www.file-upload.com/wrbhki8wqa3s
104.21.79.149200 OK 5.6 kB URL HTTP/1.1 www.file-upload.com/wrbhki8wqa3s
IP 104.21.79.149:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (842)
Hash a9337769298170b1c3198ef0c6e20ed5
b6ed3bb7cf80457cad7ac8b6257b1f4d1280c803
486319b01fca8e9bc927a0bccd0d8455374d4177df98d1b0f7f725b77bd9f6eb
GET /wrbhki8wqa3s HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 14:30:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0;includeSubDomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Tue, 06 Dec 2022 14:30:48 GMT
Set-Cookie: lang=english; domain=.file-upload.com; path=/
aff=17256; domain=.file-upload.com; path=/; expires=Wed, 21-Dec-2022 14:30:48 GMT
X-Cache: HIT from Backend
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6RsYiCcWvu3gPYiWoMTZ9%2FZeNPCdKWYJgHZboqatkGYZN3LeebNVWKzHTdjWhmo%2BSTb5YwHCc6pRo%2FmsfNNwzziC88QSjtq7MCk3SuXgc%2BRDex8wTB95KvR%2BeTWovern%2FHyyKNEs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 775df6183d690b3d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13796
Expires: Wed, 07 Dec 2022 18:20:44 GMT
Date: Wed, 07 Dec 2022 14:30:48 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash aaee4cb7873d6f1effbadf269482e100
bd55730ac8414fb6861b03c2a97319b4063e2cb9
d724fd9c5704fb8948d575357cad0032e89cf275d57ddb86f013fa97e033487c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1120
Cache-Control: max-age=159547
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:48 GMT
Etag: "63906b73-1d7"
Expires: Fri, 09 Dec 2022 10:49:55 GMT
Last-Modified: Wed, 07 Dec 2022 10:31:15 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12873
Expires: Wed, 07 Dec 2022 18:05:21 GMT
Date: Wed, 07 Dec 2022 14:30:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 14:08:02 GMT
content-type: application/json
age: 1366
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 4aPf+yhrKwE7h78A/fmBLPskkCQA+b/CIIYE9GC22WlHprbbm5+D9Cf89/PotQM8X5I7E3+rAjg=
x-amz-request-id: G6BGYS2RPCZS747N
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 13:49:23 GMT
age: 2485
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
www.file-upload.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.21.79.149200 OK 3.9 kB URL HTTP/1.1 www.file-upload.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 104.21.79.149:0
File type ASCII text, with very long lines (12331)
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/wrbhki8wqa3s
Cookie: lang=english; aff=17256
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 14:30:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 17:55:37 GMT
