firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 03 Oct 2022 22:46:59 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vFDXIGh_rVUou2Yy-JIrF-4gGNKnxlwBAbcHeemMGEaZx0gFFHXSQA==
Age: 3178
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6931
Expires: Tue, 04 Oct 2022 01:35:28 GMT
Date: Mon, 03 Oct 2022 23:39:57 GMT
Connection: keep-alive
n9.cl/ye6rm3
104.21.14.177301 Moved Permanently 299 B IP 104.21.14.177:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b5d2124b3f388af2bdfc970ae2ddb32b
623908d16ce87d75b1b33aacedf910d241354550
580e1386f4a8e64f8aace74ecd3d663e19ce4a3fe00663202e6004291528fb17
Analyzer Verdict Alert quad9 Sinkholed
GET /ye6rm3 HTTP/1.1
Host: n9.cl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 03 Oct 2022 23:39:57 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://n9.cl/ye6rm3
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Hqp1PEGmeQr2SKa0hJJdn9IjEQTG3wtyJq3wuueJNVavaQxrTlSRFEp8pyfj%2FT7fGtAjpFCD1AWetWYaNSf11GCvKqsk%2BSqftZzXPHBdjzk4pwghf%2BZyw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 754985254cc9b518-OSL
alt-svc: h2=":443"; ma=60
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 03 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lTNRUcgDuhyZnrkyHAAQWAFJYO7ZH72DUpJqa1wQiwR-6s98byerPg==
age: 65490
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:39:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6d01ee2d95f29493aff949ca8fb31320
d1a2f58464f135805aa3f6e474ac409e171429da
afc2c143926d012b8fc83b32fac5a0102dbaf0dd80ef1b62aa4a47a02d29d4eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 23:39:58 GMT
Server: ECS (amb/6B7C)
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 03 Oct 2022 23:29:33 GMT
Expires: Tue, 04 Oct 2022 00:19:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uAuX8uhB60z2BApC3UyLIdZP-fqi_6V3kVahf6QX8m4N_hK4E6giRw==
Age: 625
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4844
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 23:39:58 GMT
Last-Modified: Mon, 03 Oct 2022 22:19:14 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.237.51.86101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.237.51.86:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LdeCG1DqnIKZPtt/CbcezA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: My9MQuPADL/THq45sTQdV5m29rY=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6d01ee2d95f29493aff949ca8fb31320
d1a2f58464f135805aa3f6e474ac409e171429da
afc2c143926d012b8fc83b32fac5a0102dbaf0dd80ef1b62aa4a47a02d29d4eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 23:39:59 GMT
Last-Modified: Mon, 03 Oct 2022 23:39:58 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.12.0/js/all.min.js
104.17.25.14200 OK 345 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.12.0/js/all.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65350)
Size 345 kB (345403 bytes)
Hash 66cf7459e37f3610504799ee3e7e479d
b403e67e7159f01f99e97a8ff2ff12ff896266e3
5fbff621a5195a4643d9f60a64a6bdfde4b3bacdbcf10367e6a0da1640c45ee4
GET /ajax/libs/font-awesome/5.12.0/js/all.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:39:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 345403
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e60-117579"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 457607
expires: Sat, 23 Sep 2023 23:39:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8zzF84N133xtxTKQe0RlHPEvLDEFgzTq5HBSAYdtZXNsis%2BtuG7k7rFKyuhTdT1SECg4aoQ7BGZlgvLk%2BnROXOCHVcp6kehObzDryQi0twirn597ihmw1rseFHQr8iLiX%2BtyR74Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 754985319c430b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b45b15bb651cc185ea82d91a51f06b5a
44987727be72bb12b4e4fc4fac50145835512750
f0b61426de169cf2efde87ac98d5123ea785004ad05c05932a099b644b2fdf64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 23:39:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 795df77e9174e468102d084f21f2af4f
9ec95cb2cc5580965d765c877246ba55736bc139
b453873ea06ad40313a178f0a0dd440642a58498919029af9c22ff0de23c236e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B453873EA06AD40313A178F0A0DD440642A58498919029AF9C22FF0DE23C236E"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9119
Expires: Tue, 04 Oct 2022 02:11:58 GMT
Date: Mon, 03 Oct 2022 23:39:59 GMT
Connection: keep-alive
www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit&hl=en
142.250.74.164200 OK 580 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit&hl=en
IP 142.250.74.164:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 136fae5a41be59c594f8e4ce41763fdc
e7550b8efe073eed83c6b25b9a49cadbb336b04a
31ca956b816a4c32c594b84d5e2e81aa1c4f02dc175ac542159f818878855aef
GET /recaptcha/api.js?onload=onloadCallback&render=explicit&hl=en HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 03 Oct 2022 23:39:59 GMT
date: Mon, 03 Oct 2022 23:39:59 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 24c2bf2421530830671815247584c032
54c847370c2c9c2639d298c19d46927d0ccdc38a
b06aefc9a1dc51480c9c26be3439b42dcfab4ad08d89950663c932982da1c02e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 03 Oct 2022 23:39:59 GMT
Last-Modified: Mon, 03 Oct 2022 23:16:27 GMT
Server: ECS (dcb/7ECB)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: s8SgUl6sB4-29HYpLsg2Do0lHvUT2X8NpA_hvktXCp9N538u5y8n1A==
Age: 1412
arc.io/widget.min.js
54.230.111.70200 OK 2.9 kB IP 54.230.111.70:0
File type ASCII text, with very long lines (7592), with no line terminators
Hash 3905a4c83683794faf6bf59a2735b797
b1e344bf8407d4deb7ec224cc3a3426e2c291a0d
d02ac6f3b691dea5efe3d98057845a715b10e6082f2ed4d216107f4df7ee116e
GET /widget.min.js HTTP/1.1
Host: arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 2932
last-modified: Mon, 03 Oct 2022 19:39:20 GMT
content-encoding: br
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
date: Mon, 03 Oct 2022 22:51:33 GMT
cache-control: public, max-age=3600, stale-while-revalidate=864000
etag: "633b3a68-b74"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TuXrrSCP8iTGu9Te2pOyJE8-vKcL8KT3L1ZUY_kN_Ok8tsaRg4Q6dw==
age: 2918
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 129fe858bf2aa7291fd2c6dd4cf9d226
e3e048b964b851ebbdcfb5bd80ebdbad13720cf6
addc7e4ddab73c8c7ee50f6d33fc1e4ff73b71cc014e481049a393c3b87b0924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 23:39:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 249f0f7cbec6a60d2bf3efa15c8798cf
d48a6245006bb300d2b2b4a7982b27ef7d35e0e5
7ef19cd17623e4a052b71d1f15760775b9cb23c22183daaae9f8fc345044e914
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EF19CD17623E4A052B71D1F15760775B9CB23C22183DAAAE9F8FC345044E914"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 04 Oct 2022 05:39:59 GMT
Date: Mon, 03 Oct 2022 23:39:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8c97a1d06216d11a55de4db9467df156
