leitup.com/ZFUb
172.67.206.125301 Moved Permanently 0 B IP 172.67.206.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZFUb HTTP/1.1
Host: leitup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 22 Jan 2023 10:19:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: Sameorigin
Access-Control-Allow-Origin: *
location: https://leitup.com/ZFUb
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hqu6EJE%2FYHsDlWEYaTPCTz66oAzEH3r2uC8TugLGNgEzIgEf64Bxm6VLcWSCxV2AEudmuoU35lfPn%2Ba%2FQGfr5gs%2BTzA346Xht7OCnz7NQdYssOxoWe4KuLNCWtZE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78d78cde2dbdb527-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8a5e416451617846248067d72b675125
995b0346adefaf5f2e167d1b81e60cc9afc4f19e
c5fafb9127b71cbd4f7b1a44f755fc4aa0e2f47bbc50de4b15c870a22bf160d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5FAFB9127B71CBD4F7B1A44F755FC4AA0E2F47BBC50DE4B15C870A22BF160D9"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6944
Expires: Sun, 22 Jan 2023 12:14:59 GMT
Date: Sun, 22 Jan 2023 10:19:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 20d267853e48ef7d476459ed67da5d97
06d1bd08efd69c0e93486d3c423fa2640f372d29
24323cd45ca2ed01c63f908233d9b2ad5bb6f63394884c45bf6abb0221d0edd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "24323CD45CA2ED01C63F908233D9B2AD5BB6F63394884C45BF6ABB0221D0EDD6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3354
Expires: Sun, 22 Jan 2023 11:15:09 GMT
Date: Sun, 22 Jan 2023 10:19:15 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 09:42:30 GMT
content-type: application/json
age: 2205
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 38c102db4bcfb9c4fb19174986950fd3
51c2cc8a3aca4da5c9ab3438467c29203fc0b0c3
dad6b64bc9f4dd827471ccc2e5273fceee574685376083aaa80f9d2f918037f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAD6B64BC9F4DD827471CCC2E5273FCEEE574685376083AAA80F9D2F918037F2"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13885
Expires: Sun, 22 Jan 2023 14:10:40 GMT
Date: Sun, 22 Jan 2023 10:19:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dkePLsPAhFA4dDteGYu8XBJ4V/PJV2iW5GpBS1BISn66nG4Sjo3lzmaouFyTF5ij+3vRbLJlgNU=
x-amz-request-id: 9FEAMHC7S8G390MM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 10:18:23 GMT
age: 52
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/2qo2E0nzwIQ
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/2qo2E0nzwIQ
IP 216.58.211.3:0
Hash 02b677d547709ab846ee8924219c97e9
d8e8913b8f9aa6577027b836a5b0a0b11a054d28
71c21e4760daf53ceb3d43b6549fcfc83d7fffab2878b100ace987dc34fb9e45
POST /s/gts1p5/2qo2E0nzwIQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:15 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:15 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/2qo2E0nzwIQ
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/2qo2E0nzwIQ
IP 216.58.211.3:0
Hash 02b677d547709ab846ee8924219c97e9
d8e8913b8f9aa6577027b836a5b0a0b11a054d28
71c21e4760daf53ceb3d43b6549fcfc83d7fffab2878b100ace987dc34fb9e45
POST /s/gts1p5/2qo2E0nzwIQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
104.17.25.14200 OK 591 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (1266)
Hash 414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leitup.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 6976649
expires: Fri, 12 Jan 2024 10:19:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ouy0aWI0oVUYbdMFjNtHLSd%2FuqeDoJJPiFf3DfJq26p1QXd3EM%2FtPtVf6qD0C%2BbV8Lu%2F1Y6wV%2Fa6gLLE04YD%2BqjcC5MSn3f6DAI7meXyEVShBMSPd%2FKNP%2BdjRoxaoMfgb5kDLoKb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78d78ce29baeb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
104.17.25.14200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65451)
Hash 77bd61b98f7b67af56639229724f8dd4
f04f07dd8ff53e58c32b738f81b71a014bca441d
8ce54c3b77bf31899b27b29188ff4936b580f2bd2b3222d43dda2851ba272e24
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leitup.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 27433
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-1538f"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1346807
expires: Fri, 12 Jan 2024 10:19:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vuGA67Wm8d2SdXB%2FjCV02XjerRgxz%2FPbgsNf3ngHPfmEXD%2Bo%2BPY3%2B%2F1MW%2F%2B%2BDEj49FJNtSRbDd0cYKKKAnWgoS3zOpiVqpLaAfsWLF0dz%2B1PCjjCM1ugoiT98NFN8wKoK5NZBPe%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78d78ce2abafb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 2.3 kB IP 216.58.211.3:0
Hash 8764f1cfb4bb1cae5ef899ee141e64f7
811791b81bfe81afbbe32e63fb95332973029bd6
0ad09ae49fc3bd78a38eeb6b128b394586473bbdadc54c3f4ebdc795430fea42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 25d59e4444b16818a49fec7128c90dcd
ea263f33790881a01e317fa03d935f7109523e41
22e26ea1917d1a0fed0b2af636f1baecb59768b0f85c9ab6b1c37d45e84dfa2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 25d59e4444b16818a49fec7128c90dcd
ea263f33790881a01e317fa03d935f7109523e41
22e26ea1917d1a0fed0b2af636f1baecb59768b0f85c9ab6b1c37d45e84dfa2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/firebasejs/8.2.2/firebase-app.js
216.58.211.3200 OK 6.5 kB URL HTTP/2 www.gstatic.com/firebasejs/8.2.2/firebase-app.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (19927)
Hash 971b1dc3341ebe9dd46e413c30d82fa4
38bc2e172c7fb800dedf72db8b808eda784f3891
adc1ad12c06ea2cdb65d413f7ff7ee9d0c766352c340a10829674aa6a1aa21a7
GET /firebasejs/8.2.2/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6546
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 12:51:31 GMT
expires: Thu, 18 Jan 2024 12:51:31 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 07 Jan 2021 21:51:27 GMT
content-type: text/javascript; charset=UTF-8
age: 336465
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/8.2.2/firebase-messaging.js
216.58.211.3200 OK 11 kB URL HTTP/2 www.gstatic.com/firebasejs/8.2.2/firebase-messaging.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (40719)
Hash dad6732a118cf3f361e1da6a0d5d10d0
5b74e7fe89bb62aac793e3ad05916bb027c8c2f3
51f12b258ef909065da7bd0f186ed48a627126285fd0edb8f6508f096e671989
GET /firebasejs/8.2.2/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 15 Jan 2023 18:04:51 GMT
expires: Mon, 15 Jan 2024 18:04:51 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 07 Jan 2021 21:51:17 GMT
content-type: text/javascript; charset=UTF-8
age: 576865
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 1.3 kB IP 216.58.211.3:0
Hash fc4e2228f6931ba86871603f167f49b0
f497119c6ba7c0b81d8be5d4ffbb8f2d73862270
2da1e94887b323ed0935d823e3c87b1079c26d9d774174499d6c826166fcd622
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 25d59e4444b16818a49fec7128c90dcd
ea263f33790881a01e317fa03d935f7109523e41
22e26ea1917d1a0fed0b2af636f1baecb59768b0f85c9ab6b1c37d45e84dfa2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://leitup.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 16 Jan 2023 18:52:41 GMT
expires: Tue, 16 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 487595
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
142.250.74.35200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 26240, version 1.0\012- data
Hash 4a90976686fcbd8296c7d7fccc04c273
bcb82e93ac7ad1fa2af6a37009a200f79f4cb4e5
59bd288e64c57e034672999e33ebda6eb5ad1575945eb563dbfb5b44f226e1e1
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://leitup.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26240
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 07:52:00 GMT
expires: Thu, 18 Jan 2024 07:52:00 GMT
cache-control: public, max-age=31536000
age: 354436
last-modified: Mon, 15 Aug 2022 18:14:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 10:17:30 GMT
age: 106
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bad635cef282563bc9cb98c5ef44535b
36466a1b49ef8172716cc63a489951c8595fca5a
aa0d981f9d11e96c86f7f1d0a8c1cd7c6f17847cc8a9cea691262c888ccfa3cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA0D981F9D11E96C86F7F1D0A8C1CD7C6F17847CC8A9CEA691262C888CCFA3CF"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3095
Expires: Sun, 22 Jan 2023 11:10:51 GMT
Date: Sun, 22 Jan 2023 10:19:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bad635cef282563bc9cb98c5ef44535b
36466a1b49ef8172716cc63a489951c8595fca5a
aa0d981f9d11e96c86f7f1d0a8c1cd7c6f17847cc8a9cea691262c888ccfa3cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA0D981F9D11E96C86F7F1D0A8C1CD7C6F17847CC8A9CEA691262C888CCFA3CF"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3095
Expires: Sun, 22 Jan 2023 11:10:51 GMT
Date: Sun, 22 Jan 2023 10:19:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f1bf705f65725e994a157d661b0b8a0
5d8b58b0891cd9a5bb6a33c7e6db53a6b0a99b5a
395c942c76d197047cb61b15155df336247bfbff9061f1378e11fc44dc6f5cf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "395C942C76D197047CB61B15155DF336247BFBFF9061F1378E11FC44DC6F5CF3"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5129
Expires: Sun, 22 Jan 2023 11:44:45 GMT
Date: Sun, 22 Jan 2023 10:19:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fc96297d0b59147e8f6052b16f1ca13f
23aeddfa143bb9be19b2ed06f2024a3a8aa120ce
034327c6ada560c662f451f3c95cd8531482d4ab51629e95875fab54c8f3e49a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6253
Cache-Control: max-age=88305
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:16 GMT
Etag: "63cbab28-1d7"
Expires: Mon, 23 Jan 2023 10:51:01 GMT
Last-Modified: Sat, 21 Jan 2023 09:06:48 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 91e8cedb9efb75a46653eccda8982bcc
82c72155ea71f68b3186a8fcbe3af2a48de0ee22
e14fb3531b521da5e0417299b56dd1e2a96182710859b3aed8bd28d47a8afab6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14FB3531B521DA5E0417299B56DD1E2A96182710859B3AED8BD28D47A8AFAB6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9796
Expires: Sun, 22 Jan 2023 13:02:32 GMT
Date: Sun, 22 Jan 2023 10:19:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 91e8cedb9efb75a46653eccda8982bcc
82c72155ea71f68b3186a8fcbe3af2a48de0ee22
e14fb3531b521da5e0417299b56dd1e2a96182710859b3aed8bd28d47a8afab6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14FB3531B521DA5E0417299B56DD1E2A96182710859B3AED8BD28D47A8AFAB6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9796
