, 28 Jan 2023 20:20:52 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=068de0f61fc75f93b5ec620b96ffc803&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=068de0f61fc75f93b5ec620b96ffc803&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=068de0f61fc75f93b5ec620b96ffc803&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://upbam.org/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 20:20:52 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cbcc7f0c7a7e2d8091976e59981558eb
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3620
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 20:20:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 80646
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b9e50f-b1f6-4665-acd6-9532ce741c2f.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b9e50f-b1f6-4665-acd6-9532ce741c2f.jpeg
IP 34.120.237.76:0
Hash e75d7211550872f3627d846b4f72fbfe
6121fa13ea86743ae9614315c2f4364a04352ccd
1159179a2a490fe44c40fdd14191fccf9bd4d224b8e9fd1ceef7330b12b87994
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b9e50f-b1f6-4665-acd6-9532ce741c2f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8739
x-amzn-requestid: 77241ca1-d7d1-4133-bc06-e89a8db93aef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbANlFiSoAMFrcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44723-0b07156624f03d47665f2d4f;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:50:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9ZePVrD3oL-ImiMCCYYfuUbQ8l09Q-9F91cFRgSgFG2poVC5Ww4JaQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:57:22 GMT
age: 80610
etag: "9e3c3ac1b5a8a5fcee6d1b0db1a61b71948d5fe5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
104.18.11.207200 OK 17 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (23577)
Hash b772387acb0ce7af2bffd4b29082658c
92f9498aa499076b21ffec137a3ff1e0397bb010
1908b0d243a831ba08db0099f0fba26d98b3d36ef5a9be732493c1aa5722e7ea
GET /font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 21:08:57
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e6a55b08fe5091f45c9e99ce9e9f98c2
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 20378849
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 790c6e56880e0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
age: 80655
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yEFlWGi3J14JLA0l2h02VlIqV8opHesKP6GOvfoP5Tp0m7dOYDxIGA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:59:32 GMT
age: 80480
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1WE1zQwrCGVy8HLT9_BFkAr6rQE_ROyttMOByR32KeT0w2Hd_ylvYQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:16:00 GMT
age: 79492
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
excretekings.com/sbar.json?key=88eb0903395b835e80c1dbf7a07299e3&uuid=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb%3A2%3A1
192.243.61.227200 OK 4.5 kB URL HTTP/1.1 excretekings.com/sbar.json?key=88eb0903395b835e80c1dbf7a07299e3&uuid=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb%3A2%3A1
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6279), with no line terminators
Hash 170fd6dba461a536c2acc1dbb73b3e42
95c9a8142fb6f355f2e15a3759f07e8debf3b727
57fb33583d90075e166096276e2ac4276a65c2564e743a65d6ac5213f6727ab3