9b0a21b88eac9275c0225425d46158d4dd4a1f44
b6223f874142a5ad9dfdd9dae5ced12ed24f95f2d44c195f2a45ae41d2333224
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6223F874142A5AD9DFDD9DAE5CED12ED24F95F2D44C195F2A45AE41D2333224"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 04 Oct 2022 05:39:59 GMT
Date: Mon, 03 Oct 2022 23:39:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 60c62a40ac623f87f5e7f809512fae60
928eba9e8339b65a11a1b38836aad24636b30ec7
44bb18d39b018ef657163be396cd52628fe06e3a58faf4803d9006ffed412a88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "44BB18D39B018EF657163BE396CD52628FE06E3A58FAF4803D9006FFED412A88"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 04 Oct 2022 05:39:59 GMT
Date: Mon, 03 Oct 2022 23:39:59 GMT
Connection: keep-alive
jigdigtry.com/p7vw59QaNsvI9Cv/30493
172.255.6.49200 OK 26 B URL HTTP/1.1 jigdigtry.com/p7vw59QaNsvI9Cv/30493
IP 172.255.6.49:0
File type ASCII text, with no line terminators
Hash 4e5d65669f8dcd928dad06adf883f025
d771713d758c3348dd7e5b38bb40c7935399ae46
0bebbf029fa045e4f462855e6c44edf8aaa36ded05b07a8ce456b67416d20c95
GET /p7vw59QaNsvI9Cv/30493 HTTP/1.1
Host: jigdigtry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2022 23:39:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Tue, 04-Oct-2022 23:39:59 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Tue, 04-Oct-2022 23:39:59 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
creamssicsite.com/t2qkO7ZNdC6OIs/30497
172.255.6.118200 OK 25 B URL HTTP/1.1 creamssicsite.com/t2qkO7ZNdC6OIs/30497
IP 172.255.6.118:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /t2qkO7ZNdC6OIs/30497 HTTP/1.1
Host: creamssicsite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2022 23:39:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://n9.cl
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Tue, 04-Oct-2022 23:39:59 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Tue, 04-Oct-2022 23:39:59 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
creamssicsite.com/t2qkO7ZNdC6OIs/30497
172.255.6.118200 OK 25 B URL HTTP/1.1 creamssicsite.com/t2qkO7ZNdC6OIs/30497
IP 172.255.6.118:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /t2qkO7ZNdC6OIs/30497 HTTP/1.1
Host: creamssicsite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2022 23:40:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://n9.cl
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 75e923b64cec860f775206964a1d14d0
59ea1ba48a2b10ef7220e964d7e966d572cc7a57
439f71e0ffacfc483b9559e781ba873f5e02b44cac65080763956e4ea3a33989
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "439F71E0FFACFC483B9559E781BA873F5E02B44CAC65080763956E4EA3A33989"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2279
Expires: Tue, 04 Oct 2022 00:17:59 GMT
Date: Mon, 03 Oct 2022 23:40:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf0f5e3b8567bfa947da2292c1e794f5
ad48c661ce926548e47b397065ef8c0f6858b956
9c53e2112410710b716d9529866dcf809ff19f1f2900a06067e20af6942b83ce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C53E2112410710B716D9529866DCF809FF19F1F2900A06067E20AF6942B83CE"
Last-Modified: Sun, 02 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10490
Expires: Tue, 04 Oct 2022 02:34:50 GMT
Date: Mon, 03 Oct 2022 23:40:00 GMT
Connection: keep-alive
seeptoag.net/zone?pub=0&zone_id=2339578&is_mobile=false&domain=n9.cl&var=&ymid=&var_3=
139.45.197.250200 OK 706 B URL HTTP/2 seeptoag.net/zone?pub=0&zone_id=2339578&is_mobile=false&domain=n9.cl&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (705)
Hash 0f28d3b3a15151e599b08dce43df774c
6ec6aaf56b2208c1d2fc859446185ee6b03ad104
d36e18e6242bb661cd0f2ed7b1f372dc5d552590f595180ce372d085d9d1f5af
GET /zone?pub=0&zone_id=2339578&is_mobile=false&domain=n9.cl&var=&ymid=&var_3= HTTP/1.1
Host: seeptoag.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://n9.cl/
Origin: https://n9.cl
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/json; charset=utf-8
content-length: 706
x-trace-id: 2d35e045bd5a0902fd9bb7e6befd92e5
access-control-allow-origin: https://n9.cl
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
static.arc.io/widget/js/core.js?e63b76c
194.242.11.186200 OK 106 kB URL HTTP/2 static.arc.io/widget/js/core.js?e63b76c
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
Size 106 kB (105842 bytes)
Hash ee7d48bde002c29c0648f92c5dd77466
e6fd83b86c6975ed5a33fc5b69ac9f6085e89686
0b36282b468d8cb81f7c74cba543ee26e122f0aa7dfc020ca562534556c20c7c
GET /widget/js/core.js?e63b76c HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://n9.cl
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000, stale-while-revalidate=864000
etag: W/"bea238786f7b16cb49ba924d16ad0f97"
last-modified: Mon, 03 Oct 2022 19:39:47 GMT
x-amz-id-2: UBXqWj/okUZi6aiie4kGbszOqwun5lE3cfYzu3EoR+h0kgnmkhi/T15fCnGFPhpXLFAQYvQe2lg=
x-amz-request-id: QC0ZAKJR1TK9YV72
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/03/2022 19:51:24
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 02f7cd00942e9ebacdf2530c83f7ecad
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2291
Expires: Tue, 04 Oct 2022 00:18:11 GMT
Date: Mon, 03 Oct 2022 23:40:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2291
Expires: Tue, 04 Oct 2022 00:18:11 GMT
Date: Mon, 03 Oct 2022 23:40:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2287c489794dab0e9ba923a2057988f
2b9f6828a38da81b40dcad033572e48b4c5896db
e853fa2acf2425d14cb9746e8bbd45c8765598d2bb630859086b4668182dbf6c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8534
x-amzn-requestid: 8ae51cd3-697b-47ed-8493-8f83e2bc7469
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuHlXoAMFucg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-165d72034440cf810d42f3bd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LPt8LUVoKhXjfz-jZHLmnWD15tQgSLRaxl-Bsl0UU83G7wm3jj7_mg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:37:24 GMT
age: 3756
etag: "2b9f6828a38da81b40dcad033572e48b4c5896db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
n9.cl/ye6rm3
104.21.14.177200 OK 15 kB IP 104.21.14.177:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (644), with CRLF, LF line terminators
Hash da88d7b8c072de3e92817455c25a7e7d
905a2aa4bd6ccc92552b6a9e5ff89d8e647cbe1b
59184e0b135972c90b099a2b13fd7355615fdeb974dc161d2e6dddfd096d37c0
Analyzer Verdict Alert quad9 Sinkholed
GET /ye6rm3 HTTP/1.1
Host: n9.cl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:39:59 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=1ak84i0dve9tjoq5anhtv64uh1; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: max-age=600, private, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qtYIQDy%2BxN%2FgXo%2FMmuF59zRrhAGMRk1sPcdtF7p5R6EzRzcGXSUPgKxzMxBT1JKKkSAxLANKU%2FP7e3KoKHoWr2U4HsF1ESWDsaJdh%2BAJTZk2uVjh4sL5bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75498528eb430afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 21 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type PNG image data, 39 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 74546b3b268c9249479099a4c0aa3914