ETag: W/"638a3c19-302c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ryj1ExiV%2FbpRoc2aeU363slwWQFd86VCphWniQePiI%2B89Gk%2BZdopALNr%2Br09N3brYN2zm9z4nP8ujgU0LfxNFVO%2Bhwk%2BF2UDimbFa1OsZijOib8agUYpMZBFAI3lbIIPHIIdvfLL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775df61b09020b3d-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Fri, 09 Dec 2022 14:30:48 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 14:30:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a18d51d53597793e32d77e8a2091679
1ca242b14d242877a6dbef00e2179d642e604ce5
bcb5f358c86cedeff93b079be0c47d749a0c0874f43c84538b2d491b88b9e3d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 841
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:48 GMT
Etag: "638ebcfd-117"
Last-Modified: Wed, 07 Dec 2022 14:16:47 GMT
Server: ECS (amb/6BAD)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a18d51d53597793e32d77e8a2091679
1ca242b14d242877a6dbef00e2179d642e604ce5
bcb5f358c86cedeff93b079be0c47d749a0c0874f43c84538b2d491b88b9e3d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 841
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:48 GMT
Last-Modified: Wed, 07 Dec 2022 14:16:47 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a18d51d53597793e32d77e8a2091679
1ca242b14d242877a6dbef00e2179d642e604ce5
bcb5f358c86cedeff93b079be0c47d749a0c0874f43c84538b2d491b88b9e3d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1668
Cache-Control: max-age=136295
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:48 GMT
Etag: "63900e7b-118"
Expires: Fri, 09 Dec 2022 04:22:23 GMT
Last-Modified: Wed, 07 Dec 2022 03:54:35 GMT
Server: ECS (amb/6B91)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a18d51d53597793e32d77e8a2091679
1ca242b14d242877a6dbef00e2179d642e604ce5
bcb5f358c86cedeff93b079be0c47d749a0c0874f43c84538b2d491b88b9e3d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=134627
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:48 GMT
Etag: "63900e7b-118"
Expires: Fri, 09 Dec 2022 03:54:35 GMT
Last-Modified: Wed, 07 Dec 2022 03:54:35 GMT
Server: nginx
Content-Length: 280
www.file-upload.com/mngez/images/anti2.png
104.21.79.149200 OK 641 B URL HTTP/2 www.file-upload.com/mngez/images/anti2.png
IP 104.21.79.149:0
File type PNG image data, 100 x 89, 8-bit/color RGBA, non-interlaced\012- data
Hash 722859ca75e68c14f4d803e76f846b92
0a00fa9439d602f40e3acd72dfb08b2f89c3fa2f
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f
GET /mngez/images/anti2.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:48 GMT
content-type: image/png
content-length: 641
cache-control: max-age=315360000
cf-bgj: csam-hash
etag: "5c26aa0b-281"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 28 Dec 2018 22:56:11 GMT
cf-cache-status: HIT
age: 50176140
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2mdq61LRmGV3NwpCxShJtLbX%2B5Cevd0BC8Yo9DZlonwHMZSgbTNTal%2FhYzdkoLxaiAwiKmLy%2BZnR6B5hs1NT6zIsgIbdPtwqqgVqHdu7sr8fxyUYAxmtWO1%2BmuhFijS1YMfjNaH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df61b7939fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