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=88eb0903395b835e80c1dbf7a07299e3&uuid=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb%3A2%3A1 HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 20:20:52 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://upbam.org
Access-Control-Allow-Origin: http://upbam.org
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17572910; expires=Sun, 29 Jan 2023 20:20:52 GMT; secure; SameSite=None
uid_id2=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb:2:1; expires=Sat, 04 Feb 2023 20:20:52 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 29 Jan 2023 20:20:52 GMT; secure; SameSite=None
uncs=1; expires=Sun, 29 Jan 2023 20:20:52 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 29 Jan 2023 20:20:52 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 29 Jan 2023 20:20:52 GMT; secure; SameSite=None
slec88eb0903395b835e80c1dbf7a07299e3=[3952979]; expires=Sat, 28 Jan 2023 20:20:57 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 441062a17e78303b72c78e186b4c6d0a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
excretekings.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSeDempgFTUC4dKe%2BgBJOLs2t7YS5EiQkkVKGloCjnPr3WGrHdWM7tex3AIREI9GokDF6TN56QRpapa7kjIQUIQDtSoQjkQib%2BAAxJnZMci6jvMe2%2B%2Bd3jf973P9%2FJT4iGnJ2vv6Z6KYzofVDz3lQ2VCF1Yd%2FWO63sV75q7oZKF%2BjW3O35M53XfCyreq%2B4Nybf0fNXzPc%2F3fHdZGRnp7vwEhUofhH4l9Cr1asUP6uiaZ3ubO7DUgeickpegxOjC5s%2BPofgQSfvRdWm3Mp2%2B9nY7j2mmDTri8INkK9FFgvZ5GRkHUXI4nYa2I0K%2BmoFODqcMoDv7YwZgakScP3yw5HC6Jljn4GxTFkMmYOIiis4QMh5C0SG43oUSTwjABVZvIWnfW9WmoNtnKB2jIzL77z9QxYjM%2FnkZSfvhUqy67rqO80zpxKIblVDdIVRriDQ%2FQtZzoIoj8OwzKEGQtEsocXKVeWFEG2Ewx4NGNFdnC2KONepsLlqIRCgWaNTgbCKNUkOoaIhY9kHtDHLrIFcO8shBnjpoixOXBmHkeY2IRbVas845r9U4D5oLIhC1ejPykPPx7n1kaR887oObHaRmB1uqD5P%2FALtZwgoHNiPoiBKFJCgsQUEJCkVQZARFpzwQsa3a8p6Ibc78aa5Oc60c6Ky1Rw901pIJ2UtPyaWxYM7zVyvYkidusymZF3q1WhiwZi2QTY%2F7gkUN6jWqYShrsKqEsjOg1kFPjciVX5pI1djgF8DoEWx8BK4ugeZXQItBo%2BqBbg7qTQ%2B95H5HCUbbFW1aELpEms0i23b24lPy8sS2N95fh%2BTHi49%2BffL0nZXfwE2J1JT4SP1I0IrvDm7rguzf1oUlj2%2BlmWqrHh1bup7RTF64%2F67cLrQRK9dt%2F5s3%2BRgYlw%2FuSJvdpIlQScuSb5eUENIsa8Ml%2BX7Fbki2ltvNpdwkeXpz7a3llXZqpLVKJ0PQMbFPPwFXI3LRSSbn6nZPocwQJi%2FRzo%2FJNKD0EXi6A5seL37Z%2B%2BvGw8sfw2oCE5%2FPsNRBkZcDU2Xnn7EiiOV5T1kJK48Xf%2Fr76%2B%2FmXvwQTP4vyJ69i5ZxQLPdyZF2TIlOXILGfdj8uUGWmuPF32uTAIudAYuNs89iE39xJq5VJ64MIi%2BSXlWyKJw4K8KoHjIa%2BrLBAuojsyP%2BdHf%2FPwAAAP%2F%2FAQAA%2F%2F%2BW%2F15ShgQAAA%3D%3D
192.243.61.227200 OK 7 B URL HTTP/1.1 excretekings.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSeDempgFTUC4dKe%2BgBJOLs2t7YS5EiQkkVKGloCjnPr3WGrHdWM7tex3AIREI9GokDF6TN56QRpapa7kjIQUIQDtSoQjkQib%2BAAxJnZMci6jvMe2%2B%2Bd3jf973P9%2FJT4iGnJ2vv6Z6KYzofVDz3lQ2VCF1Yd%2FWO63sV75q7oZKF%2BjW3O35M53XfCyreq%2B4Nybf0fNXzPc%2F3fHdZGRnp7vwEhUofhH4l9Cr1asUP6uiaZ3ubO7DUgeickpegxOjC5s%2BPofgQSfvRdWm3Mp2%2B9nY7j2mmDTri8INkK9FFgvZ5GRkHUXI4nYa2I0K%2BmoFODqcMoDv7YwZgakScP3yw5HC6Jljn4GxTFkMmYOIiis4QMh5C0SG43oUSTwjABVZvIWnfW9WmoNtnKB2jIzL77z9QxYjM%2FnkZSfvhUqy67rqO80zpxKIblVDdIVRriDQ%2FQtZzoIoj8OwzKEGQtEsocXKVeWFEG2Ewx4NGNFdnC2KONepsLlqIRCgWaNTgbCKNUkOoaIhY9kHtDHLrIFcO8shBnjpoixOXBmHkeY2IRbVas845r9U4D5oLIhC1ejPykPPx7n1kaR887oObHaRmB1uqD5P%2FALtZwgoHNiPoiBKFJCgsQUEJCkVQZARFpzwQsa3a8p6Ibc78aa5Oc60c6Ky1Rw901pIJ2UtPyaWxYM7zVyvYkidusymZF3q1WhiwZi2QTY%2F7gkUN6jWqYShrsKqEsjOg1kFPjciVX5pI1djgF8DoEWx8BK4ugeZXQItBo%2BqBbg7qTQ%2B95H5HCUbbFW1aELpEms0i23b24lPy8sS2N95fh%2BTHi49%2BffL0nZXfwE2J1JT4SP1I0IrvDm7rguzf1oUlj2%2BlmWqrHh1bup7RTF64%2F67cLrQRK9dt%2F5s3%2BRgYlw%2FuSJvdpIlQScuSb5eUENIsa8Ml%2BX7Fbki2ltvNpdwkeXpz7a3llXZqpLVKJ0PQMbFPPwFXI3LRSSbn6nZPocwQJi%2FRzo%2FJNKD0EXi6A5seL37Z%2B%2BvGw8sfw2oCE5%2FPsNRBkZcDU2Xnn7EiiOV5T1kJK48Xf%2Fr76%2B%2FmXvwQTP4vyJ69i5ZxQLPdyZF2TIlOXILGfdj8uUGWmuPF32uTAIudAYuNs89iE39xJq5VJ64MIi%2BSXlWyKJw4K8KoHjIa%2BrLBAuojsyP%2BdHf%2FPwAAAP%2F%2FAQAA%2F%2F%2BW%2F15ShgQAAA%3D%3D