84d51919f43aea0bf0182224c9df3d9f1e19b953
1d8d03639aa360b89968fa3dbc28ac6b37bbcb65785d56817505bb7c07b978fa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 04:42:51 GMT
age: 68229
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 126f1f4538e5e4228a4f36d3b02e9d62
16f2fe758de4ebf7d654cb9669c73f030eb1fdef
594210beaabbc35a37d5d648836277f950e46b2d4c2eab2abde2d33beafdff37
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4996
x-amzn-requestid: 2f13b6ea-4426-4b3f-81be-5d8ca0278ce7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcrokFkroAMF0XA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5969-421b4993676a68df2b43ad65;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:51:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0s9K75q7TzjbFBJ3vviHLcItPRb6CP2URJRYs2k9JmppyWHKvzv5hg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
age: 5341
etag: "16f2fe758de4ebf7d654cb9669c73f030eb1fdef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d5745f8e3528f481ae2acf05b4abd3d0
d830b94bea3b5698e5192a7ea05f90b25b2f9cc9
313e11915f0869a608c830637b9dfd236ff28a8fb3354c3cc8748816b0ee18b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481896f6-cdf2-442f-aea2-dfa2c7c45f77.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8738
x-amzn-requestid: ede4db78-f2ab-4226-a855-dc7373978dfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTFrBoAMFR3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-2776543e774f0016329ddade;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c9bu34_KooZB6Z4d8xXGnsd9jZ7lPl3yIo9II1Dm_2YVId3l9-7n-w==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:46 GMT
age: 6254
etag: "d830b94bea3b5698e5192a7ea05f90b25b2f9cc9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0001afba-471a-49f7-bb38-3d4741a9581b.jpeg
34.120.237.76200 OK 19 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0001afba-471a-49f7-bb38-3d4741a9581b.jpeg
IP 34.120.237.76:0
Hash a697043b4e5a96d70bff9621514c461f
86f9d2181ecd2ed010b6028ff0302d7a8d8558b8
b4a429db6627761325cb4d056e6972595713d3963071d704f6ceecf2d3be47ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0001afba-471a-49f7-bb38-3d4741a9581b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9708
x-amzn-requestid: 7cfcaf0d-1663-47d7-b08e-be3d0c39e035
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqFjHB5IAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b56f0-04c5da1940a620507649b822;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V5EjIZq5-ifuD25S3kj8Bl3SbZH10tm6DII-oRZVci4ic7Za7btGFw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:45:44 GMT
age: 3256
etag: "dc7bc4a378c0ddcd81e51046d21ed02b8be11a92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
upgulpinon.com/42/38?z=5338422
139.45.197.242200 OK 11 kB URL HTTP/2 upgulpinon.com/42/38?z=5338422
IP 139.45.197.242:0
Hash 7c0d99beb6e4725ebe403e68d81c854a
09f38788ef2cbc7878029ed0ba9541edb48a4397
76429755f4d35d79b83f196700cce5d5780a982bf99cfc65f32a96a89a7a11c4
GET /42/38?z=5338422 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Cookie: scm=1; OAID=b70038be4d9744cb8518b47f09b459be; oaidts=1664840399
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: aa4e1dadba0a7cd966d8fa4c095cf2eb
access-control-expose-headers: X-Sc
set-cookie: OAID=b70038be4d9744cb8518b47f09b459be; expires=Tue, 03 Oct 2023 23:40:00 GMT; secure; SameSite=None
oaidts=1664840399; expires=Tue, 03 Oct 2023 23:40:00 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
browser.sentry-cdn.com/6.2.2/bundle.min.js
151.101.130.217200 OK 21 kB URL HTTP/2 browser.sentry-cdn.com/6.2.2/bundle.min.js
IP 151.101.130.217:0
File type ASCII text, with very long lines (65448)
Hash a948fc086ec14683f3f2270913c7f702
945e9d1a6a70d4e3f87dbd1058879bcddcb40a1d
0bb5309b61da0b307549c7c9edd6a61766a86d3dd317d093525fddeebeb212e9
GET /6.2.2/bundle.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://n9.cl
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Fri, 17 Mar 2023 07:22:09 GMT
last-modified: Thu, 11 Mar 2021 09:25:54 GMT
etag: "a948fc086ec14683f3f2270913c7f702"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Mon, 03 Oct 2022 23:40:00 GMT
age: 17338670
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20633
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0a25532c4133886e22a425cacca9c027
41a1b476967aed6ac227717098cd8be3209b45b3
f50b860d2b3b4d59df90ad6b36c84639141ca9dd9530a74e07fd79fd9387f52e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 03 Oct 2022 23:40:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 06:25:20 GMT
Expires: Mon, 10 Oct 2022 06:25:19 GMT
Etag: "41a1b476967aed6ac227717098cd8be3209b45b3"
Cache-Control: max-age=542118,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754985376f8ab51d-OSL
seeptoag.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
OPTIONS /custom HTTP/1.1
Host: seeptoag.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://n9.cl/
Origin: https://n9.cl
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://n9.cl
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fff5ab702db21fa1e6edbf4e307901b8
58c7f09ecb7397fb1a6ffd0ec37d1c1bcc45718a
2ec3197770bb85e7bf9236e82b1022d78ddd3edba5c12a782ea6df66e8c3d290
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://n9.cl
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://n9.cl
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=7ff055ecefc54f9c9d3ab66db688df9d; expires=Tue, 03 Oct 2023 23:40:00 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
seeptoag.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Phishing
POST /custom HTTP/1.1
Host: seeptoag.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://n9.cl/
Content-Type: application/json
Origin: https://n9.cl
Content-Length: 353
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 85267a06442580f102a5d590ab6d571a
access-control-allow-origin: https://n9.cl
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5338422&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=7ff055ecefc54f9c9d3ab66db688df9d
139.45.197.242204 No Content 0 B URL HTTP/2 upgulpinon.com/9?z=5338422&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=7ff055ecefc54f9c9d3ab66db688df9d
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /9?z=5338422&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=7ff055ecefc54f9c9d3ab66db688df9d HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://n9.cl/
Origin: https://n9.cl
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://n9.cl
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arc.io/arc-sw-core.js
54.230.111.70200 OK 68 kB IP 54.230.111.70:0
File type ASCII text, with very long lines (22448)
Hash b62d64ef6acb7d9e69619926d12987fd