151.139.128.10200 OK 4.5 kB URL HTTP/1.1 images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
IP 151.139.128.10:0
File type PNG image data, 135 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash b0e239fa4ddfbcdf08cbcb34a13b2a0f
957fdb58c09d85e41cc6a6ea134a9365adee4ec9
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
GET /Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766 HTTP/1.1
Host: images.dmca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 14:30:48 GMT
Content-Type: image/png
Last-Modified: Thu, 02 Jun 2011 03:26:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/10.0
Cache-Control: public,max-age=31536000
ETag: "0abbdbd420cc1:0"
X-Powered-By: ASP.NET
X-HW: 1670423448.cds217.sk1.h2,1670423448.cds246.sk1.c
Link: <http://www.dmca.com/Badges/_dmca_premi_badge_4.png>; rel="canonical"
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 4535
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 4a18d51d53597793e32d77e8a2091679
1ca242b14d242877a6dbef00e2179d642e604ce5
bcb5f358c86cedeff93b079be0c47d749a0c0874f43c84538b2d491b88b9e3d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 841
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:48 GMT
Last-Modified: Wed, 07 Dec 2022 14:16:47 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
d26adrx9c3n0mq.cloudfront.net/?xrdad=888399
54.230.245.209200 OK 51 kB URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/?xrdad=888399
IP 54.230.245.209:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash 359d2fc2a8ba02dd410779dbf070cf53
6509f08979d00d870b25c2587b2f565ebf07a903
d39b19d4cccd8def9da532185638d8264b10e2c544487621a3f3e731d2f72d71
GET /?xrdad=888399 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Content-Length: 50795
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ftmnzRu4REF4BIFvCIk5ZRodPKhgNQ98Lk5oqvMLQWX0ehtFJBhtkQ==
d26adrx9c3n0mq.cloudfront.net/?xrdad=888398
54.230.245.209200 OK 163 kB URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/?xrdad=888398
IP 54.230.245.209:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Size 163 kB (163116 bytes)
Hash 9a01dcd261e7467f675efc2fe913a8af
97ad57f8d549401ecbba540beb44bcac76895995
ad84da2a5d20ddc714797cf1f41db45ec9329fe50ac38d620679825c75d3bb0b
GET /?xrdad=888398 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Content-Length: 163116
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Hf01fqbpm4J8_1FXARkcBYAmVq3P-8_CwMCUG41m84WnpyHp1Kb8-w==
www.file-upload.com/assets/images/logo_new.png
104.21.79.149200 OK 11 kB URL HTTP/2 www.file-upload.com/assets/images/logo_new.png
IP 104.21.79.149:0
File type PNG image data, 388 x 100, 8-bit colormap, non-interlaced\012- data
Hash 013809a14128b4e8ce78363114d5fd6d