Expires: Sun, 22 Jan 2023 13:02:32 GMT
Date: Sun, 22 Jan 2023 10:19:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c65560284a12fda8f5cd0971dbc75bc2
dcdf5d74941ce0eaa10088b5ca8b259f8c44c80d
19589c82290dd38f3660bdcc948ca2ecda6f3188c959b049218ee0076fea52fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "19589C82290DD38F3660BDCC948CA2ECDA6F3188C959B049218EE0076FEA52FC"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10780
Expires: Sun, 22 Jan 2023 13:18:56 GMT
Date: Sun, 22 Jan 2023 10:19:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ef1fb4fafde9587ac0f3155a4a006b85
e2a3314c0dc99252362576e3cbfba1235f4df69a
0f54312455e5c704df30d9af36a2c2232d61cee9769221f19868c1ca7e052c2f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F54312455E5C704DF30D9AF36A2C2232D61CEE9769221F19868C1CA7E052C2F"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17033
Expires: Sun, 22 Jan 2023 15:03:09 GMT
Date: Sun, 22 Jan 2023 10:19:16 GMT
Connection: keep-alive
news-muxeta.cc/code/https.php?site=8036611&sub1=952993
147.182.248.211200 OK 4.2 kB URL HTTP/1.1 news-muxeta.cc/code/https.php?site=8036611&sub1=952993
IP 147.182.248.211:0
ASN #14061 DIGITALOCEAN-ASN
Hash e949628c03a95eca47b87d802fcb1959
c6c5a1cca1fe7cc6a547b878d45dffe416c61dbb
a9df9703ab41f07510bf369c428d27993dfd81a8b103a64e58d6a29feba7106e
GET /code/https.php?site=8036611&sub1=952993 HTTP/1.1
Host: news-muxeta.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 22 Jan 2023 10:19:16 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 4245
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"1095-xsWhzKH+fMalR7h41F3/5BbGHbs"
Cache-Control: no-store, no-cache
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a6271a20bf475db2e9e27e2e874484d1
f4524e3f8f28fd398221bc5c4de32258368c49ae
88b131c2f08cf735c350739cd540560be42399508a03ea8d08af5022cf5d7a50
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88B131C2F08CF735C350739CD540560BE42399508A03EA8D08AF5022CF5D7A50"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17650
Expires: Sun, 22 Jan 2023 15:13:26 GMT
Date: Sun, 22 Jan 2023 10:19:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 924bc88d82b8eec0e277ec2dc2c04252
6ae83725684108f19bd785bba9ba1f0aa211d304
e7a14e9b745517be18a9260d70167236916f408ebf287fa151a085784bbea828
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E7A14E9B745517BE18A9260D70167236916F408EBF287FA151A085784BBEA828"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17856
Expires: Sun, 22 Jan 2023 15:16:52 GMT
Date: Sun, 22 Jan 2023 10:19:16 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=7ac4ab229f9747dd89b3aea6a202444a
139.45.195.8200 OK 4.8 kB URL HTTP/2 my.rtmark.net/gid.js?userId=7ac4ab229f9747dd89b3aea6a202444a
IP 139.45.195.8:0
Hash 8b855bb26d068a9a4eeac313e1838704
08c2363a393fbe72ca4b40c7677f3cf6d0a1de21
80633e40ed6becf59985a37d29aa2cf35b95acb028dc8b4724b881cf4459fe11
GET /gid.js?userId=7ac4ab229f9747dd89b3aea6a202444a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://leitup.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
bedrapiona.com/5/5630040/?oo=1&js_build=iclick-v1.471.1
139.45.197.234200 OK 34 kB URL HTTP/2 bedrapiona.com/5/5630040/?oo=1&js_build=iclick-v1.471.1
IP 139.45.197.234:0
Hash c9531ef3a34ce99c9cb5232ba87eb7c1
ca46c2143c7aeb7e4bb753c101e5011f5b523b59
7c2ed76e39bf79eff731c689f6d56c2d8045546ee91e6d041a3090b2b3caa874
GET /5/5630040/?oo=1&js_build=iclick-v1.471.1 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: application/json
x-trace-id: 44223a0ec788a3c7b979c57c5355c076
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://leitup.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=5635e0883a2d4c65b4b89cb7e69a5afa; expires=Mon, 22 Jan 2024 10:19:16 GMT; path=/; secure; SameSite=None
oaidts=1674382756; expires=Mon, 22 Jan 2024 10:19:16 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/zone?pub=0&zone_id=5630118&is_mobile=false&domain=leitup.com&var=&ymid=&var_3=
139.45.197.250200 OK 705 B URL HTTP/2 ibrapush.com/zone?pub=0&zone_id=5630118&is_mobile=false&domain=leitup.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (704)
Hash 135547a72e32f06ef7a581d92fdf55c7
3dec4420aef444d46cba34a896f8aa418a5608b5
2d91433841afa356c2b79b88826c4257e4829b2c16acac785dda8319c3899c8f
GET /zone?pub=0&zone_id=5630118&is_mobile=false&domain=leitup.com&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leitup.com/
Origin: https://leitup.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: f06db4f52ffd0e257278672170bad22f
access-control-allow-origin: https://leitup.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
nanouwho.com/1?z=5630038
139.45.197.242200 OK 136 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (47554)
Size 136 kB (136464 bytes)
Hash 99a5678bfa1479b9e65ed52601ed0930
7911d71e1c769c1d74f5ad5354af52e1f1ac1b46
29701ca0edb2d0d24fe63f4d7ad5c0e173340d256852f6e0776d90b40103fad1
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5630038 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 37395e6d8631c2ab622e20678182f8d5
access-control-expose-headers: X-Sc
x-sc: y5JzhWghL0nI9O6vzNBauRBXCTLd5XqAYVav1KlaW3AQDVvR0ckWe2Qd_ydX9fRuwEHa3z99BZU5DsQlM6tQMqmH8s4=
set-cookie: scm=1; expires=Mon, 22 Jan 2024 10:19:16 GMT; secure; SameSite=None
OAID=c1787cf28e9c42e7a0a24dcd6c0b8789; expires=Mon, 22 Jan 2024 10:19:16 GMT; secure; SameSite=None
oaidts=1674382756; expires=Mon, 22 Jan 2024 10:19:16 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
104.21.91.63200 OK 27 kB IP 104.21.91.63:0
File type ASCII text, with very long lines (4460)
Hash c8b239dd15a83bbed87d57031ee8f76d
858177adf7d2e8193da186ebc443c39f60758f88
2695065b106a2fc1f3fc5060e126bd57b6dd5c96e36fd0cd18e179ee6f9a2c6e
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 19898dd2d3697a66d97547e0af428894
cache-control: max-age=86400
last-modified: Tue, 17 Jan 2023 16:39:49 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Mon, 23 Jan 2023 08:24:39 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 6872
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qPzhp%2FAVXATtTzEgfF%2FhwyrVD0jm4mG2MANIXE%2BFgqi%2BPwU3G0WMRfDS%2FDeoDPnJGSJxnP4%2BlUP%2FX8DjWHzrbCNyuaVM6R0G%2Fvu4bLycPbHkffWGcdU7Ui0IJpxFvhLJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d78ce34ec31c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6740bdf3ae4aba5553ae542a1eb0aba2
76fbac9ea0e298b9aceae1a4c7be98a8ae255b21
fef223d5316edb517721758d1a3166248a0db042d3dd61470dd85d774a080738
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF223D5316EDB517721758D1A3166248A0DB042D3DD61470DD85D774A080738"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10923
Expires: Sun, 22 Jan 2023 13:21:20 GMT
Date: Sun, 22 Jan 2023 10:19:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6740bdf3ae4aba5553ae542a1eb0aba2
76fbac9ea0e298b9aceae1a4c7be98a8ae255b21
fef223d5316edb517721758d1a3166248a0db042d3dd61470dd85d774a080738
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF223D5316EDB517721758D1A3166248A0DB042D3DD61470DD85D774A080738"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10923
Expires: Sun, 22 Jan 2023 13:21:20 GMT
Date: Sun, 22 Jan 2023 10:19:17 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
IP 216.58.211.3:0
Hash f17ab4b08e86e6db7f33c6a5f00a4f25
1fc4a03b055e8b3a54f90dcad4a2b09895999f48
4471e05921743ea29bc5f5ae15c87f045564039b84b3f58fcafd0638f81a84ba
POST /s/gts1p5/x-QEV4IR2x0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
onmarshtompor.com/?rb=tlLrdMRgrWhWKxo586j6D_dEVyzI1TQXItKqfGPi-2ib5QAQ3zSwmyN65MvhKorlj7FAfrzrHjsaLp9pKNZhunharKxSBpoE0-CU69Kc8h7BLyamxIFCBcQD83ek85YwrE7Id2UQz5zFesSJhf-6Bh6IhxHIrOPSkWOaYC_BdbQBL06KKkt-_GzJ8JhKV_LfmdgmA6bEKGqvamy-IhUebw2JXTC4g2f136oPWg%3D%3D&request_ab2=0&zoneid=5630040&js_build=iclick-v1.471.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.471.1&bs=a170c905-f617-43fd-ab4e-50f567fa457b&userId=7ac4ab229f9747dd89b3aea6a202444a&m=link
139.45.197.243200 OK 1.6 kB URL HTTP/2 onmarshtompor.com/?rb=tlLrdMRgrWhWKxo586j6D_dEVyzI1TQXItKqfGPi-2ib5QAQ3zSwmyN65MvhKorlj7FAfrzrHjsaLp9pKNZhunharKxSBpoE0-CU69Kc8h7BLyamxIFCBcQD83ek85YwrE7Id2UQz5zFesSJhf-6Bh6IhxHIrOPSkWOaYC_BdbQBL06KKkt-_GzJ8JhKV_LfmdgmA6bEKGqvamy-IhUebw2JXTC4g2f136oPWg%3D%3D&request_ab2=0&zoneid=5630040&js_build=iclick-v1.471.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.471.1&bs=a170c905-f617-43fd-ab4e-50f567fa457b&userId=7ac4ab229f9747dd89b3aea6a202444a&m=link
IP 139.45.197.243:0
File type JSON data\012- , ASCII text, with very long lines (2120), with no line terminators
Hash 21f783cb63c89bd0a99ee21dd34ff901
daeb84833e50000b44305d79475dfbddd502f6da
ef39a68283963c319dfc2b6f6cab1bb748fceaf35ad24c4a59ed3d2e48fd5a0a
GET /?rb=tlLrdMRgrWhWKxo586j6D_dEVyzI1TQXItKqfGPi-2ib5QAQ3zSwmyN65MvhKorlj7FAfrzrHjsaLp9pKNZhunharKxSBpoE0-CU69Kc8h7BLyamxIFCBcQD83ek85YwrE7Id2UQz5zFesSJhf-6Bh6IhxHIrOPSkWOaYC_BdbQBL06KKkt-_GzJ8JhKV_LfmdgmA6bEKGqvamy-IhUebw2JXTC4g2f136oPWg%3D%3D&request_ab2=0&zoneid=5630040&js_build=iclick-v1.471.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.471.1&bs=a170c905-f617-43fd-ab4e-50f567fa457b&userId=7ac4ab229f9747dd89b3aea6a202444a&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leitup.com/
Origin: https://leitup.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: application/json
x-trace-id: 361cc92c07e0304bf5f2929bb7d18a26
access-control-allow-origin: https://leitup.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:17 GMT; path=/; secure; SameSite=None
oaidts=1674382757; expires=Mon, 22 Jan 2024 10:19:17 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 29 Jan 2023 10:19:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/tag.min.js?z=5630039
139.45.197.250200 OK 40 kB URL HTTP/2 ibrapush.com/pfe/current/tag.min.js?z=5630039
IP 139.45.197.250:0
Hash fccff658187e0c0f0f6f2dca85ce9470
1fd12bf4d0932725ffec341c82e27b682ebd29f3
0e1817c54927f7fe3a468d10fac60a3286b8f18ed379f5dd558b52db8e0ee2f7
GET /pfe/current/tag.min.js?z=5630039 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 12:58:18 GMT
etag: W/"63a302ea-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2
bedrapiona.com/5/5630119/?oo=1&js_build=iclick-v1.471.1