d17547ac81a5b9ec9d3cfaa7fbecd563233af351
e82a5776a21790a3b2855755cb37d2aea37274b04b5b4e4ee48c318e8127d7e2
GET /arc-sw-core.js HTTP/1.1
Host: arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 67725
last-modified: Sat, 31 Jul 2021 01:05:06 GMT
content-encoding: br
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
date: Mon, 03 Oct 2022 22:41:14 GMT
cache-control: public, max-age=3600, must-revalidate
etag: "6104a1c2-1088d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0jpFRKW1I36APgCBkKU2wH2IxjNpxnQg4nqUQOL9QuEsXfwm3BAVCA==
age: 3530
X-Firefox-Spdy: h2
static.arc.io/widget/css/widget.css?e63b76c
194.242.11.186200 OK 8.7 kB URL HTTP/2 static.arc.io/widget/css/widget.css?e63b76c
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
File type ASCII text, with very long lines (13367)
Hash c71224c045e9c031f979d8ecf87a125d
f7f623927c4ce40f8d3c57172353660f67e773a6
f8857bb3e44b613de03f215a97455d25c80bf3886ecd3fbde1a405f7de2d779f
GET /widget/css/widget.css?e63b76c HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: text/css
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-methods: GET, HEAD
access-control-max-age: 86400
cache-control: public, max-age=2592000, stale-while-revalidate=864000
etag: W/"ce66dd39d9339eebd65264a9ecc334be"
last-modified: Mon, 03 Oct 2022 19:39:47 GMT
x-amz-id-2: JqY4j5PUO/7rZtDsqK6wvf95CQevdVu2VtfKG43CHLxHKugYdnicA15JNI5uYhUMHDRIMlwEkPE=
x-amz-request-id: 0KYBA8ESZEBQ9ESE
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/03/2022 19:51:25
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: d04aa5cf736e35039c8fb3f7e229b468
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 150fe7ae571658763e2fc45f3b3ed3a2
e9dff48c589628bfbe659fcdd82c823c2b34c8fa
f86c5fbe92eadb02682a2672e74e5d3e8a7b7873a97303c534c2adc6f88fb338
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F86C5FBE92EADB02682A2672E74E5D3E8A7B7873A97303C534C2ADC6F88FB338"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6254
Expires: Tue, 04 Oct 2022 01:24:14 GMT
Date: Mon, 03 Oct 2022 23:40:00 GMT
Connection: keep-alive
upgulpinon.com/11?rnd=358914724&z=5338422&b=14148810&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=kafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ==&ruid=46de0190-4688-4f32-90a4-cce5aa61525b&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=150
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/11?rnd=358914724&z=5338422&b=14148810&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=kafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ==&ruid=46de0190-4688-4f32-90a4-cce5aa61525b&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=150
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=358914724&z=5338422&b=14148810&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=kafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ==&ruid=46de0190-4688-4f32-90a4-cce5aa61525b&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=150 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://n9.cl
Connection: keep-alive
Referer: https://n9.cl/
Cookie: scm=1; OAID=7ff055ecefc54f9c9d3ab66db688df9d; oaidts=1664840399
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://n9.cl
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c5faa26409c4b372d4b542fd2bfa8ddf
access-control-expose-headers: X-Sc
set-cookie: OAID=7ff055ecefc54f9c9d3ab66db688df9d; expires=Tue, 03 Oct 2023 23:40:00 GMT; secure; SameSite=None
oaidts=1664840399; expires=Tue, 03 Oct 2023 23:40:00 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 73badda57ad249dfc8f5434ce673a22c
c831316153f77175ab12fa875c472c59b7c88e7b
3a449ac81ef793aa2c7a7776ce26769456dce72becbf8c2a569be7a7795542c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A449AC81EF793AA2C7A7776CE26769456DCE72BECBF8C2A569BE7A7795542C2"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7074
Expires: Tue, 04 Oct 2022 01:37:54 GMT
Date: Mon, 03 Oct 2022 23:40:00 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 23:40:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 23:40:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Mon, 03 Oct 2022 22:41:09 GMT
expires: Tue, 04 Oct 2022 00:41:09 GMT
cache-control: public, max-age=7200
age: 3532
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
142.250.74.163200 OK 159 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (711)
Size 159 kB (158844 bytes)
Hash b4ed95d4318e3b78b936c9c0f1ffa96e
b53c9376b1459afb07fb4b5c2e8d8dad776d3a02
3c21880cb7be6bec40f9d40c23ad39c9758999cf950cec07b86c83b21fde175f
GET /recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://n9.cl
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 01:05:31 GMT
expires: Sun, 01 Oct 2023 01:05:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
content-type: text/javascript
age: 254070
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 23:40:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 03 Oct 2022 23:40:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j97&a=283973481&t=pageview&_s=1&dl=https%3A%2F%2Fn9.cl%2Fen%2Fye6rm3&ul=en-us&de=UTF-8&dt=Free%20Link%20Shortener%2C%20Tiny%20URL%20-%20n9.cl%20Free%20Short%20URL%20Redirects%2C%20Custom%20Brand%20Link%20Free&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAAC~&jid=93379191&gjid=989305216&cid=1581607938.1664840401&tid=UA-52614338-7&_gid=95186624.1664840401&_r=1&_slc=1&z=1525777221
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j97&a=283973481&t=pageview&_s=1&dl=https%3A%2F%2Fn9.cl%2Fen%2Fye6rm3&ul=en-us&de=UTF-8&dt=Free%20Link%20Shortener%2C%20Tiny%20URL%20-%20n9.cl%20Free%20Short%20URL%20Redirects%2C%20Custom%20Brand%20Link%20Free&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAAC~&jid=93379191&gjid=989305216&cid=1581607938.1664840401&tid=UA-52614338-7&_gid=95186624.1664840401&_r=1&_slc=1&z=1525777221
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j97&a=283973481&t=pageview&_s=1&dl=https%3A%2F%2Fn9.cl%2Fen%2Fye6rm3&ul=en-us&de=UTF-8&dt=Free%20Link%20Shortener%2C%20Tiny%20URL%20-%20n9.cl%20Free%20Short%20URL%20Redirects%2C%20Custom%20Brand%20Link%20Free&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAAC~&jid=93379191&gjid=989305216&cid=1581607938.1664840401&tid=UA-52614338-7&_gid=95186624.1664840401&_r=1&_slc=1&z=1525777221 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://n9.cl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://n9.cl
date: Mon, 03 Oct 2022 23:40:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0ddeb4b1ab878411b55810da24ab0948
f4bf0728915865a780fca039442aa639e0ddf2b7
78035601b8cec78a70caff04f801954319f0a987a0535d2dfb2beb171fc7a24a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78035601B8CEC78A70CAFF04F801954319F0A987A0535D2DFB2BEB171FC7A24A"
Last-Modified: Sun, 02 Oct 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1136
Expires: Mon, 03 Oct 2022 23:58:57 GMT