433c94b7ec5df206f6564bddbfa5b2439ab94c3c
cdb644953802be61cd179e08c27b06275c4b141d374ba70213a4e09a6bcf0ad2
GET /assets/images/logo_new.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:48 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 09 Nov 2018 12:00:31 GMT
etag: W/"c8f-57a3a191435c0"
cache-control: public, max-age=31536000
expires: Mon, 13 Jun 2022 22:20:06 GMT
x-cache: HIT from Backend
cf-cache-status: HIT
age: 15869442
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qcPzD8Yjj7Z66uiSz9Es53m5ouRkE8Ba6TtzRaD%2FW8n7nEELbaLItNeEnEvitklLDwEyoJ42SvmqVNV82N%2FLddRLkskfPH1clG3tIzxBkuvN%2FjbpGKUVy21zAlkY1UGW%2FASFfgQ6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61b793bfab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.file-upload.com/mngez/images/anti1.png
104.21.79.149200 OK 27 kB URL HTTP/2 www.file-upload.com/mngez/images/anti1.png
IP 104.21.79.149:0
File type PNG image data, 150 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash dfe3feac918eaa961cdb74fc0f6df328
7144d1bfec822006f0e801b91ca52aa34626afbd
a0bebdbd90761842d8db9550581bcad5a6e58a04b46a028843c5be1f3550bb50
GET /mngez/images/anti1.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:48 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Fri, 28 Dec 2018 22:57:30 GMT
etag: W/"4aae-57e1cfcdbca80"
cache-control: public, max-age=31536000
expires: Mon, 13 Jun 2022 22:59:53 GMT
x-cache: HIT from Backend
cf-cache-status: HIT
age: 15867055
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MKSLkKWxCS7%2F%2FRhm76lWoe%2BVnVg2NMiuLUrdpoKpaEltR1usc84ZH1Cv8SW8GOvdt8PAD%2BhLjoXddW0kSBMzA8WGvAxAOwcXV%2BEWTV9T6TbhXGw8tjqjxN9oy5cosmDrPe%2BJJpbk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61b7937fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 216.58.211.3:0
Hash a05d0c0d61ac3553a34ce8b44a9644a0
cfd06b7f326ba30aca89acd7d3b9013de12c3fc6
b6a962702e5478402a58933c6ecb6ee3f01c7ce2fbb50bd0b5ecb53b50610c5e
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 216.58.211.3:0
Hash a05d0c0d61ac3553a34ce8b44a9644a0
cfd06b7f326ba30aca89acd7d3b9013de12c3fc6
b6a962702e5478402a58933c6ecb6ee3f01c7ce2fbb50bd0b5ecb53b50610c5e
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 216.58.211.3:0
Hash a05d0c0d61ac3553a34ce8b44a9644a0
cfd06b7f326ba30aca89acd7d3b9013de12c3fc6
b6a962702e5478402a58933c6ecb6ee3f01c7ce2fbb50bd0b5ecb53b50610c5e
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 216.58.211.3:0
Hash a05d0c0d61ac3553a34ce8b44a9644a0
cfd06b7f326ba30aca89acd7d3b9013de12c3fc6
b6a962702e5478402a58933c6ecb6ee3f01c7ce2fbb50bd0b5ecb53b50610c5e