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSeDempgFTUC4dKe%2BgBJOLs2t7YS5EiQkkVKGloCjnPr3WGrHdWM7tex3AIREI9GokDF6TN56QRpapa7kjIQUIQDtSoQjkQib%2BAAxJnZMci6jvMe2%2B%2Bd3jf973P9%2FJT4iGnJ2vv6Z6KYzofVDz3lQ2VCF1Yd%2FWO63sV75q7oZKF%2BjW3O35M53XfCyreq%2B4Nybf0fNXzPc%2F3fHdZGRnp7vwEhUofhH4l9Cr1asUP6uiaZ3ubO7DUgeickpegxOjC5s%2BPofgQSfvRdWm3Mp2%2B9nY7j2mmDTri8INkK9FFgvZ5GRkHUXI4nYa2I0K%2BmoFODqcMoDv7YwZgakScP3yw5HC6Jljn4GxTFkMmYOIiis4QMh5C0SG43oUSTwjABVZvIWnfW9WmoNtnKB2jIzL77z9QxYjM%2FnkZSfvhUqy67rqO80zpxKIblVDdIVRriDQ%2FQtZzoIoj8OwzKEGQtEsocXKVeWFEG2Ewx4NGNFdnC2KONepsLlqIRCgWaNTgbCKNUkOoaIhY9kHtDHLrIFcO8shBnjpoixOXBmHkeY2IRbVas845r9U4D5oLIhC1ejPykPPx7n1kaR887oObHaRmB1uqD5P%2FALtZwgoHNiPoiBKFJCgsQUEJCkVQZARFpzwQsa3a8p6Ibc78aa5Oc60c6Ky1Rw901pIJ2UtPyaWxYM7zVyvYkidusymZF3q1WhiwZi2QTY%2F7gkUN6jWqYShrsKqEsjOg1kFPjciVX5pI1djgF8DoEWx8BK4ugeZXQItBo%2BqBbg7qTQ%2B95H5HCUbbFW1aELpEms0i23b24lPy8sS2N95fh%2BTHi49%2BffL0nZXfwE2J1JT4SP1I0IrvDm7rguzf1oUlj2%2BlmWqrHh1bup7RTF64%2F67cLrQRK9dt%2F5s3%2BRgYlw%2FuSJvdpIlQScuSb5eUENIsa8Ml%2BX7Fbki2ltvNpdwkeXpz7a3llXZqpLVKJ0PQMbFPPwFXI3LRSSbn6nZPocwQJi%2FRzo%2FJNKD0EXi6A5seL37Z%2B%2BvGw8sfw2oCE5%2FPsNRBkZcDU2Xnn7EiiOV5T1kJK48Xf%2Fr76%2B%2FmXvwQTP4vyJ69i5ZxQLPdyZF2TIlOXILGfdj8uUGWmuPF32uTAIudAYuNs89iE39xJq5VJ64MIi%2BSXlWyKJw4K8KoHjIa%2BrLBAuojsyP%2BdHf%2FPwAAAP%2F%2FAQAA%2F%2F%2BW%2F15ShgQAAA%3D%3D HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Cookie: u_pl=17572910; uid_id2=b09fa795-c57f-4b6d-b74b-f6fd9d6af7cb:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec88eb0903395b835e80c1dbf7a07299e3=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 20:20:52 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad0d4b228bc07fe3a90bb2f19fe7d902
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e34c204daf6f65e512d7168b01268c76
793aacf3316ca30d6bef3acaaf097e42e2013e49
a748e66ab50d8c910a381a0e653c9b3e95c15043c5c52e91fbaeb20282b9fd49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A748E66AB50D8C910A381A0E653C9B3E95C15043C5C52E91FBAEB20282B9FD49"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6899
Expires: Sat, 28 Jan 2023 22:15:52 GMT
Date: Sat, 28 Jan 2023 20:20:53 GMT
Connection: keep-alive
cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
45.133.44.4200 OK 955 B URL HTTP/2 cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 3311b451b6e90781dab5ae61a1e4f65d
940e4700d9c5fbf74f8c15dcf10c28661e34cf2c
3def788280ca0f9ba09e050e3f3bfba82e5268fe2104f1c02a8f265c12774023
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:53 GMT
content-type: text/html; charset=utf-8
content-length: 955
server: nginx/1.17.6
last-modified: Wed, 18 May 2022 11:09:59 GMT
etag: "6284d407-3bb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Sat, 28 Jan 2023 21:20:53 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7404
Expires: Sat, 28 Jan 2023 22:24:17 GMT
Date: Sat, 28 Jan 2023 20:20:53 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7404