139.45.197.234200 OK 16 kB URL HTTP/2 bedrapiona.com/5/5630119/?oo=1&js_build=iclick-v1.471.1
IP 139.45.197.234:0
Hash 4363e64dba6796d48755311a2532ca9b
af05b514a83b1654c24db0f838f783b07e65b7b3
088283918b5efc05a208932543663df79060422f5818eb93d857313b92989cdb
GET /5/5630119/?oo=1&js_build=iclick-v1.471.1 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: application/json
x-trace-id: 7fb7f1199dc68d9d57f4c969ab34504e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://leitup.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:16 GMT; path=/; secure; SameSite=None
oaidts=1674382756; expires=Mon, 22 Jan 2024 10:19:16 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/500/5630116?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5630116?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5630116?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://leitup.com/
Origin: https://leitup.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://leitup.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/500/5630037?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5630037?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5630037?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://leitup.com/
Origin: https://leitup.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://leitup.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
news-muxeta.cc/f/gstats
147.182.248.211200 OK 0 B IP 147.182.248.211:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /f/gstats HTTP/1.1
Host: news-muxeta.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 163
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 22 Jan 2023 10:19:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache
betotodilea.com/500/5630116?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 886 B URL HTTP/2 betotodilea.com/500/5630116?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1118), with no line terminators
Hash bbc6acedb5a2923cc7b242a1efd30f81
e3d04dd677a034c6570b335d05c9937448f1925d
a8852889849fe6fa325d703f6c37053795a629f679fce4a60d79bf39cc4a1f2d
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630116?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Cookie: OAID=27486a2916b94f249c1ac409b139b07b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: application/javascript
x-trace-id: d25625488f74b05e66d2ab8d0661196c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://leitup.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/121?rnd=3184427011&z=5630038&b=16466421&c=6538593&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=kZwdKm_QyAegRc0eX2kUdEYLrMwDqN9iC8azwlUQniFrYpcbvWaNp3n_jZvn7idBK9tPg0QFsaCvqiZBbmE-1_J4eWPi7uYAWW8NumUh3dTOrp-2KY1g2Bk-pxQ_3KppYIL_WkJTcmYiqtUdtMrJ034oAK5u77VHV6OdQ7d6otQpiAIbssv_XjE0SQVmxJqNw0-5dxe8TjWXdbjTsLUSsa_DckhY-wm9wa82XlZCTiaXxfdMWO7wHffb7tFdV9mjLakaPXqP1EBmS6nVP_1fbMy1ABR7tAdeRiJfBxZQJCPLpzhX42_dN4ZbcKKRlDKl7Ci-XaBQE9rZ9wHwxaTjFVneFAADwFueoPWdGabhHbkcVJyQvrGZL7fwJlnBfTepluSwIAb8Ka4y5iWf4lEO0Mr4L6xdcAWmi77MTlPhquMDggeyFft6FKumUmRv7hRqn569lT7bs7SvE3nE36r0AFFIjnmMeIL_u9nuHEVtFJYxVR9bqSwf1ieAZQKmR5QpeVeFUTlHp9QvIDBrdO7AMMG3jkkUQqKWK_YgE-AE46aFPHsQt6N4VN9M6PWa5nQRPBu-LKz_SoBz774Ccjnurd6mqxfFl2n-SxnuG25tHglVR7guTk6L9iq95t18QZFB3JN9kIsC5Gp1VvjleNK2SA4vC0CYEMpLwxtor1N2YEyMgAaAVgGTD-muiaCvigPN2_5bqyaupewiS56FPNnBXg==&bag=MuA5NHbkm203wz-7YcZvnfIr5EgcQtil&ruid=c20f1c58-0ffd-44eb-8ce4-e095eaa59309
139.45.197.242302 Found 0 B URL HTTP/2 nanouwho.com/121?rnd=3184427011&z=5630038&b=16466421&c=6538593&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=kZwdKm_QyAegRc0eX2kUdEYLrMwDqN9iC8azwlUQniFrYpcbvWaNp3n_jZvn7idBK9tPg0QFsaCvqiZBbmE-1_J4eWPi7uYAWW8NumUh3dTOrp-2KY1g2Bk-pxQ_3KppYIL_WkJTcmYiqtUdtMrJ034oAK5u77VHV6OdQ7d6otQpiAIbssv_XjE0SQVmxJqNw0-5dxe8TjWXdbjTsLUSsa_DckhY-wm9wa82XlZCTiaXxfdMWO7wHffb7tFdV9mjLakaPXqP1EBmS6nVP_1fbMy1ABR7tAdeRiJfBxZQJCPLpzhX42_dN4ZbcKKRlDKl7Ci-XaBQE9rZ9wHwxaTjFVneFAADwFueoPWdGabhHbkcVJyQvrGZL7fwJlnBfTepluSwIAb8Ka4y5iWf4lEO0Mr4L6xdcAWmi77MTlPhquMDggeyFft6FKumUmRv7hRqn569lT7bs7SvE3nE36r0AFFIjnmMeIL_u9nuHEVtFJYxVR9bqSwf1ieAZQKmR5QpeVeFUTlHp9QvIDBrdO7AMMG3jkkUQqKWK_YgE-AE46aFPHsQt6N4VN9M6PWa5nQRPBu-LKz_SoBz774Ccjnurd6mqxfFl2n-SxnuG25tHglVR7guTk6L9iq95t18QZFB3JN9kIsC5Gp1VvjleNK2SA4vC0CYEMpLwxtor1N2YEyMgAaAVgGTD-muiaCvigPN2_5bqyaupewiS56FPNnBXg==&bag=MuA5NHbkm203wz-7YcZvnfIr5EgcQtil&ruid=c20f1c58-0ffd-44eb-8ce4-e095eaa59309
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /121?rnd=3184427011&z=5630038&b=16466421&c=6538593&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=kZwdKm_QyAegRc0eX2kUdEYLrMwDqN9iC8azwlUQniFrYpcbvWaNp3n_jZvn7idBK9tPg0QFsaCvqiZBbmE-1_J4eWPi7uYAWW8NumUh3dTOrp-2KY1g2Bk-pxQ_3KppYIL_WkJTcmYiqtUdtMrJ034oAK5u77VHV6OdQ7d6otQpiAIbssv_XjE0SQVmxJqNw0-5dxe8TjWXdbjTsLUSsa_DckhY-wm9wa82XlZCTiaXxfdMWO7wHffb7tFdV9mjLakaPXqP1EBmS6nVP_1fbMy1ABR7tAdeRiJfBxZQJCPLpzhX42_dN4ZbcKKRlDKl7Ci-XaBQE9rZ9wHwxaTjFVneFAADwFueoPWdGabhHbkcVJyQvrGZL7fwJlnBfTepluSwIAb8Ka4y5iWf4lEO0Mr4L6xdcAWmi77MTlPhquMDggeyFft6FKumUmRv7hRqn569lT7bs7SvE3nE36r0AFFIjnmMeIL_u9nuHEVtFJYxVR9bqSwf1ieAZQKmR5QpeVeFUTlHp9QvIDBrdO7AMMG3jkkUQqKWK_YgE-AE46aFPHsQt6N4VN9M6PWa5nQRPBu-LKz_SoBz774Ccjnurd6mqxfFl2n-SxnuG25tHglVR7guTk6L9iq95t18QZFB3JN9kIsC5Gp1VvjleNK2SA4vC0CYEMpLwxtor1N2YEyMgAaAVgGTD-muiaCvigPN2_5bqyaupewiS56FPNnBXg==&bag=MuA5NHbkm203wz-7YcZvnfIr5EgcQtil&ruid=c20f1c58-0ffd-44eb-8ce4-e095eaa59309 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=7ac4ab229f9747dd89b3aea6a202444a; oaidts=1674382756
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-length: 0
location: https://mediasama.com/starharem/01/s/index_rt.html
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 3370d183742bd4ef88dbc24b76bd58f0
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
nanouwho.com/11?rnd=1804308363&z=5630117&b=16380032&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=9P_vERtgw97iRDVCMKPyjm5dmIL20FAWd9LXrlkccIrpMHjxY2_rW_nnSkOj7PruV6LUTm8nZcIAjeDQaPm43Xs9Az1Capce-nOkuO4UW9mAoIcqj2A4JRf-zPAcjDSeowRlv57ngJpNAG5w-m9_oq3d2tMo78q4imdttrFPUpcS9jlxLYy8q7cYPAy6DEDkpPf95xebonTHRRJ9f583QHeYIaV9xMz9eJf3wYuvbzLskmaMysCetZLPiHDAwm6N-L5PrrO6PNjxcHdB9LtzOND1OQ-AlAPtV9TxWkH4L9s2TSaJ7sewbYrmvHUUJpFUQ2HxyVbKioNaH21YZUcOcm8mYPs4EQJR6KEAfA-u6oIjHQVifcm-Uxq790ipUZAMbzmHfYI5CA5xLVOs-h8KRMW7MhUmyKnx-CDO2pOnZRqTf0fZ9S93BA2Vsx0Z2WT9nSV4BGya3SAIuaPzGyNxfDqQzBhqjaDhByHAykMm-m0sy60SLhg0q7nkdKCddT4K7cEJBNVekARWhXFbdgOp6kxAMp5hZD7GBh5EtW8dTL0mti2Bluupr3_8uClkcbEhZKI6o-wOFsi4GKndWfFcK61CcsRRNEN4u7tKc4Gf3DwRjRn2XkJl3VU_PbKpHEyj5c3JQjX2wGOAFhA_6osrsD0O6-YXF-ftCKgWaneoCkgEaztqcujQyh0f0TFyma-JofqVF1Wb0GnYu-B0cf4pgQ==&ruid=46354b78-1b0a-4c5f-9305-96d86293c8c5&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fleitup.com%2FZFUb&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=270
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/11?rnd=1804308363&z=5630117&b=16380032&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=9P_vERtgw97iRDVCMKPyjm5dmIL20FAWd9LXrlkccIrpMHjxY2_rW_nnSkOj7PruV6LUTm8nZcIAjeDQaPm43Xs9Az1Capce-nOkuO4UW9mAoIcqj2A4JRf-zPAcjDSeowRlv57ngJpNAG5w-m9_oq3d2tMo78q4imdttrFPUpcS9jlxLYy8q7cYPAy6DEDkpPf95xebonTHRRJ9f583QHeYIaV9xMz9eJf3wYuvbzLskmaMysCetZLPiHDAwm6N-L5PrrO6PNjxcHdB9LtzOND1OQ-AlAPtV9TxWkH4L9s2TSaJ7sewbYrmvHUUJpFUQ2HxyVbKioNaH21YZUcOcm8mYPs4EQJR6KEAfA-u6oIjHQVifcm-Uxq790ipUZAMbzmHfYI5CA5xLVOs-h8KRMW7MhUmyKnx-CDO2pOnZRqTf0fZ9S93BA2Vsx0Z2WT9nSV4BGya3SAIuaPzGyNxfDqQzBhqjaDhByHAykMm-m0sy60SLhg0q7nkdKCddT4K7cEJBNVekARWhXFbdgOp6kxAMp5hZD7GBh5EtW8dTL0mti2Bluupr3_8uClkcbEhZKI6o-wOFsi4GKndWfFcK61CcsRRNEN4u7tKc4Gf3DwRjRn2XkJl3VU_PbKpHEyj5c3JQjX2wGOAFhA_6osrsD0O6-YXF-ftCKgWaneoCkgEaztqcujQyh0f0TFyma-JofqVF1Wb0GnYu-B0cf4pgQ==&ruid=46354b78-1b0a-4c5f-9305-96d86293c8c5&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fleitup.com%2FZFUb&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=270
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=1804308363&z=5630117&b=16380032&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=9P_vERtgw97iRDVCMKPyjm5dmIL20FAWd9LXrlkccIrpMHjxY2_rW_nnSkOj7PruV6LUTm8nZcIAjeDQaPm43Xs9Az1Capce-nOkuO4UW9mAoIcqj2A4JRf-zPAcjDSeowRlv57ngJpNAG5w-m9_oq3d2tMo78q4imdttrFPUpcS9jlxLYy8q7cYPAy6DEDkpPf95xebonTHRRJ9f583QHeYIaV9xMz9eJf3wYuvbzLskmaMysCetZLPiHDAwm6N-L5PrrO6PNjxcHdB9LtzOND1OQ-AlAPtV9TxWkH4L9s2TSaJ7sewbYrmvHUUJpFUQ2HxyVbKioNaH21YZUcOcm8mYPs4EQJR6KEAfA-u6oIjHQVifcm-Uxq790ipUZAMbzmHfYI5CA5xLVOs-h8KRMW7MhUmyKnx-CDO2pOnZRqTf0fZ9S93BA2Vsx0Z2WT9nSV4BGya3SAIuaPzGyNxfDqQzBhqjaDhByHAykMm-m0sy60SLhg0q7nkdKCddT4K7cEJBNVekARWhXFbdgOp6kxAMp5hZD7GBh5EtW8dTL0mti2Bluupr3_8uClkcbEhZKI6o-wOFsi4GKndWfFcK61CcsRRNEN4u7tKc4Gf3DwRjRn2XkJl3VU_PbKpHEyj5c3JQjX2wGOAFhA_6osrsD0O6-YXF-ftCKgWaneoCkgEaztqcujQyh0f0TFyma-JofqVF1Wb0GnYu-B0cf4pgQ==&ruid=46354b78-1b0a-4c5f-9305-96d86293c8c5&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fleitup.com%2FZFUb&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&ot=270 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Cookie: scm=1; OAID=7ac4ab229f9747dd89b3aea6a202444a; oaidts=1674382756
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://leitup.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 09fa76a97bf473a2b00f6df44c739702
access-control-expose-headers: X-Sc
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:17 GMT; secure; SameSite=None
oaidts=1674382756; expires=Mon, 22 Jan 2024 10:19:17 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://leitup.com/
Origin: https://leitup.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://leitup.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
betotodilea.com/500/5630037?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 981 B URL HTTP/2 betotodilea.com/500/5630037?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 4d1fb4a3585991b73befb7c913982c1f
78cc325043ef8556d830d5ded08b146a74f4bc77
30f4b90abca85ddbb58b58de32be177dab5cfac3692986655494651016eaa74d
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630037?excludes=&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Cookie: OAID=27486a2916b94f249c1ac409b139b07b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: application/javascript
x-trace-id: ef7cfeee2e3f38b0c565fae1c163ffbe
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://leitup.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash dc4ecda5368b52c2e2e0f855c3069d54