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uthecrimorew.com/b3c4eG4OFVsVUQ5KWl4bHRsFXVwpUgo+Cl1BWRwcF05bSwBfGklWDQMYTRwIHRhWDEABEkxdXCkkWi08FhJvKSEkD08eORccTD4FPRRuIF8pIwkyIiMQfS8tB0YNKAkYEH9LI1cxUEw2NhBhPC8pNQguLDoxeQEgPy9PPSolRwExPwgAXz0rPSZrAi8sMV9BPyUlABsqFwRWOi8qO3xKJycwfhMvJABfKS0uMlQuXhwebz8eLC9+IgoNNm0pLQgcSjo/HzVgSz8MM20+CAsydjI9A0ZQKTobNWBLPykyeQgMDDFcMyQEHwopCSkkby8oLTgIPggLNhU5Pj4hDD4/XxtqKV09FWA+NAs+QBsPKwByED8rTm8gNjk0ay44CxNuHCI5NksMLy0AezkEFy9rASQME30cNjkySwA6XxAeEh0AGUhFIhozTk8gAA1C
54.192.99.67200 OK 1.2 kB URL HTTP/1.1 uthecrimorew.com/b3c4eG4OFVsVUQ5KWl4bHRsFXVwpUgo+Cl1BWRwcF05bSwBfGklWDQMYTRwIHRhWDEABEkxdXCkkWi08FhJvKSEkD08eORccTD4FPRRuIF8pIwkyIiMQfS8tB0YNKAkYEH9LI1cxUEw2NhBhPC8pNQguLDoxeQEgPy9PPSolRwExPwgAXz0rPSZrAi8sMV9BPyUlABsqFwRWOi8qO3xKJycwfhMvJABfKS0uMlQuXhwebz8eLC9+IgoNNm0pLQgcSjo/HzVgSz8MM20+CAsydjI9A0ZQKTobNWBLPykyeQgMDDFcMyQEHwopCSkkby8oLTgIPggLNhU5Pj4hDD4/XxtqKV09FWA+NAs+QBsPKwByED8rTm8gNjk0ay44CxNuHCI5NksMLy0AezkEFy9rASQME30cNjkySwA6XxAeEh0AGUhFIhozTk8gAA1C
IP 54.192.99.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 6136a03e52d404643ae938c9c72eecc6
f02d56efa43fadd8ecbeaf75c5e8d127d5a46b43
03e980cc10bef5c3088f6e5e8d87b9fd15fd16a2447f2c825ef19baf8f2e636b
GET /b3c4eG4OFVsVUQ5KWl4bHRsFXVwpUgo+Cl1BWRwcF05bSwBfGklWDQMYTRwIHRhWDEABEkxdXCkkWi08FhJvKSEkD08eORccTD4FPRRuIF8pIwkyIiMQfS8tB0YNKAkYEH9LI1cxUEw2NhBhPC8pNQguLDoxeQEgPy9PPSolRwExPwgAXz0rPSZrAi8sMV9BPyUlABsqFwRWOi8qO3xKJycwfhMvJABfKS0uMlQuXhwebz8eLC9+IgoNNm0pLQgcSjo/HzVgSz8MM20+CAsydjI9A0ZQKTobNWBLPykyeQgMDDFcMyQEHwopCSkkby8oLTgIPggLNhU5Pj4hDD4/XxtqKV09FWA+NAs+QBsPKwByED8rTm8gNjk0ay44CxNuHCI5NksMLy0AezkEFy9rASQME30cNjkySwA6XxAeEh0AGUhFIhozTk8gAA1C HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1184
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 1132899b9bc2928e13b30713fd82f9b0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: 6YQCRtioxFONxmFM5aubFUqqotSf9x8sgVkt1ANtZCO2q2Kr_trMlw==
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 01ad2a2d73f44f91a0f351cf467e5f62
56c8ebaff945a3c8e7cf2b7f6b6485273bd11a8c
4ca2010f92ac7caeb9101806cbcb83c0827b63a037c615e186ab2c471531a959
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 14:30:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 07:59:30 GMT
Expires: Tue, 13 Dec 2022 07:59:29 GMT
Etag: "56c8ebaff945a3c8e7cf2b7f6b6485273bd11a8c"
Cache-Control: max-age=494319,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775df61dcaa0b51e-OSL
uthecrimorew.com/R29jNWUmDQBYWiZSARMQNQNeEFcBSlFzAXVZAlEXP1YABgt3AhIbBisAFlEDNQANQUspChcQVwEGNwQOPTk2XhYJA1NPAS0cFGNXLxgFYhYFNitFFQpfIgMvPVYIYg0eIS1kFR0uN148DzoqAiIvCxNtPQpWLWFVCDU0DQ8IKVNMAQAEW20xHV8FW1wUIjBBHCU9Nl0qFC4acQ8WBChfLwEhCQ1WCQMlTzUEWghtDygVKV8zISEkTVwPGDkCABAfEXRWd0pRdy8tCzt6D3NXBXQjKyUZQV0GODUBA3QMJ1YtKCEFdCMrPwpsVgU4JUYDBRw0b1YsXAFCSCMYBlJUfy40YFIINxR0Iw8HRgcjJS1SWTwAHxF0Hw4cL3EvJAwrRi8mGC1eAB9WDHRXFRwFYgkRPydGFBdeFEEHD18FdAgRVzpiDhEmK2dAdS1FXxYoARMIDAQrGWYPEx80cRQpPDsFCw