Date: Mon, 03 Oct 2022 23:40:01 GMT
Connection: keep-alive
interstitial-07.com/contents/s/36/d8/c2/9c866059b85b47752a6cc71b81/01636574006222.png
139.45.197.154200 OK 45 kB URL HTTP/2 interstitial-07.com/contents/s/36/d8/c2/9c866059b85b47752a6cc71b81/01636574006222.png
IP 139.45.197.154:0
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 36d8c29c866059b85b47752a6cc71b81
2d877eabf6710f66f5d7a3e265de997cf258ba32
0bbd2d8d16b4fd96c0a0dabecbd05ca573b30cd7079950d73b5dd68bde69a27b
GET /contents/s/36/d8/c2/9c866059b85b47752a6cc71b81/01636574006222.png HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=9b0delICK3pIjOt&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1644532085%26z%3D5338422%26b%3D14148810%26c%3D5901940%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62cddf3c85e2d000019d78f1%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3DkafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D46de0190-4688-4f32-90a4-cce5aa61525b%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fn9.cl%252Fye6rm3%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:01 GMT
content-type: image/png
content-length: 45133
last-modified: Thu, 14 Jul 2022 23:23:43 GMT
etag: "62d0a57f-b04d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=1849279525
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=1849279525
IP 139.45.197.236:0
File type ASCII text, with very long lines (5213), with no line terminators
Hash 0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=1849279525 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:01 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b26010c9bb74eeecfad3e6a1e33a13a0
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/f6/42/a0/a7dfa1c2b54dd324dabe983a69/0941665778820.jpeg
139.45.197.154200 OK 196 kB URL HTTP/2 interstitial-07.com/contents/s/f6/42/a0/a7dfa1c2b54dd324dabe983a69/0941665778820.jpeg
IP 139.45.197.154:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 900x600, components 3\012- data
Size 196 kB (196257 bytes)
Hash f642a0a7dfa1c2b54dd324dabe983a69
07293aaaf4d80d86731e48f8d796bd042e87c85d
c79db46a4fea8db0e6f978046d7ba8bd03acb19bef0d1e48ae992a951811e5ed
GET /contents/s/f6/42/a0/a7dfa1c2b54dd324dabe983a69/0941665778820.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=9b0delICK3pIjOt&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1644532085%26z%3D5338422%26b%3D14148810%26c%3D5901940%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62cddf3c85e2d000019d78f1%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3DkafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D46de0190-4688-4f32-90a4-cce5aa61525b%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fn9.cl%252Fye6rm3%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:01 GMT
content-type: image/jpeg
content-length: 196257
last-modified: Mon, 25 Jul 2022 23:09:25 GMT
etag: "62df22a5-2fea1"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
upgulpinon.com/11?rnd=358914724&z=5338422&b=14148810&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=kafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ==&ruid=46de0190-4688-4f32-90a4-cce5aa61525b&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/11?rnd=358914724&z=5338422&b=14148810&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=kafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ==&ruid=46de0190-4688-4f32-90a4-cce5aa61525b&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=358914724&z=5338422&b=14148810&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=kafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ==&ruid=46de0190-4688-4f32-90a4-cce5aa61525b&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://n9.cl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
Cookie: scm=1; OAID=7ff055ecefc54f9c9d3ab66db688df9d; oaidts=1664840399
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:01 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://n9.cl
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: ee57c66a2b79149e70272ab5f2759a93
access-control-expose-headers: X-Sc
set-cookie: OAID=7ff055ecefc54f9c9d3ab66db688df9d; expires=Tue, 03 Oct 2023 23:40:01 GMT; secure; SameSite=None
oaidts=1664840399; expires=Tue, 03 Oct 2023 23:40:01 GMT; secure; SameSite=None
oaidvc=1; expires=Tue, 03 Oct 2023 23:40:01 GMT; secure; SameSite=None
CNT=1_v1_yuTXAAEAAABESwAA; expires=Tue, 04 Oct 2022 00:40:01 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 12:31:58 GMT
expires: Sun, 01 Oct 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 212883
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 03 Oct 2022 23:40:01 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 060b8802cfc694a2ad6b6c8463213d43
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
seeptoag.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Phishing
POST /custom HTTP/1.1
Host: seeptoag.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 479
Origin: https://n9.cl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:01 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5be8ed29bf64cc7caa4d7880fc3057f8
access-control-allow-origin: https://n9.cl
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
seeptoag.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Phishing
POST /custom HTTP/1.1
Host: seeptoag.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 723
Origin: https://n9.cl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:01 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: afc5c8129627a35dd7223699282d0152
access-control-allow-origin: https://n9.cl
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
arc.io/arc-sw-core.js
54.230.111.49200 OK 68 kB IP 54.230.111.49:0
File type ASCII text, with very long lines (22448)
Hash b62d64ef6acb7d9e69619926d12987fd
d17547ac81a5b9ec9d3cfaa7fbecd563233af351
e82a5776a21790a3b2855755cb37d2aea37274b04b5b4e4ee48c318e8127d7e2
GET /arc-sw-core.js HTTP/1.1
Host: arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 67725
last-modified: Sat, 31 Jul 2021 01:05:06 GMT
content-encoding: br
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
date: Mon, 03 Oct 2022 22:41:14 GMT
cache-control: public, max-age=3600, must-revalidate
etag: "6104a1c2-1088d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TbQrOPDNKysmJPRzM7VeeWdPJAh1WmKMPbly6I23xwHCg9Q3MuBqeA==
age: 3532
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash df1ca1528eb3b2e0576cd693eaee33a5
bd499be04445cd09438a0d5c24208ef90d4087dc
856c7cbfd8af482bff235ccf94761fb5f3f8d579382eea0d5aa5fe01e732cf86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "856C7CBFD8AF482BFF235CCF94761FB5F3F8D579382EEA0D5AA5FE01E732CF86"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12940
Expires: Tue, 04 Oct 2022 03:15:42 GMT
Date: Mon, 03 Oct 2022 23:40:02 GMT
Connection: keep-alive