Expires: Sat, 28 Jan 2023 22:24:17 GMT
Date: Sat, 28 Jan 2023 20:20:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4675bd0dbda20e272b32eb9db03f35d8
aa655fd97778059913ab170765257aaef33e7119
a9bb5d439a01135af6d41e60455509b20fee27f7661ad81f6cb955ffdc9c1f12
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9BB5D439A01135AF6D41E60455509B20FEE27F7661AD81F6CB955FFDC9C1F12"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 28 Jan 2023 21:47:20 GMT
Date: Sat, 28 Jan 2023 20:20:53 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
45.133.44.10200 OK 12 kB URL HTTP/2 cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c07f1baac701b672939b359081f813c7
d38ffbae259aae1e8ad3b38959339bb29da9b69f
85bc8e3de3651f6f03dc381ea4bbaff350d8973c37f598582838677817bf1826
GET /si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:53 GMT
content-type: image/png
content-length: 12186
server: nginx/1.17.6
last-modified: Sun, 22 Jan 2023 04:25:10 GMT
etag: "63ccbaa6-2f9a"
expires: Mon, 30 Jan 2023 20:20:53 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7404
Expires: Sat, 28 Jan 2023 22:24:17 GMT
Date: Sat, 28 Jan 2023 20:20:53 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
172.64.166.9200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
IP 172.64.166.9:0
Hash b0af94306e34d863f64baa44f42f77c6
ad2be00e29e0654550b96d62fe35646ead8cd842
035253b8637a8f47df557ac142af86db549f515c9749f6b8768641bf64a94b95
GET /sb/notifications/software/us/ios/desk-new-big/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:53 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:02 GMT
etag: W/"602d0182-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K8dMHBOJ6a002EkuNMQg8iW%2BKWENNb3NYzZCpqsmYb5UTlnPNQkSIJ0MMDYT9Q%2BJBwH%2B8K1W%2BG%2BvFD3ky%2F7oeygiBQgyz4ysm8RV0GVcHZWBf0bPwJ7WXnlXzf9jLla%2FPG%2B%2BgLqgWW5t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e682ca076d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
172.64.166.9200 OK 189 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
IP 172.64.166.9:0
Hash 1d0fa0ba8245544cc13df3c4ad152fe5
4dab7828317a03f52e7b0a2d4e9955b7b598e38e
238d866c643309c7d8f3bec3647906efc75cdac992728b99d0dd779479ffdba8
GET /sb/notifications/software/us/ios/desk-new-big/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:53 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:44:05 GMT
etag: W/"602d0185-183"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DDw7KiLViuogv3skSuD6Ap61BI4PLqd5P8SazwKwpYDP2kLs9tyJfGdkmkgrsesQFdwRbPw2D8i71SWbVI1mW4saDL8j68mIH5uG4fsXy87tX6l2w%2BQjI4w4tPYgUybspEAVvy%2FAjPGO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e682ca976d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
172.64.166.9200 OK 73 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
IP 172.64.166.9:0
File type Web Open Font Format, TrueType, length 72696, version 11.0\012- data
Hash 53d97caea7ef8a12beab745fcc5744e1
b8c70e4f67957e4f2cb809a58d84c773a3bde6d0
542772868e28df6d786b6f00f9dec929cba214d928cb013b32588485b46f8715
GET /sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://upbam.org
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:54 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Wed, 17 Feb 2021 11:42:38 GMT