54.192.99.67200 OK 1.2 kB URL HTTP/1.1 uthecrimorew.com/R29jNWUmDQBYWiZSARMQNQNeEFcBSlFzAXVZAlEXP1YABgt3AhIbBisAFlEDNQANQUspChcQVwEGNwQOPTk2XhYJA1NPAS0cFGNXLxgFYhYFNitFFQpfIgMvPVYIYg0eIS1kFR0uN148DzoqAiIvCxNtPQpWLWFVCDU0DQ8IKVNMAQAEW20xHV8FW1wUIjBBHCU9Nl0qFC4acQ8WBChfLwEhCQ1WCQMlTzUEWghtDygVKV8zISEkTVwPGDkCABAfEXRWd0pRdy8tCzt6D3NXBXQjKyUZQV0GODUBA3QMJ1YtKCEFdCMrPwpsVgU4JUYDBRw0b1YsXAFCSCMYBlJUfy40YFIINxR0Iw8HRgcjJS1SWTwAHxF0Hw4cL3EvJAwrRi8mGC1eAB9WDHRXFRwFYgkRPydGFBdeFEEHD18FdAgRVzpiDhEmK2dAdS1FXxYoARMIDAQrGWYPEx80cRQpPDsFCw
IP 54.192.99.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3051), with no line terminators
Hash e15dba5b167b4838e84f5579090890a2
a6e063fccfe44c3ad1b009fff21824d28a7e2485
5361aad136951f3d5c6e0edf0628ea19357aa5fb7bb629bceb88cd5e8c42c0a1
GET /R29jNWUmDQBYWiZSARMQNQNeEFcBSlFzAXVZAlEXP1YABgt3AhIbBisAFlEDNQANQUspChcQVwEGNwQOPTk2XhYJA1NPAS0cFGNXLxgFYhYFNitFFQpfIgMvPVYIYg0eIS1kFR0uN148DzoqAiIvCxNtPQpWLWFVCDU0DQ8IKVNMAQAEW20xHV8FW1wUIjBBHCU9Nl0qFC4acQ8WBChfLwEhCQ1WCQMlTzUEWghtDygVKV8zISEkTVwPGDkCABAfEXRWd0pRdy8tCzt6D3NXBXQjKyUZQV0GODUBA3QMJ1YtKCEFdCMrPwpsVgU4JUYDBRw0b1YsXAFCSCMYBlJUfy40YFIINxR0Iw8HRgcjJS1SWTwAHxF0Hw4cL3EvJAwrRi8mGC1eAB9WDHRXFRwFYgkRPydGFBdeFEEHD18FdAgRVzpiDhEmK2dAdS1FXxYoARMIDAQrGWYPEx80cRQpPDsFCw HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1201
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 9b9ff06545217fe747384bd8b8509aa4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: 2iX8LsrEA_x-zpLVXrgCN-rpwg4zlszPtdxnwifSe6K0m80PMtXGdw==
uthecrimorew.com/UzRUemsyVjcXVDIJNlweIVhpX1kVEWY8D2ECNR4ZKw03SQVjWSVUCD9bIR4NIVs6DkU9USBfWRVTAhctH2AQM1oXXQELLwB9HTZYFn82FgdnUAUKHBBOMxAzEG43PQI/dQRLACl7EgkmBQZkTjgXfjcfWSNRGg1TIFcGKxEXTTwCKmB1FTYSZ2QNEQh2BhIqLWMNDDkEO2IuSjMYcCQxJAJ6IDU9HUYQOTphYy4VJRhZPzsuFWY4HCk3XwEtJmRjLh0tGXAgOAhiemMzAAlOAUkfanU6EjkxWm0NCGJ6YzVaIAACSVIjdQYoLjZsLDEyFWIhHFgRTgFJRiARZjg5G3oHOQVjdw1KUmRuBh4ABmcjCj4HBBsYBWYEDjwtZVIVMAUGbCQKKhRtHDMBZmwZO18pVQU7OgZ8IE8jFG4cKgUWcHIQGDxaJEc6NkY9QhMnXQ5M
54.192.99.67200 OK 1.2 kB URL HTTP/1.1 uthecrimorew.com/UzRUemsyVjcXVDIJNlweIVhpX1kVEWY8D2ECNR4ZKw03SQVjWSVUCD9bIR4NIVs6DkU9USBfWRVTAhctH2AQM1oXXQELLwB9HTZYFn82FgdnUAUKHBBOMxAzEG43PQI/dQRLACl7EgkmBQZkTjgXfjcfWSNRGg1TIFcGKxEXTTwCKmB1FTYSZ2QNEQh2BhIqLWMNDDkEO2IuSjMYcCQxJAJ6IDU9HUYQOTphYy4VJRhZPzsuFWY4HCk3XwEtJmRjLh0tGXAgOAhiemMzAAlOAUkfanU6EjkxWm0NCGJ6YzVaIAACSVIjdQYoLjZsLDEyFWIhHFgRTgFJRiARZjg5G3oHOQVjdw1KUmRuBh4ABmcjCj4HBBsYBWYEDjwtZVIVMAUGbCQKKhRtHDMBZmwZO18pVQU7OgZ8IE8jFG4cKgUWcHIQGDxaJEc6NkY9QhMnXQ5M
IP 54.192.99.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3037), with no line terminators
Hash d2198a243165a96afaf2613744a39e8c
77162a011644a2fd7d5a9d8ced41afc5ce1ee4df
021d27bd68949a849a73a4ee0898573b6127f675a3ab5d7ec13354b00e3e2057