strn.pl/ipfs/bafybeihctkp37ujhdjcmhvuj5pbqursep7hf7vid5dc2245zgufigbikhe/master7.m3u8?clientId=c0b0ff07-c4e4-444a-b6e8-01c32a7ea0a8
37.19.222.215200 OK 2.2 kB URL HTTP/2 strn.pl/ipfs/bafybeihctkp37ujhdjcmhvuj5pbqursep7hf7vid5dc2245zgufigbikhe/master7.m3u8?clientId=c0b0ff07-c4e4-444a-b6e8-01c32a7ea0a8
IP 37.19.222.215:0
ASN #60068 Datacamp Limited
Hash 9ad1f51cc1cf2300c2ab0ed7c78e143b
75feed7febab806187bd5c319b1892cb697840bd
d70dd99a25fc2a985c9a5452c26b4d64420d9debd59a7d3cc1ae05a2a455b317
GET /ipfs/bafybeihctkp37ujhdjcmhvuj5pbqursep7hf7vid5dc2245zgufigbikhe/master7.m3u8?clientId=c0b0ff07-c4e4-444a-b6e8-01c32a7ea0a8 HTTP/1.1
Host: strn.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://n9.cl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:02 GMT
content-type: audio/x-mpegurl
content-length: 2245
cache-control: public, max-age=29030400, immutable
saturn-node-id: e44da331-851c-4786-b630-8e600f8ac2f3
saturn-node-version: 405_3340a2e
etag: "bafkreigxbxmzujp4fkmfzgsuklbgwtleiigz326vtj6tzqnoawrkivntc4"
x-ipfs-path: /ipfs/bafybeihctkp37ujhdjcmhvuj5pbqursep7hf7vid5dc2245zgufigbikhe/master7.m3u8
x-ipfs-roots: bafybeihctkp37ujhdjcmhvuj5pbqursep7hf7vid5dc2245zgufigbikhe,bafkreigxbxmzujp4fkmfzgsuklbgwtleiigz326vtj6tzqnoawrkivntc4
x-ipfs-datasize: 2245
saturn-cache-status: HIT
saturn-transfer-id: d090df6c77bb7803b9e84bc7c8465e9e
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
warden.arc.io/mailbox/nodes/QhLvut9SkBYEwZxZQeDg5D
18.223.141.84204 No Content 0 B URL HTTP/2 warden.arc.io/mailbox/nodes/QhLvut9SkBYEwZxZQeDg5D
IP 18.223.141.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mailbox/nodes/QhLvut9SkBYEwZxZQeDg5D HTTP/1.1
Host: warden.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 284
Origin: https://n9.cl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
HTTP/2 204 No Content
date: Mon, 03 Oct 2022 23:40:02 GMT
access-control-allow-origin: *
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 82d569b925257b13af5b864425640168
74e0f780b2a63ac3bf390fa57077f2edca1f4141
6647c042bf1eec8a1f52c201d84e27e3a7120f0cb2f19cbd9a91967b0b3bae46
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 03 Oct 2022 23:40:04 GMT
Last-Modified: Mon, 03 Oct 2022 21:56:16 GMT
Server: ECS (nyb/1D15)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hCn8atlC7bd26xR4skweLWr41t_PJXaD1g4pNxvTieao736GaUW6Rg==
Age: 6229
strn.pl/ipfs/QmfBjExhszozR1dJBmFVqK27wp4SKo7QMvkVnHNZwXSWSE?clientId=c0b0ff07-c4e4-444a-b6e8-01c32a7ea0a8
37.19.222.215200 OK 8.7 kB URL HTTP/2 strn.pl/ipfs/QmfBjExhszozR1dJBmFVqK27wp4SKo7QMvkVnHNZwXSWSE?clientId=c0b0ff07-c4e4-444a-b6e8-01c32a7ea0a8
IP 37.19.222.215:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (3002), with no line terminators
Hash ea06953a542aa96e6b7628b37b704910
66dab2694ab862517776a66df84374627de74265
a86d0d136ababd3ea145a8b84473ca513251664dc856511e00f3ef079d82e912
GET /ipfs/QmfBjExhszozR1dJBmFVqK27wp4SKo7QMvkVnHNZwXSWSE?clientId=c0b0ff07-c4e4-444a-b6e8-01c32a7ea0a8 HTTP/1.1
Host: strn.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://n9.cl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:03 GMT
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: public, max-age=29030400, immutable
saturn-node-id: e44da331-851c-4786-b630-8e600f8ac2f3
saturn-node-version: 342_6a9edb9
etag: W/"QmfBjExhszozR1dJBmFVqK27wp4SKo7QMvkVnHNZwXSWSE"
x-ipfs-path: /ipfs/QmfBjExhszozR1dJBmFVqK27wp4SKo7QMvkVnHNZwXSWSE
x-ipfs-roots: QmfBjExhszozR1dJBmFVqK27wp4SKo7QMvkVnHNZwXSWSE
x-ipfs-datasize: 12176
saturn-cache-status: HIT
saturn-transfer-id: 6dbf6ea3c27eebc5213a6daaa874c8c9
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
X-Firefox-Spdy: h2
twb3qukm2i654i3tnvx36char40aymqq.lambda-url.us-west-2.on.aws/
44.239.88.141201 Created 0 B URL HTTP/1.1 twb3qukm2i654i3tnvx36char40aymqq.lambda-url.us-west-2.on.aws/
IP 44.239.88.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: twb3qukm2i654i3tnvx36char40aymqq.lambda-url.us-west-2.on.aws
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 929
Origin: https://n9.cl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
HTTP/1.1 201 Created
Date: Mon, 03 Oct 2022 23:40:05 GMT
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
x-amzn-RequestId: 7831ed9f-38b9-4042-b161-95d1bb17f5a9
Access-Control-Allow-Origin: https://n9.cl
Vary: Origin
X-Amzn-Trace-Id: root=1-633b72d5-296304453578906470298275;sampled=0
Access-Control-Allow-Credentials: true
warden.arc.io/mailbox/statusReport
18.223.141.84204 No Content 0 B URL HTTP/2 warden.arc.io/mailbox/statusReport
IP 18.223.141.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mailbox/statusReport HTTP/1.1
Host: warden.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 903
Origin: https://n9.cl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
TE: trailers
HTTP/2 204 No Content
date: Mon, 03 Oct 2022 23:40:06 GMT
access-control-allow-origin: *
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
static.arc.io/widget/js/chunk-2d2088b3.js?f983a940
194.242.11.186200 OK 0 B URL HTTP/2 static.arc.io/widget/js/chunk-2d2088b3.js?f983a940
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /widget/js/chunk-2d2088b3.js?f983a940 HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
Cookie: widgetOptState={%22state%22:%22UNDECIDED%22%2C%22date%22:%222022-10-03T23:40:00.060Z%22%2C%22dismissedAt%22:null}
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:02 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000, stale-while-revalidate=864000
etag: W/"1fcf489624e9e73144263f929b8ba824"
last-modified: Mon, 03 Oct 2022 19:39:47 GMT
x-amz-id-2: cas4LkYG75qINqiLAl3Y2dWCZRTjA988nPn4/6NTAW48SjsJU3zGDySKpMwp2oQXE8NhnCLzasE=
x-amz-request-id: 7JGMXDK13H7BX8A1
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/03/2022 19:51:26
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 1653e38ea1bf91adad4a63987fc32400
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
static.arc.io/broker/js/lazy-iwc.9b430e25.js
194.242.11.186200 OK 0 B URL HTTP/2 static.arc.io/broker/js/lazy-iwc.9b430e25.js
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /broker/js/lazy-iwc.9b430e25.js HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://core.arc.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000
etag: W/"7fd8734437dbdc553c3513d10d0c0a97"
last-modified: Wed, 19 Jan 2022 23:33:03 GMT
x-amz-id-2: 0pqtvhmktNzG/kuXS+f70yU/1nrs8NiaC5jbPx0Ogn1zHjS1MBw3Ld9u+2vBvs1RgznasANnNaM=
x-amz-request-id: P7W24ZM6DAWWT664
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 07/30/2022 16:48:02
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 9d50a72791b5a4c8b658970e5fba7274
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
gateway.arc.io/cdnConfig/ffxLx1Xh
194.242.11.186200 OK 0 B URL HTTP/2 gateway.arc.io/cdnConfig/ffxLx1Xh
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /cdnConfig/ffxLx1Xh HTTP/1.1