094d4c4753e9411e78bba8e036dfe4d578a3136e
6543817b84fb50bf50d47656d95e228b120961571cde07e3aae7f5f60b788920
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 22 Jan 2023 03:49:36 GMT
Expires: Sun, 29 Jan 2023 03:49:35 GMT
Etag: "094d4c4753e9411e78bba8e036dfe4d578a3136e"
Cache-Control: max-age=580817,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d78cea1cc01c0e-OSL
betotodilea.com/400/5630037
139.45.197.237200 OK 39 kB URL HTTP/2 betotodilea.com/400/5630037
IP 139.45.197.237:0
Hash b1858d6b79d6331e0f57a398644c43d9
34d2f6f5c388b4442c173d68cb6bee1e5e4ef8fc
e2ed161fa1fcd868039bd9a8fde0f195a13e1961538ffc0e87d00a5031d185ab
Analyzer Verdict Alert quad9 Sinkholed
GET /400/5630037 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: application/javascript
x-trace-id: 88e6a0d2f62ff115b40d70cb77af736c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=27486a2916b94f249c1ac409b139b07b; expires=Mon, 22 Jan 2024 10:19:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fede3ea3cc0e157fd159a0389e440383
66fcb7eced04f6a1de073c880195508f0db49dd7
d2ae6de8c3b06bacf93bd26a6304736ccce5bee873aa138dc2a8040bc93c23f9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2003
Cache-Control: max-age=141658
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 10:19:17 GMT
Etag: "63cc8c2c-117"
Expires: Tue, 24 Jan 2023 01:40:15 GMT
Last-Modified: Sun, 22 Jan 2023 01:06:52 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
104.22.33.172200 OK 11 kB URL HTTP/2 offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
IP 104.22.33.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash c203639f459b6e675afc744dd5393fc6
c83a0142c1a7f6a07c2dd360243197a27f560932
64b4e386658d3f5764261f576a4673eb506fcad5e38e69ef085723f8dab72263
GET /www/images/c203639f459b6e675afc744dd5393fc6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: image/jpeg
content-length: 10857
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849a-2a69"
expires: Mon, 23 Jan 2023 03:11:40 GMT
last-modified: Thu, 01 Dec 2022 10:40:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 25656
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78d78cebba7d0a3b-ARN
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 8db443342264577e87333036affd720a
2df6a4319b7a1cb5c9140ab63b1726d447c6cbf4
a015cc1252f73e99c8db625b5fc2f04d600c4fc41e3e79a77a12344ecbacb8c3
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 26 Jan 2023 06:59:48 GMT
ETag: "2df6a4319b7a1cb5c9140ab63b1726d447c6cbf4"
Last-Modified: Sun, 22 Jan 2023 06:59:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78d78ceaad731c0e-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1fe4d9925422ffff00c8f8a69ebb46a1
e188a3e66274b47c70b5b588e11bca5ebb6d877c
8b37732bceb4cdf52b1b11ac3555c7b438f6ca996bc249f95d8fe3eba8f03afa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B37732BCEB4CDF52B1B11AC3555C7B438F6CA996BC249F95D8FE3EBA8F03AFA"
Last-Modified: Sat, 21 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17671
Expires: Sun, 22 Jan 2023 15:13:48 GMT
Date: Sun, 22 Jan 2023 10:19:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b2e29adf8138171c53007e55beabcffa
2599f386b51b13d81090ba2c5d100ed1d2479e2d
8e5881fdadf4ba140f2fc9730bf304d79c5c5b91a67d5dac8b170f2a1067a9bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E5881FDADF4BA140F2FC9730BF304D79C5C5B91A67D5DAC8B170F2A1067A9BC"
Last-Modified: Sat, 21 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8725
Expires: Sun, 22 Jan 2023 12:44:42 GMT
Date: Sun, 22 Jan 2023 10:19:17 GMT
Connection: keep-alive
translate.yandex.net/api/v1/tr.json/translate?id=f02fd076.63ca6966.19bedb80.74722d75726c-0-0&srv=tr-url&text=%D0%9F%D0%B5%D1%80%D0%B5%D1%85%D0%BE%D0%B4%20%D0%BF%D0%BE%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B5%20%E2%80%94%20LeitUP.com&text=https%3A%2F%2Fyadi.sk%2Fd%2FjEddX2vpnxSXWQ&text=%D0%9F%D0%B5%D1%80%D0%B5%D0%B9%D1%82%D0%B8%20%D0%BF%D0%BE%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B5%3Cwbr%3E%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%205%20%D1%81%D0%B5%D0%BA.&text=%20%D0%9F%D0%B5%D1%80%D0%B5%D0%B9%D1%82%D0%B8%20%D0%BF%D0%BE%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B5%3Cwbr%3E%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20Telegram%0A%20&text=%D0%9E%20%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81%D0%B5&text=Leitup.com%20%D1%8D%D1%82%D0%BE%20%D1%81%D0%BE%D0%B2%D0%B5%D1%80%D1%88%D0%B5%D0%BD%D0%BD%D0%BE%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D1%8B%D0%B9%20%D0%B8%D0%BD%D1%81%D1%82%D1%80%D1%83%D0%BC%D0%B5%D0%BD%D1%82%2C%20%D0%B3%D0%B4%D0%B5%20%D0%B2%D1%8B%20%D0%BC%D0%BE%D0%B6%D0%B5%D1%82%D0%B5%20%D1%81%D0%BE%D0%B7%D0%B4%D0%B0%D0%B2%D0%B0%D1%82%D1%8C%20%D0%BA%D0%BE%D1%80%D0%BE%D1%82%D0%BA%D0%B8%D0%B5%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B8%2C%20%D0%BA%D0%BE%D1%82%D0%BE%D1%80%D1%8B%D0%B5%20%D0%BD%D0%B5%20%D1%82%D0%BE%D0%BB%D1%8C%D0%BA%D0%BE%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D1%8B%2C%20%D0%BD%D0%BE%20%D0%B8%20%D0%BE%D0%BF%D0%BB%D0%B0%D1%87%D0%B8%D0%B2%D0%B0%D0%B5%D0%BC%D1%8B!%20%D0%97%D0%B0%D1%80%D0%B0%D0%B1%D0%B0%D1%82%D1%8B%D0%B2%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%20%D0%B2%20%D0%98%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20%D0%BF%D1%80%D0%BE%D1%81%D1%82%D0%BE%20%D1%81%D0%BE%D0%B7%D0%B4%D0%B0%D0%B2%D0%B0%D1%8F%20%D0%B8%20%D0%BC%D0%BE%D0%BD%D0%B8%D1%82%D0%BE%D1%80%D1%8F%20%D1%81%D0%B2%D0%BE%D0%B8%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B8.&text=%C2%A9%202021%20LeitUP.COM&text=%D0%9F%D0%BE%D0%BB%D0%B8%D1%82%D0%B8%D0%BA%D0%B0%20%D0%BA%D0%BE%D0%BD%D1%84%D0%B8%D0%B4%D0%B5%D0%BD%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D1%81%D1%82%D0%B8&text=%D0%9F%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D1%82%D0%B5%D0%BB%D1%8C%D1%81%D0%BA%D0%BE%D0%B5%20%D1%81%D0%BE%D0%B3%D0%BB%D0%B0%D1%88%D0%B5%D0%BD%D0%B8%D0%B5&text=LiveInternet%3A%20%D0%BF%D0%BE%D0%BA%D0%B0%D0%B7%D0%B0%D0%BD%D0%BE%20%D1%87%D0%B8%D1%81%D0%BB%D0%BE%20%D0%BF%D1%80%D0%BE%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%BE%D0%B2%20%D0%B8%20%D0%BF%D0%BE%D1%81%D0%B5%D1%82%D0%B8%D1%82%D0%B5%D0%BB%D0%B5%D0%B9%20%D0%B7%D0%B0%2024%20%D1%87%D0%B0%D1%81%D0%B0&lang=ru-en&format=html&options=2&callback=_ld789ej5_._0
213.180.204.194200 OK 673 B URL HTTP/2 translate.yandex.net/api/v1/tr.json/translate?id=f02fd076.63ca6966.19bedb80.74722d75726c-0-0&srv=tr-url&text=%D0%9F%D0%B5%D1%80%D0%B5%D1%85%D0%BE%D0%B4%20%D0%BF%D0%BE%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B5%20%E2%80%94%20LeitUP.com&text=https%3A%2F%2Fyadi.sk%2Fd%2FjEddX2vpnxSXWQ&text=%D0%9F%D0%B5%D1%80%D0%B5%D0%B9%D1%82%D0%B8%20%D0%BF%D0%BE%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B5%3Cwbr%3E%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%205%20%D1%81%D0%B5%D0%BA.&text=%20%D0%9F%D0%B5%D1%80%D0%B5%D0%B9%D1%82%D0%B8%20%D0%BF%D0%BE%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B5%3Cwbr%3E%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20Telegram%0A%20&text=%D0%9E%20%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81%D0%B5&text=Leitup.com%20%D1%8D%D1%82%D0%BE%20%D1%81%D0%BE%D0%B2%D0%B5%D1%80%D1%88%D0%B5%D0%BD%D0%BD%D0%BE%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D1%8B%D0%B9%20%D0%B8%D0%BD%D1%81%D1%82%D1%80%D1%83%D0%BC%D0%B5%D0%BD%D1%82%2C%20%D0%B3%D0%B4%D0%B5%20%D0%B2%D1%8B%20%D0%BC%D0%BE%D0%B6%D0%B5%D1%82%D0%B5%20%D1%81%D0%BE%D0%B7%D0%B4%D0%B0%D0%B2%D0%B0%D1%82%D1%8C%20%D0%BA%D0%BE%D1%80%D0%BE%D1%82%D0%BA%D0%B8%D0%B5%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B8%2C%20%D0%BA%D0%BE%D1%82%D0%BE%D1%80%D1%8B%D0%B5%20%D0%BD%D0%B5%20%D1%82%D0%BE%D0%BB%D1%8C%D0%BA%D0%BE%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D1%8B%2C%20%D0%BD%D0%BE%20%D0%B8%20%D0%BE%D0%BF%D0%BB%D0%B0%D1%87%D0%B8%D0%B2%D0%B0%D0%B5%D0%BC%D1%8B!%20%D0%97%D0%B0%D1%80%D0%B0%D0%B1%D0%B0%D1%82%D1%8B%D0%B2%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%20%D0%B2%20%D0%98%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20%D0%BF%D1%80%D0%BE%D1%81%D1%82%D0%BE%20%D1%81%D0%BE%D0%B7%D0%B4%D0%B0%D0%B2%D0%B0%D1%8F%20%D0%B8%20%D0%BC%D0%BE%D0%BD%D0%B8%D1%82%D0%BE%D1%80%D1%8F%20%D1%81%D0%B2%D0%BE%D0%B8%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B8.&text=%C2%A9%202021%20LeitUP.COM&text=%D0%9F%D0%BE%D0%BB%D0%B8%D1%82%D0%B8%D0%BA%D0%B0%20%D0%BA%D0%BE%D0%BD%D1%84%D0%B8%D0%B4%D0%B5%D0%BD%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D1%81%D1%82%D0%B8&text=%D0%9F%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D1%82%D0%B5%D0%BB%D1%8C%D1%81%D0%BA%D0%BE%D0%B5%20%D1%81%D0%BE%D0%B3%D0%BB%D0%B0%D1%88%D0%B5%D0%BD%D0%B8%D0%B5&text=LiveInternet%3A%20%D0%BF%D0%BE%D0%BA%D0%B0%D0%B7%D0%B0%D0%BD%D0%BE%20%D1%87%D0%B8%D1%81%D0%BB%D0%BE%20%D0%BF%D1%80%D0%BE%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%BE%D0%B2%20%D0%B8%20%D0%BF%D0%BE%D1%81%D0%B5%D1%82%D0%B8%D1%82%D0%B5%D0%BB%D0%B5%D0%B9%20%D0%B7%D0%B0%2024%20%D1%87%D0%B0%D1%81%D0%B0&lang=ru-en&format=html&options=2&callback=_ld789ej5_._0
IP 213.180.204.194:0
File type Unicode text, UTF-8 text, with very long lines (670), with no line terminators
Hash e71946832d08fda912151dc373b6eb19
ad7a3fd48ce8d0312625d539ba414fcb8bb305c8
bdb9374fa9029558db73df7bd3e750d8cff87bf233690582f27bb7003977a425