GET /UzRUemsyVjcXVDIJNlweIVhpX1kVEWY8D2ECNR4ZKw03SQVjWSVUCD9bIR4NIVs6DkU9USBfWRVTAhctH2AQM1oXXQELLwB9HTZYFn82FgdnUAUKHBBOMxAzEG43PQI/dQRLACl7EgkmBQZkTjgXfjcfWSNRGg1TIFcGKxEXTTwCKmB1FTYSZ2QNEQh2BhIqLWMNDDkEO2IuSjMYcCQxJAJ6IDU9HUYQOTphYy4VJRhZPzsuFWY4HCk3XwEtJmRjLh0tGXAgOAhiemMzAAlOAUkfanU6EjkxWm0NCGJ6YzVaIAACSVIjdQYoLjZsLDEyFWIhHFgRTgFJRiARZjg5G3oHOQVjdw1KUmRuBh4ABmcjCj4HBBsYBWYEDjwtZVIVMAUGbCQKKhRtHDMBZmwZO18pVQU7OgZ8IE8jFG4cKgUWcHIQGDxaJEc6NkY9QhMnXQ5M HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1191
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 e31ab4c27d99cec62ef37e2607db9b44.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: IUgBS-d_gUSiMqgsQUyb7PVb5sGfPJ8Ch1Bjwlw-XVXxs89STm2uKw==
uthecrimorew.com/dlBUc0gXMjcedxdtNlU9BDxpVnowdWY1LERmNRc6Dmk3QCZGPSVdKxo/IRcuBD86B2YYNSBWejA+AEMsDwIDGDs9EiMZHhwjITUmHgIwQHE0NhIxODoBEQIKDGliOjIvNB4ZATEzIwQmMioBSgQkPxslDDMEH0A4NQkjJj09AgJHHA8/JDYQHgk1IBEhGmUhfy8BDUIKHwJiMTEFHh8aDRQbIwQ6LwE3GB41GTswCwEWHQoSLjQtSn4XBR4UH0VpIjEbARgfCi8wHj8LcRIoIwscPmFnInsgGDJBAjQSZAtxEicBAApFPC4ley8iNR0eNQACSn8vO3k2ACIYZUAJMh4ZFQksFDAlMB40ZQcvIWNsFA4PCRc6DzwRFUI8U2ISFyM8YQM7cUQGZxcSPQNgMgE3aDMjeRJjGEB9RQJmBxIXBB4jLDd2PgAnGCBpIjsCOSEHfhM4HDQwMgUd
54.192.99.67200 OK 1.2 kB URL HTTP/1.1 uthecrimorew.com/dlBUc0gXMjcedxdtNlU9BDxpVnowdWY1LERmNRc6Dmk3QCZGPSVdKxo/IRcuBD86B2YYNSBWejA+AEMsDwIDGDs9EiMZHhwjITUmHgIwQHE0NhIxODoBEQIKDGliOjIvNB4ZATEzIwQmMioBSgQkPxslDDMEH0A4NQkjJj09AgJHHA8/JDYQHgk1IBEhGmUhfy8BDUIKHwJiMTEFHh8aDRQbIwQ6LwE3GB41GTswCwEWHQoSLjQtSn4XBR4UH0VpIjEbARgfCi8wHj8LcRIoIwscPmFnInsgGDJBAjQSZAtxEicBAApFPC4ley8iNR0eNQACSn8vO3k2ACIYZUAJMh4ZFQksFDAlMB40ZQcvIWNsFA4PCRc6DzwRFUI8U2ISFyM8YQM7cUQGZxcSPQNgMgE3aDMjeRJjGEB9RQJmBxIXBB4jLDd2PgAnGCBpIjsCOSEHfhM4HDQwMgUd
IP 54.192.99.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3048), with no line terminators
Hash de3ab88d00fefe13f4d8798951bf5ed0
0e9aaeff4ccb3b32ff7dd81797dd51ab8fa192eb
5b17a7b0d1fa4398893c92616666da2632aaadb1f9a669559d1b65fcba7490cf
GET /dlBUc0gXMjcedxdtNlU9BDxpVnowdWY1LERmNRc6Dmk3QCZGPSVdKxo/IRcuBD86B2YYNSBWejA+AEMsDwIDGDs9EiMZHhwjITUmHgIwQHE0NhIxODoBEQIKDGliOjIvNB4ZATEzIwQmMioBSgQkPxslDDMEH0A4NQkjJj09AgJHHA8/JDYQHgk1IBEhGmUhfy8BDUIKHwJiMTEFHh8aDRQbIwQ6LwE3GB41GTswCwEWHQoSLjQtSn4XBR4UH0VpIjEbARgfCi8wHj8LcRIoIwscPmFnInsgGDJBAjQSZAtxEicBAApFPC4ley8iNR0eNQACSn8vO3k2ACIYZUAJMh4ZFQksFDAlMB40ZQcvIWNsFA4PCRc6DzwRFUI8U2ISFyM8YQM7cUQGZxcSPQNgMgE3aDMjeRJjGEB9RQJmBxIXBB4jLDd2PgAnGCBpIjsCOSEHfhM4HDQwMgUd HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1198
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 e9eeb72bccacc26d81e7bd02c27d126a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: slxDwAfma4Tj0djE4SG99OpKeTYJqNo9ngzKZZZNFAgp9X16o3aRIA==