Host: gateway.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://n9.cl/
Origin: https://n9.cl
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:01 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: BunnyCDN-NO-830
cdn-pullzone: 786568
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
access-control-allow-origin: *
cache-control: public, max-age=1800, stale-while-revalidate=604800
etag: W/"8c-6DUCpgVTwb6cWJA3TmyQ15exaWY"
timing-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/02/2022 15:47:37
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 1e848ca6c2c5723d5fec0853f6257b86
cdn-cache: REVALIDATED
content-encoding: br
X-Firefox-Spdy: h2
upgulpinon.com/27/b7bd02994a2771796f8a835cfb750d4b
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/27/b7bd02994a2771796f8a835cfb750d4b
IP 139.45.197.242:0
Analyzer Verdict Alert fortinet Malware
GET /27/b7bd02994a2771796f8a835cfb750d4b HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Cookie: scm=1; OAID=b70038be4d9744cb8518b47f09b459be; oaidts=1664840399
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 22 Sep 2022 08:42:06 GMT
expires: Thu, 22 Oct 2082 08:42:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5338422&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=7ff055ecefc54f9c9d3ab66db688df9d
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/9?z=5338422&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=7ff055ecefc54f9c9d3ab66db688df9d
IP 139.45.197.242:0
POST /9?z=5338422&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fn9.cl%2Fye6rm3&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=7ff055ecefc54f9c9d3ab66db688df9d HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 507
Origin: https://n9.cl
Connection: keep-alive
Referer: https://n9.cl/
Cookie: scm=1; OAID=b70038be4d9744cb8518b47f09b459be; oaidts=1664840399
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://n9.cl
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: e834a33d89d11751cdade497563d16a1
access-control-expose-headers: X-Sc
set-cookie: OAID=7ff055ecefc54f9c9d3ab66db688df9d; expires=Tue, 03 Oct 2023 23:40:00 GMT; secure; SameSite=None
oaidts=1664840399; expires=Tue, 03 Oct 2023 23:40:00 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
interstitial-07.com/?l=9b0delICK3pIjOt&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1644532085%26z%3D5338422%26b%3D14148810%26c%3D5901940%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62cddf3c85e2d000019d78f1%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3DkafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D46de0190-4688-4f32-90a4-cce5aa61525b%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fn9.cl%252Fye6rm3%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.154200 OK 0 B URL HTTP/2 interstitial-07.com/?l=9b0delICK3pIjOt&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1644532085%26z%3D5338422%26b%3D14148810%26c%3D5901940%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62cddf3c85e2d000019d78f1%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3DkafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D46de0190-4688-4f32-90a4-cce5aa61525b%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fn9.cl%252Fye6rm3%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.154:0
GET /?l=9b0delICK3pIjOt&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D1644532085%26z%3D5338422%26b%3D14148810%26c%3D5901940%26var%3D%26d%3Dhttps%253A%252F%252Fred.forexpeacearmy.com%252F62cddf3c85e2d000019d78f1%253Fsub1%253D%257Bzoneid%257D%2526sub2%253D%257Bcampaignid%257D%2526sub3%253D%257Bconnection.type%257D%2526sub4%253D%257Bbrowser%257D%2526sub5%253D%257Bos%257D%2526sub6%253D%257Bcountry%257D%2526sub7%253D%257Bbannerid%257D%2526sub8%253D%257Bisp%257D%2526sub9%253D%257Bdevice%257D%2526ref_id%253D%2524%257BSUBID%257D%2526cost%253D%257Bcost%257D%26cln%3D1%26btp%3D7%26rb%3DkafTbz95CdvZVrVnR_om0ys73hPn9jMgVEjpejyOBEqLrVqiCtYBRrysZabAjAc_5bY0cwqtMedT79qaikkdnVPYx_pPh-s_v0bK67PgL-1WMj195RKiDPyeSvDlRWgFHMqjbMlDf63PZo1LU2qGh0usntg6ap5_7hcFUtgM65Hw3xdp5FI4bL_hRT1e5idJhl4Sopz7m5jhSPK6yQLrv4RVKXLbePHVYBCj9j_0h4XQvgKf54yK6pH_-xN6AnkrzdQRBjL5graoRnyf02XPisfYMVw9PwrCPwtIp0smVaGv23PntXUIFUCsoBrHDHSon0QOz2WPmU0Rq8eXeWG1eLUMFrxEBRdK3sv8YxcXtyQ0aj8wn2P_j6MN-hZpPq7QhQrlgulnONPNzCfkfGymszFEr_fHoemhai5G0-qz6Kt9QKzw41OQ4XA-133swdSuHRE6Ps-TpFVw6SPfQtMYrzk_dR-BDcsEd6FzbiL63_gsz7NZtSo-SZmnz-4riv2_Xv82HHkZcu_iIhyhU0hFZTmF4umvffd7OzjMvkV0K4Yyua1C6FaIV4Z4l2w_ZMBcXkVoRMlZwgqj-7wTA8nUNLgwNkDV4Fx2wINaWRvYMZljCGME1v1QIBECrIdc9_CwMFZRdmfRP-uqKcqkmzaSqQ%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3D46de0190-4688-4f32-90a4-cce5aa61525b%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fn9.cl%252Fye6rm3%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=KpfzlXKfOog_rkl0l_2GkfIWkArygauN8cPZh_JeJ58; expires=Tue, 04-Oct-2022 00:40:01 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
static.arc.io/widget/js/widget-sc-client.js?197dbd2e
194.242.11.186200 OK 0 B URL HTTP/2 static.arc.io/widget/js/widget-sc-client.js?197dbd2e
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /widget/js/widget-sc-client.js?197dbd2e HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
Cookie: widgetOptState={%22state%22:%22UNDECIDED%22%2C%22date%22:%222022-10-03T23:40:00.060Z%22%2C%22dismissedAt%22:null}
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:02 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000, stale-while-revalidate=864000
etag: W/"14884d9e881791d580471ec30f89f22a"
last-modified: Mon, 08 Aug 2022 22:09:02 GMT
x-amz-id-2: URaeHor7BKsSAtcnqISpEn6E3w+xeceiV+yk3tYl1MHAPfIYu6QUy/mqJlWlIX9KQaPnVYygXzU=
x-amz-request-id: ZEX3NT5QY6GPK09Y
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 08/09/2022 11:22:23
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 32916ad57c48d995ea5b7b26fbb2aba1
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
static.arc.io/widget/js/vendors~widget-ui.js?c9b0de53
194.242.11.186200 OK 0 B URL HTTP/2 static.arc.io/widget/js/vendors~widget-ui.js?c9b0de53
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /widget/js/vendors~widget-ui.js?c9b0de53 HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000, stale-while-revalidate=864000
etag: W/"5f5181a44cab6b9ccdc03f0d9f46e177"
last-modified: Mon, 08 Aug 2022 22:09:02 GMT
x-amz-id-2: A9pqjKPrqIQflyxmXrVwzuzToR7cxaWclWx6NjnAerAt8ogrYlvolAtqoGvvdIsvqEeqAzY1AX0=
x-amz-request-id: 6ACY3P80RJNPZB5G
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 08/14/2022 14:32:19
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: c817ff86a93a40c09739660f2c712b3b
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
seeptoag.net/pfe/current/tag.min.js?z=2339578
139.45.197.250200 OK 0 B URL HTTP/2 seeptoag.net/pfe/current/tag.min.js?z=2339578
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=2339578 HTTP/1.1