GET /api/v1/tr.json/translate?id=f02fd076.63ca6966.19bedb80.74722d75726c-0-0&srv=tr-url&text=%D0%9F%D0%B5%D1%80%D0%B5%D1%85%D0%BE%D0%B4%20%D0%BF%D0%BE%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B5%20%E2%80%94%20LeitUP.com&text=https%3A%2F%2Fyadi.sk%2Fd%2FjEddX2vpnxSXWQ&text=%D0%9F%D0%B5%D1%80%D0%B5%D0%B9%D1%82%D0%B8%20%D0%BF%D0%BE%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B5%3Cwbr%3E%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%205%20%D1%81%D0%B5%D0%BA.&text=%20%D0%9F%D0%B5%D1%80%D0%B5%D0%B9%D1%82%D0%B8%20%D0%BF%D0%BE%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B5%3Cwbr%3E%20%D1%87%D0%B5%D1%80%D0%B5%D0%B7%20Telegram%0A%20&text=%D0%9E%20%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81%D0%B5&text=Leitup.com%20%D1%8D%D1%82%D0%BE%20%D1%81%D0%BE%D0%B2%D0%B5%D1%80%D1%88%D0%B5%D0%BD%D0%BD%D0%BE%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D1%8B%D0%B9%20%D0%B8%D0%BD%D1%81%D1%82%D1%80%D1%83%D0%BC%D0%B5%D0%BD%D1%82%2C%20%D0%B3%D0%B4%D0%B5%20%D0%B2%D1%8B%20%D0%BC%D0%BE%D0%B6%D0%B5%D1%82%D0%B5%20%D1%81%D0%BE%D0%B7%D0%B4%D0%B0%D0%B2%D0%B0%D1%82%D1%8C%20%D0%BA%D0%BE%D1%80%D0%BE%D1%82%D0%BA%D0%B8%D0%B5%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B8%2C%20%D0%BA%D0%BE%D1%82%D0%BE%D1%80%D1%8B%D0%B5%20%D0%BD%D0%B5%20%D1%82%D0%BE%D0%BB%D1%8C%D0%BA%D0%BE%20%D0%B1%D0%B5%D1%81%D0%BF%D0%BB%D0%B0%D1%82%D0%BD%D1%8B%2C%20%D0%BD%D0%BE%20%D0%B8%20%D0%BE%D0%BF%D0%BB%D0%B0%D1%87%D0%B8%D0%B2%D0%B0%D0%B5%D0%BC%D1%8B!%20%D0%97%D0%B0%D1%80%D0%B0%D0%B1%D0%B0%D1%82%D1%8B%D0%B2%D0%B0%D0%B9%D1%82%D0%B5%20%D0%B4%D0%B5%D0%BD%D1%8C%D0%B3%D0%B8%20%D0%B2%20%D0%98%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82%D0%B5%20%D0%BF%D1%80%D0%BE%D1%81%D1%82%D0%BE%20%D1%81%D0%BE%D0%B7%D0%B4%D0%B0%D0%B2%D0%B0%D1%8F%20%D0%B8%20%D0%BC%D0%BE%D0%BD%D0%B8%D1%82%D0%BE%D1%80%D1%8F%20%D1%81%D0%B2%D0%BE%D0%B8%20%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B8.&text=%C2%A9%202021%20LeitUP.COM&text=%D0%9F%D0%BE%D0%BB%D0%B8%D1%82%D0%B8%D0%BA%D0%B0%20%D0%BA%D0%BE%D0%BD%D1%84%D0%B8%D0%B4%D0%B5%D0%BD%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D1%81%D1%82%D0%B8&text=%D0%9F%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D1%82%D0%B5%D0%BB%D1%8C%D1%81%D0%BA%D0%BE%D0%B5%20%D1%81%D0%BE%D0%B3%D0%BB%D0%B0%D1%88%D0%B5%D0%BD%D0%B8%D0%B5&text=LiveInternet%3A%20%D0%BF%D0%BE%D0%BA%D0%B0%D0%B7%D0%B0%D0%BD%D0%BE%20%D1%87%D0%B8%D1%81%D0%BB%D0%BE%20%D0%BF%D1%80%D0%BE%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%BE%D0%B2%20%D0%B8%20%D0%BF%D0%BE%D1%81%D0%B5%D1%82%D0%B8%D1%82%D0%B5%D0%BB%D0%B5%D0%B9%20%D0%B7%D0%B0%2024%20%D1%87%D0%B0%D1%81%D0%B0&lang=ru-en&format=html&options=2&callback=_ld789ej5_._0 HTTP/1.1
Host: translate.yandex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 673
date: Sun, 22 Jan 2023 10:19:17 GMT
x-content-type-options: nosniff
set-cookie: _yasc=Gv0P6rd2bCKkqNFgF9/ChpfoFTJImGmVjueEum6FAjzdCwEjz6Bm8GGMO4i+; domain=.yandex.net; path=/; expires=Wed, 19-Jan-2033 10:19:17 GMT; secure
cache-control: no-store
content-type: application/javascript; charset=utf-8
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 0cdef366624b700409d081cfae53e34a
80269a54a2949adf66bf99a83508bba3d87432f3
da7ceaaca858db9b468e3ac1d08179ab480bdb0959f284716bbd422b263c82ec
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 26 Jan 2023 06:58:44 GMT
ETag: "80269a54a2949adf66bf99a83508bba3d87432f3"
Last-Modified: Sun, 22 Jan 2023 06:58:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2841
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78d78cecad03b4fd-OSL
counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//leitup.com/ZFUb;h%u041F%u0435%u0440%u0435%u0445%u043E%u0434%20%u043F%u043E%20%u0441%u0441%u044B%u043B%u043A%u0435%20%u2014%20LeitUP.com;0.8276681226960432
88.212.201.204200 OK 417 B URL HTTP/1.1 counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//leitup.com/ZFUb;h%u041F%u0435%u0440%u0435%u0445%u043E%u0434%20%u043F%u043E%20%u0441%u0441%u044B%u043B%u043A%u0435%20%u2014%20LeitUP.com;0.8276681226960432
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 87a, 88 x 31\012- data
Hash e4cf7606e292e5b38c1e0d92c8973426
f36cc3c7b3b8b57eb352df56528f5c9ff54770bf
91759070728265c1a7a558702924a378707c28dd2f3966e5f4d5d364d070755f
GET /hit?t52.6;r;s1280*1024*24;uhttps%3A//leitup.com/ZFUb;h%u041F%u0435%u0440%u0435%u0445%u043E%u0434%20%u043F%u043E%20%u0441%u0441%u044B%u043B%u043A%u0435%20%u2014%20LeitUP.com;0.8276681226960432 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 22 Jan 2023 10:19:17 GMT
Content-Type: image/gif
Content-Length: 417
Connection: keep-alive
Expires: Fri, 21 Jan 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
interstitial-07.com/contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg
139.45.197.154200 OK 21 kB URL HTTP/2 interstitial-07.com/contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg
IP 139.45.197.154:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash 22adc9ea5795ef560f8d389248e030cf
0ad28b6b561c56650ad3a9e5f4cce7600df548dd
4260ab929da6233410a80d6333d9c33007a23c65ecbb20f72aafbb72ee0ecd2e
GET /contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D779068636%26z%3D5630117%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D9P_vERtgw97iRDVCMKPyjm5dmIL20FAWd9LXrlkccIrpMHjxY2_rW_nnSkOj7PruV6LUTm8nZcIAjeDQaPm43Xs9Az1Capce-nOkuO4UW9mAoIcqj2A4JRf-zPAcjDSeowRlv57ngJpNAG5w-m9_oq3d2tMo78q4imdttrFPUpcS9jlxLYy8q7cYPAy6DEDkpPf95xebonTHRRJ9f583QHeYIaV9xMz9eJf3wYuvbzLskmaMysCetZLPiHDAwm6N-L5PrrO6PNjxcHdB9LtzOND1OQ-AlAPtV9TxWkH4L9s2TSaJ7sewbYrmvHUUJpFUQ2HxyVbKioNaH21YZUcOcm8mYPs4EQJR6KEAfA-u6oIjHQVifcm-Uxq790ipUZAMbzmHfYI5CA5xLVOs-h8KRMW7MhUmyKnx-CDO2pOnZRqTf0fZ9S93BA2Vsx0Z2WT9nSV4BGya3SAIuaPzGyNxfDqQzBhqjaDhByHAykMm-m0sy60SLhg0q7nkdKCddT4K7cEJBNVekARWhXFbdgOp6kxAMp5hZD7GBh5EtW8dTL0mti2Bluupr3_8uClkcbEhZKI6o-wOFsi4GKndWfFcK61CcsRRNEN4u7tKc4Gf3DwRjRn2XkJl3VU_PbKpHEyj5c3JQjX2wGOAFhA_6osrsD0O6-YXF-ftCKgWaneoCkgEaztqcujQyh0f0TFyma-JofqVF1Wb0GnYu-B0cf4pgQ%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D46354b78-1b0a-4c5f-9305-96d86293c8c5%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fleitup.com%252FZFUb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: image/jpeg
content-length: 20759
last-modified: Wed, 14 Dec 2022 16:39:34 GMT
vary: Accept-Encoding
etag: "6399fc46-5117"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg
139.45.197.154200 OK 48 kB URL HTTP/2 interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg
IP 139.45.197.154:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 4d4d448b8d067fbb8dd5bd371f76aa3f
ac126e854681a30faeeec1b07871640015003743
2d544292185300921204a178010fef7d3a94d27e6f8358ef09be4cada4187a5e
GET /contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D779068636%26z%3D5630117%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D9P_vERtgw97iRDVCMKPyjm5dmIL20FAWd9LXrlkccIrpMHjxY2_rW_nnSkOj7PruV6LUTm8nZcIAjeDQaPm43Xs9Az1Capce-nOkuO4UW9mAoIcqj2A4JRf-zPAcjDSeowRlv57ngJpNAG5w-m9_oq3d2tMo78q4imdttrFPUpcS9jlxLYy8q7cYPAy6DEDkpPf95xebonTHRRJ9f583QHeYIaV9xMz9eJf3wYuvbzLskmaMysCetZLPiHDAwm6N-L5PrrO6PNjxcHdB9LtzOND1OQ-AlAPtV9TxWkH4L9s2TSaJ7sewbYrmvHUUJpFUQ2HxyVbKioNaH21YZUcOcm8mYPs4EQJR6KEAfA-u6oIjHQVifcm-Uxq790ipUZAMbzmHfYI5CA5xLVOs-h8KRMW7MhUmyKnx-CDO2pOnZRqTf0fZ9S93BA2Vsx0Z2WT9nSV4BGya3SAIuaPzGyNxfDqQzBhqjaDhByHAykMm-m0sy60SLhg0q7nkdKCddT4K7cEJBNVekARWhXFbdgOp6kxAMp5hZD7GBh5EtW8dTL0mti2Bluupr3_8uClkcbEhZKI6o-wOFsi4GKndWfFcK61CcsRRNEN4u7tKc4Gf3DwRjRn2XkJl3VU_PbKpHEyj5c3JQjX2wGOAFhA_6osrsD0O6-YXF-ftCKgWaneoCkgEaztqcujQyh0f0TFyma-JofqVF1Wb0GnYu-B0cf4pgQ%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D46354b78-1b0a-4c5f-9305-96d86293c8c5%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fleitup.com%252FZFUb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: image/jpeg
content-length: 48518
last-modified: Wed, 14 Dec 2022 16:39:29 GMT
vary: Accept-Encoding
etag: "6399fc41-bd86"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 68a720347361834682399a868662edd5
02d70b49fbad7362df53a006cd460c5fe4f6a522
a81884c4c109359b5fd4fea3550457240a13c3028f874c0d08adebd05ab9d791
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A81884C4C109359B5FD4FEA3550457240A13C3028F874C0D08ADEBD05AB9D791"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11029
Expires: Sun, 22 Jan 2023 13:23:06 GMT
Date: Sun, 22 Jan 2023 10:19:17 GMT
Connection: keep-alive
mediasama.com/starharem/01/s/index_rt.html
149.56.38.113200 OK 1.5 kB URL HTTP/1.1 mediasama.com/starharem/01/s/index_rt.html
IP 149.56.38.113:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 30597b59f3cb1eadf603fcfb21952340
baca3a552764959edd4fc56947acc9a4f33822de
6ac92da5b37d94c53f231a18bb88be006ae20f1724a63151a97ed918d86cb25d
GET /starharem/01/s/index_rt.html HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:17 GMT
Server: Apache
Last-Modified: Wed, 20 Jul 2022 09:11:51 GMT
ETag: "17a0-5e438fdce23c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1525
Content-Type: text/html
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 10:19:18 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d6b1ed5b2221a43dca3174e57df99651
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/styles.css
149.56.38.113200 OK 2.4 kB URL HTTP/1.1 mediasama.com/starharem/01/s/styles.css
IP 149.56.38.113:0
File type ASCII text, with very long lines (420)
Hash 8e7117f5f47cb6cde0a8e8eb38b16dbb
617fd3f0d3f420ee1967a20fb0b0af4ac34eca03
794f8aa66b6afcf9b7d9bfe5952860436dcfee6bf82e4368af6bc838ce89be98
GET /starharem/01/s/styles.css HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:29 GMT
ETag: "2638-5dc0be6400e82-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2406
Content-Type: text/css
mediasama.com/starharem/01/s/js/main.js
149.56.38.113200 OK 549 B URL HTTP/1.1 mediasama.com/starharem/01/s/js/main.js
IP 149.56.38.113:0
Hash d8fa8e233a4db9fbce0c20d9a57a06fe
2366b2969771aa164bfdca6b5baf916806f6758a
f496e19ead804367daa801860cd95a7ec6854965a7c5cf2c49dda71532c19932
GET /starharem/01/s/js/main.js HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:50 GMT
ETag: "516-5dc0be78000b5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 549
Content-Type: application/javascript
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 10:19:18 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 411520326fdb522dd8b063c0b77c67b2
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7863
Expires: Sun, 22 Jan 2023 12:30:21 GMT
Date: Sun, 22 Jan 2023 10:19:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdc45398-1d4d-45ac-94a6-2cc6d910d8b8.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdc45398-1d4d-45ac-94a6-2cc6d910d8b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 375f2cf298e45122ca727fb63f0e5ea7
eb746e6842127741552c7dcc48e8a92193ca3075
8b5e5432f69dad1428c3a735f7a0d07823658e03befc7b6e15f6f5c3306fbaa8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdc45398-1d4d-45ac-94a6-2cc6d910d8b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5196