etag: "602d012e-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d017I4aSenOfN9E4pwK2nwE3SVzC640OepQdQMS2A83CRo8r7kXtbfGW%2FAkhQ0YJca4fg5s2UNA2pGArTC1fpscmEUOW8RNljL0XPLFIRbX04%2Fmct9xUenkjY70FM%2F%2Fwx4Tkc523PaOi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e6ac88076d2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
upbam.org/js/jquery.paging.js
104.21.72.253200 OK 0 B URL HTTP/2 upbam.org/js/jquery.paging.js
IP 104.21.72.253:0
GET /js/jquery.paging.js HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: application/javascript
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: W/"4ba5-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 4095
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iV0w%2BFl9BSSn84YB92hraRQzDpHTxawPUUYRuzzT4Pc2oe9whiDFTwujb%2FEeej377hyO2t4cPr%2BR%2FJNaO2HJzn7TDa%2B6eaFnWTLIgfl1rdo1C5hLcQJs8yXmtLQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e56f92bb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
upbam.org/js/jquery.cookie.js
104.21.72.253200 OK 0 B URL HTTP/2 upbam.org/js/jquery.cookie.js
IP 104.21.72.253:0
GET /js/jquery.cookie.js HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: application/javascript
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: W/"c31-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 4095
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=htijnwd1LL5tBEWTIT3wlgwDOnXk9bO%2BtkxL1bo%2BqnbC3mE0jDbRs4JPZTVXgNfWyy63I%2F7WQxKwtJHOe8l%2BHcqXahzkLbJSVmFcb2Y84brRtFyBRzK%2Bda1YifQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e56f92cb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
IP 172.64.166.9:0
GET /sb/notifications/software/us/ios/desk-new-big/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:53 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 12:16:53 GMT
etag: W/"614c7035-145e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qcUexpRY1YgaiGVvKoa70WrITF9rDHFoAwnWK55rto%2By12G3QRY3YGD65qMdI%2BabyLTXHBImPvlP4pUIXfCebwCmPIIvPEF5Ygi0tF4HteZGn3g74Mxf8JJtxXqdqJdVR0gb4ye%2BcPqc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e682ca876d2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
IP 104.18.11.207:0
GET /bootstrap/3.3.7/css/bootstrap-theme.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://upbam.org
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 08/03/2021 14:28:52
cdn-edgestorageid: 601
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-proxyver: 1.0
cdn-status: 200
cdn-requestid: 662e998fb9557f7506c85330d8554098
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 790c6e56da6bb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
upbam.org/css/bootstrap.css
104.21.72.253200 OK 0 B URL HTTP/2 upbam.org/css/bootstrap.css
IP 104.21.72.253:0
GET /css/bootstrap.css HTTP/1.1
Host: upbam.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://upbam.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:20:50 GMT
content-type: text/css
last-modified: Wed, 02 Jun 2021 02:01:00 GMT
etag: W/"2335b-5c3bed4814f00"
access-control-allow-origin: https://upbam.org
cache-control: max-age=14400
cf-cache-status: HIT
age: 4095
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nKQbDVH%2FZPwVCQBHf09CCWCfX5jfzFySkD8PbzEAiwqkr3E%2FB6KSANEuzy4JC4fGO%2BCV0nuj3bUPPOr%2FlxvolvFAag0fCvSCf9VQP3gVq%2FKKxOwQjA%2BlFiriSoM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790c6e56e908b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2