Host: seeptoag.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:39:59 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
core.arc.io/broker.html?e63b76c
194.242.11.186200 OK 0 B URL HTTP/2 core.arc.io/broker.html?e63b76c
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /broker.html?e63b76c HTTP/1.1
Host: core.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: text/html
vary: Accept-Encoding
server: BunnyCDN-NO-830
cdn-pullzone: 786568
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
access-control-allow-origin: *
cache-control: public, max-age=2592000
etag: W/"61e89f9d-612"
expires: Wed, 02 Nov 2022 19:51:24 GMT
last-modified: Wed, 19 Jan 2022 23:32:45 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/03/2022 19:51:24
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: fde052925399bdfbad6f21947e8c4455
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
static.arc.io/broker/js/chunk-vendors.5e1d8045.js
194.242.11.186200 OK 0 B URL HTTP/2 static.arc.io/broker/js/chunk-vendors.5e1d8045.js
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /broker/js/chunk-vendors.5e1d8045.js HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://core.arc.io
Connection: keep-alive
Referer: https://core.arc.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000
etag: W/"7baaa27cb0e1201fe90ecc5efca8fbcf"
last-modified: Wed, 19 Jan 2022 23:33:03 GMT
x-amz-id-2: Lg09pm0SMLA2gDpgvbsYLOJ6t8VM7iye6bHwugpdkzqKL5tqPfuDc6xQsPbM2BumjX36g9SpKpc=
x-amz-request-id: K2YYHZ7GZXR992N5
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 06/29/2022 22:31:25
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 5306c44c08695b41dcaaba1ba53a18d0
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
static.arc.io/broker/js/broker.b281d075.js
194.242.11.186200 OK 0 B URL HTTP/2 static.arc.io/broker/js/broker.b281d075.js
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /broker/js/broker.b281d075.js HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://core.arc.io
Connection: keep-alive
Referer: https://core.arc.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000
etag: W/"8c5f6da1d62d33cc4c32a8ce63be2bf6"
last-modified: Wed, 19 Jan 2022 23:33:03 GMT
x-amz-id-2: 15mXd8XH2lx2CE03B29NPUH0DZY/LOqIKeKzeLqmQNgXs1snFjVDp9XICA09Vhudm/HuQ+kRbm0=
x-amz-request-id: 1BTZ9YPB4J9E9E0X
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 08/14/2022 14:32:18
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 746fd0c13cd6c91aae3ce14415113068
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
static.arc.io/widget/js/widget-ui.js?784632c0
194.242.11.186200 OK 0 B URL HTTP/2 static.arc.io/widget/js/widget-ui.js?784632c0
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /widget/js/widget-ui.js?784632c0 HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000, stale-while-revalidate=864000
etag: W/"7b9dc001ae1d02594045f630c0c9760a"
last-modified: Thu, 01 Sep 2022 19:21:28 GMT
x-amz-id-2: sso+CjRy526e+aJLRNdKq8RjhZ6KoGwR6Y604T67KYRlvAXyQ4xEXLctgzgvzzy4W5PmUrRFebM=
x-amz-request-id: 0RKQT4A1JEK82HB5
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 09/01/2022 19:27:00
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: d0fe05474f822a6429ccab6a1e3ffa4d
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
static.arc.io/widget/js/vendors~widget-sc-client.js?35fccb86
194.242.11.186200 OK 0 B URL HTTP/2 static.arc.io/widget/js/vendors~widget-sc-client.js?35fccb86
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /widget/js/vendors~widget-sc-client.js?35fccb86 HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
Cookie: widgetOptState={%22state%22:%22UNDECIDED%22%2C%22date%22:%222022-10-03T23:40:00.060Z%22%2C%22dismissedAt%22:null}
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:01 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000, stale-while-revalidate=864000
etag: W/"fa12476f8ee3c92b8369e0c9d3b915f9"
last-modified: Fri, 22 Jul 2022 23:08:54 GMT
x-amz-id-2: gO56M4SIXfLCyIfgDnIkEYznO/aSxbiWzPzBnkEFGYql1RoX90Evh/ZoIMm/6C+bN1XQIlxZGrE=
x-amz-request-id: HMFZR25VHVX61V98
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 07/25/2022 16:03:54
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 225a5cc846b6ec26a1c7bf884c2f000b
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
static.arc.io/widget/js/chunk-2d0cf2b3.js?35eb088d
194.242.11.186200 OK 0 B URL HTTP/2 static.arc.io/widget/js/chunk-2d0cf2b3.js?35eb088d
IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
GET /widget/js/chunk-2d0cf2b3.js?35eb088d HTTP/1.1
Host: static.arc.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://n9.cl/
Connection: keep-alive
Cookie: widgetOptState={%22state%22:%22UNDECIDED%22%2C%22date%22:%222022-10-03T23:40:00.060Z%22%2C%22dismissedAt%22:null}
TE: trailers
HTTP/2 200 OK
date: Mon, 03 Oct 2022 23:40:02 GMT
content-type: application/javascript
server: BunnyCDN-NO-830
cdn-pullzone: 786569
cdn-uid: 1756f224-b505-436a-b48a-b92ddf4fdbea
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
access-control-max-age: 86400
cache-control: public, max-age=2592000, stale-while-revalidate=864000
etag: W/"8de13fe370805671caef6a9e591a1733"
last-modified: Fri, 16 Sep 2022 20:28:02 GMT
x-amz-id-2: Ss/RbYgirtbTJjx15WKvo8HILFZrccBbyAk0mwYTwZCWgginYrI86YQPsh6Zs5M93PCJzHYkrG0=
x-amz-request-id: A1E02B7TBKG8HKDW
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 09/16/2022 20:57:00
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 84bca61812e5f9e5e6dad245871f178e
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
upgulpinon.com/1?z=5338422
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/1?z=5338422
IP 139.45.197.242:0
Analyzer Verdict Alert fortinet Malware
GET /1?z=5338422 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://n9.cl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:39:59 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 1e06e799567e4a0ffeb634f65a6e3878
access-control-expose-headers: X-Sc
x-sc: zMLMFaylZivz_K6Gk5hmHEWPBNyourBXPQQMTpBtU-BAdQyfTNVJSk5JNq8zQsybvaPipmGjISoXmelf3vHUKKkBmwA=
set-cookie: scm=1; expires=Tue, 03 Oct 2023 23:39:59 GMT; secure; SameSite=None
OAID=b70038be4d9744cb8518b47f09b459be; expires=Tue, 03 Oct 2023 23:39:59 GMT; secure; SameSite=None
oaidts=1664840399; expires=Tue, 03 Oct 2023 23:39:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
seeptoag.net/pfe/current/universal.min.js?v=3.1.396
139.45.197.250200 OK 0 B URL HTTP/2 seeptoag.net/pfe/current/universal.min.js?v=3.1.396
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.396 HTTP/1.1
Host: seeptoag.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://n9.cl/
Origin: https://n9.cl
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 03 Oct 2022 23:40:00 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1fafa"
access-control-allow-origin: https://n9.cl
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2