x-amzn-requestid: 24221211-6673-4d7b-88de-2ef8c9a62f1b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNWRFPUIAMFf-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c27-286d3bb84ad3362d615479ed;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:41:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zqdZgSWyXzoBBGx5Ef3zI6evJsyFmKlShUQvB3TdBGm-wrfU3ACoWw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:52:26 GMT
age: 44812
etag: "eb746e6842127741552c7dcc48e8a92193ca3075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7863
Expires: Sun, 22 Jan 2023 12:30:21 GMT
Date: Sun, 22 Jan 2023 10:19:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e71636bb9a13ad7d52d253e16cd6a3f
401dd58e34982d3434739b9a2f7182487ea1cac5
1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bvxndyaEjWVBvL2nJxC78dz74Pd-mf2NwURh-C-y548P9KfPZiWaZQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:54:17 GMT
age: 44701
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7863
Expires: Sun, 22 Jan 2023 12:30:21 GMT
Date: Sun, 22 Jan 2023 10:19:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tYwSI7_1wwDixmup43f8j54sJ541GjyzB2rboENRXfSpuwPKImlNjA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 01:38:03 GMT
age: 31275
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7863
Expires: Sun, 22 Jan 2023 12:30:21 GMT
Date: Sun, 22 Jan 2023 10:19:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b9c3b02-6a9e-471d-9d0c-2b50255f00f9.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b9c3b02-6a9e-471d-9d0c-2b50255f00f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 54bb2c2439cbf0cefc3075f25576f161
e4e506d7acc877b266c18ae6da3b948e0d41bb1e
8cfef01c8eea67086fdea9865d760f9ed1ecc15dc42f3b2c94fc85d609a31aa2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b9c3b02-6a9e-471d-9d0c-2b50255f00f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9334
x-amzn-requestid: 23f9071b-5274-4c6a-9a4a-d63ea74c7483
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNWQETCoAMFdjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c27-393e62854ba77f783f142985;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:41:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3n5ILyjGGUjvn66yRrz02tfI9FZpfSsZq5c6Oo_kB9OCOpBxD6aAAw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:46:00 GMT
age: 45198
etag: "e4e506d7acc877b266c18ae6da3b948e0d41bb1e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a1de880-d267-45a1-8abe-5bbb4e38b0fa.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a1de880-d267-45a1-8abe-5bbb4e38b0fa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 965b482ff463008a1b5ff0d71d7e6d40
d76bd06810c236fd5fc1450b2bd0b851ebc11d46
0ed628d9cf3c181d5b95da521f0e725661e858e24bff1bb78b5f933c580b3e97
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a1de880-d267-45a1-8abe-5bbb4e38b0fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10470
x-amzn-requestid: 572b1438-68f8-4492-9e57-5d0177114b68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBYVuF8sIAMFq5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca0757-207d1a1d29c50a80328d65c2;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 03:15:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DIOBA_5UREdjzutxlCzf-4_71pY84L-3tf6iDCgP-ziBTtPMJr71Tw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 03:28:35 GMT
age: 24643
etag: "d76bd06810c236fd5fc1450b2bd0b851ebc11d46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e5cb3e8d03fffcd307c5ebaef08167
1a813821d15afd416b82c3343a7920a0ffc909cb
84a81b6f63faa3f17a20222b8fa389761a0fb0512a1549b4848849c0425539c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7656
x-amzn-requestid: 6e1ebd9d-6ef0-48d0-a891-51bbf914ed42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNlYHaUoAMFr-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c88-479e8fb72b0b248d020d9e77;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Pu5h9aerRhgCkbAszYjgiRrblEiomyl7ev5WRmdAjQSTQNgSqczG0A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:58:15 GMT
age: 44463
etag: "1a813821d15afd416b82c3343a7920a0ffc909cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nanouwho.com/15?rnd=471689384&z=5630038&var=&rb=kZwdKm_QyAegRc0eX2kUdEYLrMwDqN9iC8azwlUQniFrYpcbvWaNp3n_jZvn7idBK9tPg0QFsaCvqiZBbmE-1_J4eWPi7uYAWW8NumUh3dTOrp-2KY1g2Bk-pxQ_3KppYIL_WkJTcmYiqtUdtMrJ034oAK5u77VHV6OdQ7d6otQpiAIbssv_XjE0SQVmxJqNw0-5dxe8TjWXdbjTsLUSsa_DckhY-wm9wa82XlZCTiaXxfdMWO7wHffb7tFdV9mjLakaPXqP1EBmS6nVP_1fbMy1ABR7tAdeRiJfBxZQJCPLpzhX42_dN4ZbcKKRlDKl7Ci-XaBQE9rZ9wHwxaTjFVneFAADwFueoPWdGabhHbkcVJyQvrGZL7fwJlnBfTepluSwIAb8Ka4y5iWf4lEO0Mr4L6xdcAWmi77MTlPhquMDggeyFft6FKumUmRv7hRqn569lT7bs7SvE3nE36r0AFFIjnmMeIL_u9nuHEVtFJYxVR9bqSwf1ieAZQKmR5QpeVeFUTlHp9QvIDBrdO7AMMG3jkkUQqKWK_YgE-AE46aFPHsQt6N4VN9M6PWa5nQRPBu-LKz_SoBz774Ccjnurd6mqxfFl2n-SxnuG25tHglVR7guTk6L9iq95t18QZFB3JN9kIsC5Gp1VvjleNK2SA4vC0CYEMpLwxtor1N2YEyMgAaAVgGTD-muiaCvigPN2_5bqyaupewiS56FPNnBXg==&ruid=c20f1c58-0ffd-44eb-8ce4-e095eaa59309&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.328%2C%22location%22%3A%22https%3A%2F%2Fleitup.com%2FZFUb%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
139.45.197.242204 No Content 0 B URL HTTP/2 nanouwho.com/15?rnd=471689384&z=5630038&var=&rb=kZwdKm_QyAegRc0eX2kUdEYLrMwDqN9iC8azwlUQniFrYpcbvWaNp3n_jZvn7idBK9tPg0QFsaCvqiZBbmE-1_J4eWPi7uYAWW8NumUh3dTOrp-2KY1g2Bk-pxQ_3KppYIL_WkJTcmYiqtUdtMrJ034oAK5u77VHV6OdQ7d6otQpiAIbssv_XjE0SQVmxJqNw0-5dxe8TjWXdbjTsLUSsa_DckhY-wm9wa82XlZCTiaXxfdMWO7wHffb7tFdV9mjLakaPXqP1EBmS6nVP_1fbMy1ABR7tAdeRiJfBxZQJCPLpzhX42_dN4ZbcKKRlDKl7Ci-XaBQE9rZ9wHwxaTjFVneFAADwFueoPWdGabhHbkcVJyQvrGZL7fwJlnBfTepluSwIAb8Ka4y5iWf4lEO0Mr4L6xdcAWmi77MTlPhquMDggeyFft6FKumUmRv7hRqn569lT7bs7SvE3nE36r0AFFIjnmMeIL_u9nuHEVtFJYxVR9bqSwf1ieAZQKmR5QpeVeFUTlHp9QvIDBrdO7AMMG3jkkUQqKWK_YgE-AE46aFPHsQt6N4VN9M6PWa5nQRPBu-LKz_SoBz774Ccjnurd6mqxfFl2n-SxnuG25tHglVR7guTk6L9iq95t18QZFB3JN9kIsC5Gp1VvjleNK2SA4vC0CYEMpLwxtor1N2YEyMgAaAVgGTD-muiaCvigPN2_5bqyaupewiS56FPNnBXg==&ruid=c20f1c58-0ffd-44eb-8ce4-e095eaa59309&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.328%2C%22location%22%3A%22https%3A%2F%2Fleitup.com%2FZFUb%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /15?rnd=471689384&z=5630038&var=&rb=kZwdKm_QyAegRc0eX2kUdEYLrMwDqN9iC8azwlUQniFrYpcbvWaNp3n_jZvn7idBK9tPg0QFsaCvqiZBbmE-1_J4eWPi7uYAWW8NumUh3dTOrp-2KY1g2Bk-pxQ_3KppYIL_WkJTcmYiqtUdtMrJ034oAK5u77VHV6OdQ7d6otQpiAIbssv_XjE0SQVmxJqNw0-5dxe8TjWXdbjTsLUSsa_DckhY-wm9wa82XlZCTiaXxfdMWO7wHffb7tFdV9mjLakaPXqP1EBmS6nVP_1fbMy1ABR7tAdeRiJfBxZQJCPLpzhX42_dN4ZbcKKRlDKl7Ci-XaBQE9rZ9wHwxaTjFVneFAADwFueoPWdGabhHbkcVJyQvrGZL7fwJlnBfTepluSwIAb8Ka4y5iWf4lEO0Mr4L6xdcAWmi77MTlPhquMDggeyFft6FKumUmRv7hRqn569lT7bs7SvE3nE36r0AFFIjnmMeIL_u9nuHEVtFJYxVR9bqSwf1ieAZQKmR5QpeVeFUTlHp9QvIDBrdO7AMMG3jkkUQqKWK_YgE-AE46aFPHsQt6N4VN9M6PWa5nQRPBu-LKz_SoBz774Ccjnurd6mqxfFl2n-SxnuG25tHglVR7guTk6L9iq95t18QZFB3JN9kIsC5Gp1VvjleNK2SA4vC0CYEMpLwxtor1N2YEyMgAaAVgGTD-muiaCvigPN2_5bqyaupewiS56FPNnBXg==&ruid=c20f1c58-0ffd-44eb-8ce4-e095eaa59309&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.328%2C%22location%22%3A%22https%3A%2F%2Fleitup.com%2FZFUb%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Cookie: scm=1; OAID=7ac4ab229f9747dd89b3aea6a202444a; oaidts=1674382756
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 10:19:18 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://leitup.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 4e2b7c1328478e5586905e726ee5f0a4
access-control-expose-headers: X-Sc
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:18 GMT; secure; SameSite=None
oaidts=1674382756; expires=Mon, 22 Jan 2024 10:19:18 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/audio/btn_1.mp3
149.56.38.113206 Partial Content 20 kB URL HTTP/1.1 mediasama.com/starharem/01/s/audio/btn_1.mp3
IP 149.56.38.113:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, JntStereo\012- data
Hash d857acaef2cdf5ec88ea6128c1ceb7b3
5f67419243f34232a4da8cb1a1eaecfc192ff1a7
df83bc888086ae84b5d532a39023b0db17e8f3ccd3ffdcd6f35c8d4f39558d24
GET /starharem/01/s/audio/btn_1.mp3 HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:31 GMT
ETag: "4f61-5dc0be65fcb81"
Accept-Ranges: bytes
Content-Length: 20321
Content-Range: bytes 0-20320/20321
Content-Type: audio/mpeg
mediasama.com/starharem/01/s/img/1.jpg
149.56.38.113200 OK 397 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/1.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 397 kB (397097 bytes)
Hash 43c140ec16ce96d582782ea93eeaa4fe
3390bf8e8708620fc0a851455e4729cb4f0248a2
3e176a04debe08dd522e7f0fbc9f7530880a92fb9845afd7391bbaa764a4ad55
GET /starharem/01/s/img/1.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "60f29-5dc622dfac0e8"
Accept-Ranges: bytes
Content-Length: 397097
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/2.jpg
149.56.38.113200 OK 369 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/2.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 369 kB (369239 bytes)
Hash b7d3bd4ae3d5f8477e040e6410517866
2b255c9583c47e5da4069d9c055d3430a0c1e03a
7bb68d5a9a92a500956397e156beb117a0ef605b6747800cacf9c9440b6fc7e4
GET /starharem/01/s/img/2.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5a257-5dc622e1424eb"
Accept-Ranges: bytes
Content-Length: 369239
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/7.jpg
149.56.38.113200 OK 327 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/7.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 327 kB (326553 bytes)
Hash c67c9fb0268eea7d188c4c9bc54a0bf4
216b83374ba6f011041b31dd381f22e99ea7a8c1
95ae6eba3fad2ff05cadc95b27fc79a198a9e873371ab5fb7bb97c1661cd4654
GET /starharem/01/s/img/7.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:45 GMT
ETag: "4fb99-5dc622e5033f2"
Accept-Ranges: bytes
Content-Length: 326553
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/4.jpg
149.56.38.113200 OK 325 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/4.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 325 kB (325446 bytes)
Hash ec18d276822ab5772f3458da7dbedfbc
f7a38f944aaba3e6b848f496bf4b8fee50b58161
da6b7082767f0ddffbec031c7f84b859c7a1f20624445bb26aa93895b75d7c09
GET /starharem/01/s/img/4.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "4f746-5dc622e2da82e"
Accept-Ranges: bytes
Content-Length: 325446
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/3.jpg
149.56.38.113200 OK 375 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/3.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 375 kB (375159 bytes)
Hash 84c5f704120f28ad7bcde2ebab7442a0
fd2745300ba7ad59ff8044c7e9f76b1326ddd120
6227de9cf2198a85639d3808c134b85dc1e6a5ee5ee5709189c5e58d1b91b7c2
GET /starharem/01/s/img/3.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5b977-5dc622e17edac"
Accept-Ranges: bytes
Content-Length: 375159
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/9.jpg
149.56.38.113200 OK 342 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/9.jpg
IP 149.56.38.113:0
Size 342 kB (342231 bytes)
Hash 509bfbb85e7e9586eeb696dbf9c593db
46f0588af7b58906db150253d93fd3532f91d7e8
1d7c5a17b6f97991ff6fb9aed6f8e667e081cc12f11ff3bd505f14dc7a24d81b
GET /starharem/01/s/img/9.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:19 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "536a9-5dc622e6fb276"
Accept-Ranges: bytes
Content-Length: 341673
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/6.jpg
149.56.38.113200 OK 261 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/6.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 261 kB (261364 bytes)
Hash 4b7cf78d93f3f009f850bedb6829d7f6
cc55cad898df47a2f089946aee9398fea7fa2ae6
44d0a6f8e7f7fe0354c05417445137070431686d671c51e9f3d3869867f2448f
GET /starharem/01/s/img/6.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:44 GMT
ETag: "3fcf4-5dc622e471bd1"
Accept-Ranges: bytes
Content-Length: 261364
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/10.jpg
149.56.38.113200 OK 237 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/10.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 237 kB (236974 bytes)
Hash e0046cc1f34ff0701ec4874a0a8c5d43
c6a46db14dfc50d67307a9855f4dd2688d576a01
8589d73053f4bb258d888488403564bdcc94fb2d87c7388f943bf06fb85865a1
GET /starharem/01/s/img/10.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:19 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "39dae-5dc622df755e8"
Accept-Ranges: bytes
Content-Length: 236974
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/5.jpg
149.56.38.113200 OK 461 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/5.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 461 kB (461412 bytes)
Hash 42ad3cffde2e4081df94ded8a30a1dc5
7b064f0fcb96e5b5c498c0c03bcbb9ab15e999b0
be788428faee6157125228734e5510d4f49212766eff23a1a1b178e456f153d1
GET /starharem/01/s/img/5.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:18 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "70a64-5dc622e35f52f"
Accept-Ranges: bytes
Content-Length: 461412
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/8.jpg
149.56.38.113200 OK 682 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/8.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-3584, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 211035008.000000\012- data
Size 682 kB (682050 bytes)
Hash cedcd46e956dee6a28f87198962b0477
7b38f1de654971e436983fb6a34a71540ba526c9
08c08ef6f1ed9da65259719bbcc97e9aec700d3b486a9f0a741cb5800be34db5
GET /starharem/01/s/img/8.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 10:19:19 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "a6842-5dc622e757ed6"
Accept-Ranges: bytes
Content-Length: 682050
Content-Type: image/jpeg
unphionetor.com/fv.js?t=72747&cb=1151153119
139.45.197.236200 OK 405 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=1151153119
IP 139.45.197.236:0
Size 405 kB (404893 bytes)
Hash ed5392fe378bceb0386aeca2255ebe63
8a5e0e090e303acbc8d324f3aaa7b2905481f793
a70baa1ceab1dc57dface746f952f9e4272535345e2ca4aa9f987797b99399b2
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=1151153119 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:18 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b1f9c0ade1a1f71c43a0c5361cef17a1
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leitup.com/
Content-Type: application/json
Origin: https://leitup.com
Content-Length: 722
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:19 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3d7b28d613dbec9129143a720e9978a2
access-control-allow-origin: https://leitup.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
nanouwho.com/15?rnd=471689384&z=5630038&var=&rb=kZwdKm_QyAegRc0eX2kUdEYLrMwDqN9iC8azwlUQniFrYpcbvWaNp3n_jZvn7idBK9tPg0QFsaCvqiZBbmE-1_J4eWPi7uYAWW8NumUh3dTOrp-2KY1g2Bk-pxQ_3KppYIL_WkJTcmYiqtUdtMrJ034oAK5u77VHV6OdQ7d6otQpiAIbssv_XjE0SQVmxJqNw0-5dxe8TjWXdbjTsLUSsa_DckhY-wm9wa82XlZCTiaXxfdMWO7wHffb7tFdV9mjLakaPXqP1EBmS6nVP_1fbMy1ABR7tAdeRiJfBxZQJCPLpzhX42_dN4ZbcKKRlDKl7Ci-XaBQE9rZ9wHwxaTjFVneFAADwFueoPWdGabhHbkcVJyQvrGZL7fwJlnBfTepluSwIAb8Ka4y5iWf4lEO0Mr4L6xdcAWmi77MTlPhquMDggeyFft6FKumUmRv7hRqn569lT7bs7SvE3nE36r0AFFIjnmMeIL_u9nuHEVtFJYxVR9bqSwf1ieAZQKmR5QpeVeFUTlHp9QvIDBrdO7AMMG3jkkUQqKWK_YgE-AE46aFPHsQt6N4VN9M6PWa5nQRPBu-LKz_SoBz774Ccjnurd6mqxfFl2n-SxnuG25tHglVR7guTk6L9iq95t18QZFB3JN9kIsC5Gp1VvjleNK2SA4vC0CYEMpLwxtor1N2YEyMgAaAVgGTD-muiaCvigPN2_5bqyaupewiS56FPNnBXg==&ruid=c20f1c58-0ffd-44eb-8ce4-e095eaa59309&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.33%2C%22location%22%3A%22https%3A%2F%2Fleitup.com%2FZFUb%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
139.45.197.242204 No Content 0 B URL HTTP/2 nanouwho.com/15?rnd=471689384&z=5630038&var=&rb=kZwdKm_QyAegRc0eX2kUdEYLrMwDqN9iC8azwlUQniFrYpcbvWaNp3n_jZvn7idBK9tPg0QFsaCvqiZBbmE-1_J4eWPi7uYAWW8NumUh3dTOrp-2KY1g2Bk-pxQ_3KppYIL_WkJTcmYiqtUdtMrJ034oAK5u77VHV6OdQ7d6otQpiAIbssv_XjE0SQVmxJqNw0-5dxe8TjWXdbjTsLUSsa_DckhY-wm9wa82XlZCTiaXxfdMWO7wHffb7tFdV9mjLakaPXqP1EBmS6nVP_1fbMy1ABR7tAdeRiJfBxZQJCPLpzhX42_dN4ZbcKKRlDKl7Ci-XaBQE9rZ9wHwxaTjFVneFAADwFueoPWdGabhHbkcVJyQvrGZL7fwJlnBfTepluSwIAb8Ka4y5iWf4lEO0Mr4L6xdcAWmi77MTlPhquMDggeyFft6FKumUmRv7hRqn569lT7bs7SvE3nE36r0AFFIjnmMeIL_u9nuHEVtFJYxVR9bqSwf1ieAZQKmR5QpeVeFUTlHp9QvIDBrdO7AMMG3jkkUQqKWK_YgE-AE46aFPHsQt6N4VN9M6PWa5nQRPBu-LKz_SoBz774Ccjnurd6mqxfFl2n-SxnuG25tHglVR7guTk6L9iq95t18QZFB3JN9kIsC5Gp1VvjleNK2SA4vC0CYEMpLwxtor1N2YEyMgAaAVgGTD-muiaCvigPN2_5bqyaupewiS56FPNnBXg==&ruid=c20f1c58-0ffd-44eb-8ce4-e095eaa59309&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.33%2C%22location%22%3A%22https%3A%2F%2Fleitup.com%2FZFUb%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /15?rnd=471689384&z=5630038&var=&rb=kZwdKm_QyAegRc0eX2kUdEYLrMwDqN9iC8azwlUQniFrYpcbvWaNp3n_jZvn7idBK9tPg0QFsaCvqiZBbmE-1_J4eWPi7uYAWW8NumUh3dTOrp-2KY1g2Bk-pxQ_3KppYIL_WkJTcmYiqtUdtMrJ034oAK5u77VHV6OdQ7d6otQpiAIbssv_XjE0SQVmxJqNw0-5dxe8TjWXdbjTsLUSsa_DckhY-wm9wa82XlZCTiaXxfdMWO7wHffb7tFdV9mjLakaPXqP1EBmS6nVP_1fbMy1ABR7tAdeRiJfBxZQJCPLpzhX42_dN4ZbcKKRlDKl7Ci-XaBQE9rZ9wHwxaTjFVneFAADwFueoPWdGabhHbkcVJyQvrGZL7fwJlnBfTepluSwIAb8Ka4y5iWf4lEO0Mr4L6xdcAWmi77MTlPhquMDggeyFft6FKumUmRv7hRqn569lT7bs7SvE3nE36r0AFFIjnmMeIL_u9nuHEVtFJYxVR9bqSwf1ieAZQKmR5QpeVeFUTlHp9QvIDBrdO7AMMG3jkkUQqKWK_YgE-AE46aFPHsQt6N4VN9M6PWa5nQRPBu-LKz_SoBz774Ccjnurd6mqxfFl2n-SxnuG25tHglVR7guTk6L9iq95t18QZFB3JN9kIsC5Gp1VvjleNK2SA4vC0CYEMpLwxtor1N2YEyMgAaAVgGTD-muiaCvigPN2_5bqyaupewiS56FPNnBXg==&ruid=c20f1c58-0ffd-44eb-8ce4-e095eaa59309&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A3.33%2C%22location%22%3A%22https%3A%2F%2Fleitup.com%2FZFUb%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Cookie: scm=1; OAID=7ac4ab229f9747dd89b3aea6a202444a; oaidts=1674382756
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 22 Jan 2023 10:19:20 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://leitup.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 22d788f3fc04ea0248e6919d7ddcce63
access-control-expose-headers: X-Sc
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:20 GMT; secure; SameSite=None
oaidts=1674382756; expires=Mon, 22 Jan 2024 10:19:20 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
betotodilea.com/impression/oRLYenJc2EhtRVKW4BmIaTrMIB12RTQlp_5x7SabWqg_QubD6EMzoKsNvTaTiUiUCeL_V74fTnBaT4yLtX_sjhIv0rWePAL0lGOnc2O3ekekzssZkcPg3gowO1esFpo3lWyQZQrQyipp9vvav9LhUyIHgt-K-d8AVFhNC5IU3Pq7pvmpLUPAxy87bh3TBbsNroQoJVCxAibl4l-YPJficC560i0hlQO95lCZEoYIAdE10G5xvz6uxTqc5QGmXcrwrDjrfyQsAZtZwZh07jSWNxqaFQt5HO52-4QBS4DoNoa0E4_wsKMUsX2zGRLF8IlnthxULV29wDyRKBhyalYZaqMCNN9iaPO2oZaagvIwfOe1n0RUsRN5vuhQwY24gpAXR1Npf9GBq4H55lUHl05I6DFEUCMj2cdx0GQBYztQIQv4SahbcH9NRAIi7Mrmzc-vF9y6w519gm_t3Xnl8b-cKEkvGy99g9OtdE_dOlYGqKk=?_z=5630116&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 betotodilea.com/impression/oRLYenJc2EhtRVKW4BmIaTrMIB12RTQlp_5x7SabWqg_QubD6EMzoKsNvTaTiUiUCeL_V74fTnBaT4yLtX_sjhIv0rWePAL0lGOnc2O3ekekzssZkcPg3gowO1esFpo3lWyQZQrQyipp9vvav9LhUyIHgt-K-d8AVFhNC5IU3Pq7pvmpLUPAxy87bh3TBbsNroQoJVCxAibl4l-YPJficC560i0hlQO95lCZEoYIAdE10G5xvz6uxTqc5QGmXcrwrDjrfyQsAZtZwZh07jSWNxqaFQt5HO52-4QBS4DoNoa0E4_wsKMUsX2zGRLF8IlnthxULV29wDyRKBhyalYZaqMCNN9iaPO2oZaagvIwfOe1n0RUsRN5vuhQwY24gpAXR1Npf9GBq4H55lUHl05I6DFEUCMj2cdx0GQBYztQIQv4SahbcH9NRAIi7Mrmzc-vF9y6w519gm_t3Xnl8b-cKEkvGy99g9OtdE_dOlYGqKk=?_z=5630116&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/oRLYenJc2EhtRVKW4BmIaTrMIB12RTQlp_5x7SabWqg_QubD6EMzoKsNvTaTiUiUCeL_V74fTnBaT4yLtX_sjhIv0rWePAL0lGOnc2O3ekekzssZkcPg3gowO1esFpo3lWyQZQrQyipp9vvav9LhUyIHgt-K-d8AVFhNC5IU3Pq7pvmpLUPAxy87bh3TBbsNroQoJVCxAibl4l-YPJficC560i0hlQO95lCZEoYIAdE10G5xvz6uxTqc5QGmXcrwrDjrfyQsAZtZwZh07jSWNxqaFQt5HO52-4QBS4DoNoa0E4_wsKMUsX2zGRLF8IlnthxULV29wDyRKBhyalYZaqMCNN9iaPO2oZaagvIwfOe1n0RUsRN5vuhQwY24gpAXR1Npf9GBq4H55lUHl05I6DFEUCMj2cdx0GQBYztQIQv4SahbcH9NRAIi7Mrmzc-vF9y6w519gm_t3Xnl8b-cKEkvGy99g9OtdE_dOlYGqKk=?_z=5630116&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:22 GMT
content-type: image/gif
content-length: 43
x-trace-id: 832a25d406a5519a905034fc2318fb95
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/impression/0uaJG4cLcd9jhiiK0uqxlAzIdIydkruB0dfKv48wgbrUqDewRBMsOrnIj6itr3fnaQb9KU_cXD2LKfEg8TLHHL-ce3bbdezzcO8aFnEVZB-yoU41ZxKddRuglP5Z4WyUQqE1QEy_q-SUYdpSDQJUl4okMMt5PthnHB0HUyBy9AfksOQUN61-AmM4RWCYqjTo6CKIqfgXnmlyVc24Ctt5mXuYyP0CkEXRXHrFrMaDPKyT6l0MVun06RUxxmzupfoQoNGOdUqdLrjdd1hngoFfaVWGWiHasM8lZE09b4_1tgEHUbWtLkZlgYpTGhMH-2R-vUJ7w3iP2PsPCo7PIbFMlTFAL77plFAciPqP8YihV3Y-6ZV_EBxJdSFfRGJ8LMY7jsIw-gi09phR1hoW02mwQpn9HDtHCG358Hg2XuNn5pBO_lxvHDfzrVUr285aal12zSXIfqi01VuZFuINJTRgG1_8skLlSm0hj1W0iCEQ2up6dT13mbquC-X7kCt3jfEQ1q9OyZT5UQ64zYyhbzttfCI4s4h56VFT?_z=5630037&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 betotodilea.com/impression/0uaJG4cLcd9jhiiK0uqxlAzIdIydkruB0dfKv48wgbrUqDewRBMsOrnIj6itr3fnaQb9KU_cXD2LKfEg8TLHHL-ce3bbdezzcO8aFnEVZB-yoU41ZxKddRuglP5Z4WyUQqE1QEy_q-SUYdpSDQJUl4okMMt5PthnHB0HUyBy9AfksOQUN61-AmM4RWCYqjTo6CKIqfgXnmlyVc24Ctt5mXuYyP0CkEXRXHrFrMaDPKyT6l0MVun06RUxxmzupfoQoNGOdUqdLrjdd1hngoFfaVWGWiHasM8lZE09b4_1tgEHUbWtLkZlgYpTGhMH-2R-vUJ7w3iP2PsPCo7PIbFMlTFAL77plFAciPqP8YihV3Y-6ZV_EBxJdSFfRGJ8LMY7jsIw-gi09phR1hoW02mwQpn9HDtHCG358Hg2XuNn5pBO_lxvHDfzrVUr285aal12zSXIfqi01VuZFuINJTRgG1_8skLlSm0hj1W0iCEQ2up6dT13mbquC-X7kCt3jfEQ1q9OyZT5UQ64zYyhbzttfCI4s4h56VFT?_z=5630037&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/0uaJG4cLcd9jhiiK0uqxlAzIdIydkruB0dfKv48wgbrUqDewRBMsOrnIj6itr3fnaQb9KU_cXD2LKfEg8TLHHL-ce3bbdezzcO8aFnEVZB-yoU41ZxKddRuglP5Z4WyUQqE1QEy_q-SUYdpSDQJUl4okMMt5PthnHB0HUyBy9AfksOQUN61-AmM4RWCYqjTo6CKIqfgXnmlyVc24Ctt5mXuYyP0CkEXRXHrFrMaDPKyT6l0MVun06RUxxmzupfoQoNGOdUqdLrjdd1hngoFfaVWGWiHasM8lZE09b4_1tgEHUbWtLkZlgYpTGhMH-2R-vUJ7w3iP2PsPCo7PIbFMlTFAL77plFAciPqP8YihV3Y-6ZV_EBxJdSFfRGJ8LMY7jsIw-gi09phR1hoW02mwQpn9HDtHCG358Hg2XuNn5pBO_lxvHDfzrVUr285aal12zSXIfqi01VuZFuINJTRgG1_8skLlSm0hj1W0iCEQ2up6dT13mbquC-X7kCt3jfEQ1q9OyZT5UQ64zYyhbzttfCI4s4h56VFT?_z=5630037&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:22 GMT
content-type: image/gif
content-length: 43
x-trace-id: 5feae3caa5c1492819e4fb28c356a552
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/500/5630116?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5630116?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5630116?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://leitup.com/
Origin: https://leitup.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:22 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://leitup.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/500/5630037?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5630037?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5630037?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://leitup.com/
Origin: https://leitup.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:22 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://leitup.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/500/5630116?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 15 kB URL HTTP/2 betotodilea.com/500/5630116?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 20ad48bd8365659b83952b5b96e6e7fc
c8b0ac52c7307c5bb4d47cf06618d4d4430cc06b
6d333bcc63a65e33e0885d8b2786cb372d8f9c1c3333f93a974eccedcbad4e36
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630116?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:22 GMT
content-type: application/javascript
x-trace-id: 40eefcf1521c78f842335aac0999bfbb
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://leitup.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/500/5630037?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 942 B URL HTTP/2 betotodilea.com/500/5630037?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1168), with no line terminators
Hash 9bace6a1e8196b6792259e2b8fbce4f2
0591b82967048e139269588bf7f4dc22d64ec6d2
0f8f6685422eaab5516a061f32b7a93cb54a1e2528e5cad021a5f8cb282c632b
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630037?excludes=16368911&oaid=7ac4ab229f9747dd89b3aea6a202444a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fleitup.com%2FZFUb&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:22 GMT
content-type: application/javascript
x-trace-id: dab197554df94c023a846912f44a170b
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://leitup.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
interstitial-07.com/?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D779068636%26z%3D5630117%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D9P_vERtgw97iRDVCMKPyjm5dmIL20FAWd9LXrlkccIrpMHjxY2_rW_nnSkOj7PruV6LUTm8nZcIAjeDQaPm43Xs9Az1Capce-nOkuO4UW9mAoIcqj2A4JRf-zPAcjDSeowRlv57ngJpNAG5w-m9_oq3d2tMo78q4imdttrFPUpcS9jlxLYy8q7cYPAy6DEDkpPf95xebonTHRRJ9f583QHeYIaV9xMz9eJf3wYuvbzLskmaMysCetZLPiHDAwm6N-L5PrrO6PNjxcHdB9LtzOND1OQ-AlAPtV9TxWkH4L9s2TSaJ7sewbYrmvHUUJpFUQ2HxyVbKioNaH21YZUcOcm8mYPs4EQJR6KEAfA-u6oIjHQVifcm-Uxq790ipUZAMbzmHfYI5CA5xLVOs-h8KRMW7MhUmyKnx-CDO2pOnZRqTf0fZ9S93BA2Vsx0Z2WT9nSV4BGya3SAIuaPzGyNxfDqQzBhqjaDhByHAykMm-m0sy60SLhg0q7nkdKCddT4K7cEJBNVekARWhXFbdgOp6kxAMp5hZD7GBh5EtW8dTL0mti2Bluupr3_8uClkcbEhZKI6o-wOFsi4GKndWfFcK61CcsRRNEN4u7tKc4Gf3DwRjRn2XkJl3VU_PbKpHEyj5c3JQjX2wGOAFhA_6osrsD0O6-YXF-ftCKgWaneoCkgEaztqcujQyh0f0TFyma-JofqVF1Wb0GnYu-B0cf4pgQ%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D46354b78-1b0a-4c5f-9305-96d86293c8c5%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fleitup.com%252FZFUb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.154200 OK 0 B URL HTTP/2 interstitial-07.com/?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D779068636%26z%3D5630117%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D9P_vERtgw97iRDVCMKPyjm5dmIL20FAWd9LXrlkccIrpMHjxY2_rW_nnSkOj7PruV6LUTm8nZcIAjeDQaPm43Xs9Az1Capce-nOkuO4UW9mAoIcqj2A4JRf-zPAcjDSeowRlv57ngJpNAG5w-m9_oq3d2tMo78q4imdttrFPUpcS9jlxLYy8q7cYPAy6DEDkpPf95xebonTHRRJ9f583QHeYIaV9xMz9eJf3wYuvbzLskmaMysCetZLPiHDAwm6N-L5PrrO6PNjxcHdB9LtzOND1OQ-AlAPtV9TxWkH4L9s2TSaJ7sewbYrmvHUUJpFUQ2HxyVbKioNaH21YZUcOcm8mYPs4EQJR6KEAfA-u6oIjHQVifcm-Uxq790ipUZAMbzmHfYI5CA5xLVOs-h8KRMW7MhUmyKnx-CDO2pOnZRqTf0fZ9S93BA2Vsx0Z2WT9nSV4BGya3SAIuaPzGyNxfDqQzBhqjaDhByHAykMm-m0sy60SLhg0q7nkdKCddT4K7cEJBNVekARWhXFbdgOp6kxAMp5hZD7GBh5EtW8dTL0mti2Bluupr3_8uClkcbEhZKI6o-wOFsi4GKndWfFcK61CcsRRNEN4u7tKc4Gf3DwRjRn2XkJl3VU_PbKpHEyj5c3JQjX2wGOAFhA_6osrsD0O6-YXF-ftCKgWaneoCkgEaztqcujQyh0f0TFyma-JofqVF1Wb0GnYu-B0cf4pgQ%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D46354b78-1b0a-4c5f-9305-96d86293c8c5%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fleitup.com%252FZFUb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.154:0
GET /?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D779068636%26z%3D5630117%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D9P_vERtgw97iRDVCMKPyjm5dmIL20FAWd9LXrlkccIrpMHjxY2_rW_nnSkOj7PruV6LUTm8nZcIAjeDQaPm43Xs9Az1Capce-nOkuO4UW9mAoIcqj2A4JRf-zPAcjDSeowRlv57ngJpNAG5w-m9_oq3d2tMo78q4imdttrFPUpcS9jlxLYy8q7cYPAy6DEDkpPf95xebonTHRRJ9f583QHeYIaV9xMz9eJf3wYuvbzLskmaMysCetZLPiHDAwm6N-L5PrrO6PNjxcHdB9LtzOND1OQ-AlAPtV9TxWkH4L9s2TSaJ7sewbYrmvHUUJpFUQ2HxyVbKioNaH21YZUcOcm8mYPs4EQJR6KEAfA-u6oIjHQVifcm-Uxq790ipUZAMbzmHfYI5CA5xLVOs-h8KRMW7MhUmyKnx-CDO2pOnZRqTf0fZ9S93BA2Vsx0Z2WT9nSV4BGya3SAIuaPzGyNxfDqQzBhqjaDhByHAykMm-m0sy60SLhg0q7nkdKCddT4K7cEJBNVekARWhXFbdgOp6kxAMp5hZD7GBh5EtW8dTL0mti2Bluupr3_8uClkcbEhZKI6o-wOFsi4GKndWfFcK61CcsRRNEN4u7tKc4Gf3DwRjRn2XkJl3VU_PbKpHEyj5c3JQjX2wGOAFhA_6osrsD0O6-YXF-ftCKgWaneoCkgEaztqcujQyh0f0TFyma-JofqVF1Wb0GnYu-B0cf4pgQ%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D46354b78-1b0a-4c5f-9305-96d86293c8c5%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fleitup.com%252FZFUb%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D939%26wfc%3D0%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
set-cookie: reverse=Lf2IkT6KT_EGhzR8zMmnnskJgnfZAPgpmhbTjpL2qrU; expires=Sun, 22-Jan-2023 11:19:17 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
nanouwho.com/1?z=5630117
139.45.197.242200 OK 0 B IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5630117 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: dd5c0338fa49cce9565598d0999d2bb4
access-control-expose-headers: X-Sc
x-sc: 84cuXudgC4G8gZk6zOW1bIQYponIJxiL-NdQBNHLVRs6MPcEuFLTxDVoeEV1ZcueCqijYi8FP9ow2IL9-i_dye9a4PY=
set-cookie: scm=1; expires=Mon, 22 Jan 2024 10:19:16 GMT; secure; SameSite=None
OAID=c4696ee1ba5541ef84e2df56f15e80bd; expires=Mon, 22 Jan 2024 10:19:16 GMT; secure; SameSite=None
oaidts=1674382756; expires=Mon, 22 Jan 2024 10:19:16 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
leitup.com/ZFUb
172.67.206.125200 OK 0 B IP 172.67.206.125:0
GET /ZFUb HTTP/1.1
Host: leitup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 22 Jan 2023 10:19:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: Sameorigin
access-control-allow-origin: *
set-cookie: PHPSESSID=b96h0hcm2n4boo3l59dcvj6fm3; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-robots-tag: noindex, nofollow
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jR6eGbIbxOpDXyd4WOWQ6u1GHs4zM9w4HblWcGy6KGpib45EjI1VO%2B%2FKEKBQlMP15r8%2BnXs6S4%2FMxb9l5By8NLqoDyWkkWxpmV1WOXr0sLpi7UJ2dcbZTm2u8ygU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78d78ce07ec40b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600;700&display=swap
IP 142.250.74.106:0
GET /css2?family=Open+Sans:wght@300;400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leitup.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 22 Jan 2023 10:19:16 GMT
date: Sun, 22 Jan 2023 10:19:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
nanouwho.com/9?z=5630117&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fleitup.com%2FZFUb&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=7ac4ab229f9747dd89b3aea6a202444a
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/9?z=5630117&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fleitup.com%2FZFUb&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=7ac4ab229f9747dd89b3aea6a202444a
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5630117&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fleitup.com%2FZFUb&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=7ac4ab229f9747dd89b3aea6a202444a HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1317
Origin: https://leitup.com
Connection: keep-alive
Referer: https://leitup.com/
Cookie: scm=1; OAID=c4696ee1ba5541ef84e2df56f15e80bd; oaidts=1674382756
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 10:19:17 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://leitup.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: cd214ee3d70c683cbba83d04cb3c2d8e
access-control-expose-headers: X-Sc
set-cookie: OAID=7ac4ab229f9747dd89b3aea6a202444a; expires=Mon, 22 Jan 2024 10:19:17 GMT; secure; SameSite=None
oaidts=1674382756; expires=Mon, 22 Jan 2024 10:19:17 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2