uthecrimorew.com/VnVrZEU3FwgJejdICUIwJBlWQXcQUFkiIWRDCgA3LkwIVytmGBpKJjoaHgAjJBoFEGs4EB9BdxA3CSIpYi8uLRUYHTInIwQSHCwDOkM9M3wcLTMUDhsCGCgJFA0AKBcTJyMDKhs7PwcLETQcJR8UEgEsAzoMOA4QDDYCMhcwDVsvDAAzBDwiAxgvCRcbJAEHCww3PigKFyBaIgQAGzMMfBgmBS4PN0UDKQsHIFgsBCVEI1c9HSMoExwwMBsxJmcNWDcAEA0nCj0dIy8xAxhFXjUfZ00JPBMMDC0jfBskMyEwMDAbMQgUBVM3PAAPMyM9ASMsEA83RUYDARwCUx0DZjMcLygiPD08DzUULgwTDEReFA0xRRwnEW4tIyMhMz1bCBAyRSEUHT4zTlYDDiRNDjY5GxtZECMmGTcxBwAKJTEy
54.192.99.67200 OK 1.2 kB URL HTTP/1.1 uthecrimorew.com/VnVrZEU3FwgJejdICUIwJBlWQXcQUFkiIWRDCgA3LkwIVytmGBpKJjoaHgAjJBoFEGs4EB9BdxA3CSIpYi8uLRUYHTInIwQSHCwDOkM9M3wcLTMUDhsCGCgJFA0AKBcTJyMDKhs7PwcLETQcJR8UEgEsAzoMOA4QDDYCMhcwDVsvDAAzBDwiAxgvCRcbJAEHCww3PigKFyBaIgQAGzMMfBgmBS4PN0UDKQsHIFgsBCVEI1c9HSMoExwwMBsxJmcNWDcAEA0nCj0dIy8xAxhFXjUfZ00JPBMMDC0jfBskMyEwMDAbMQgUBVM3PAAPMyM9ASMsEA83RUYDARwCUx0DZjMcLygiPD08DzUULgwTDEReFA0xRRwnEW4tIyMhMz1bCBAyRSEUHT4zTlYDDiRNDjY5GxtZECMmGTcxBwAKJTEy
IP 54.192.99.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3021), with no line terminators
Hash e9045445fccea75e8340fe4e46ee4e15
3e37cac49d37f5e649f2060b2410c1e6ac45e403
749ea145df7a1b92c963ba062a73f33943071d77bce54dfcbbccca864fad977b
GET /VnVrZEU3FwgJejdICUIwJBlWQXcQUFkiIWRDCgA3LkwIVytmGBpKJjoaHgAjJBoFEGs4EB9BdxA3CSIpYi8uLRUYHTInIwQSHCwDOkM9M3wcLTMUDhsCGCgJFA0AKBcTJyMDKhs7PwcLETQcJR8UEgEsAzoMOA4QDDYCMhcwDVsvDAAzBDwiAxgvCRcbJAEHCww3PigKFyBaIgQAGzMMfBgmBS4PN0UDKQsHIFgsBCVEI1c9HSMoExwwMBsxJmcNWDcAEA0nCj0dIy8xAxhFXjUfZ00JPBMMDC0jfBskMyEwMDAbMQgUBVM3PAAPMyM9ASMsEA83RUYDARwCUx0DZjMcLygiPD08DzUULgwTDEReFA0xRRwnEW4tIyMhMz1bCBAyRSEUHT4zTlYDDiRNDjY5GxtZECMmGTcxBwAKJTEy HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1176
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 fc6bcc0c05113295fc38d1c274344ae4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: Ae-ALUqPXTwj4_rKO9s7tR3FgG4pJBINHksnyMcXMlfoN14J3EXBSQ==
thethesmahat.com/OTFRZGYWDjIXW2tdCz0/Q1VjPiFVYBBXJFNTBz02XwMXFzNeYHcQD10MaV1QCAhpQhZQVWxVXh9CJQUSTEJsVUBQXzcLWx9HbFVICR9jSlQfRGxVQE1BMANbCBchEBJVDGBSUQkFY1dSDQloV1A
104.21.34.106204 No Content 0 B URL HTTP/2 thethesmahat.com/OTFRZGYWDjIXW2tdCz0/Q1VjPiFVYBBXJFNTBz02XwMXFzNeYHcQD10MaV1QCAhpQhZQVWxVXh9CJQUSTEJsVUBQXzcLWx9HbFVICR9jSlQfRGxVQE1BMANbCBchEBJVDGBSUQkFY1dSDQloV1A
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OTFRZGYWDjIXW2tdCz0/Q1VjPiFVYBBXJFNTBz02XwMXFzNeYHcQD10MaV1QCAhpQhZQVWxVXh9CJQUSTEJsVUBQXzcLWx9HbFVICR9jSlQfRGxVQE1BMANbCBchEBJVDGBSUQkFY1dSDQloV1A HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ok%2FwBaKE4S3Fq1UCOoYPTgYjpci%2BMf404rOeqY72%2FAVAS9LeYvVByeBR0oRYOo8p%2BXmVggKemwh7nO3mr7XhsGvECpjOCxcEs3opFFhu73PL6Xf%2BGn9lB2xb5ah4l9qEIh6f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61ec85f0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thethesmahat.com/U2Y5QnB8WVoxTQIwSRojFjAMIycdUFosPic/YSpBMDEANBZgNx82GTdbAHBCYVMKZAA6AgRzViASWDYFIFsIZBk9AFZ/ViVbCGxDZ0gKc15iQEx/QXUSSSMXblcfMgQnCgRzRmRWDXBDZ1IBe0Jl
104.21.34.106204 No Content 0 B URL HTTP/2 thethesmahat.com/U2Y5QnB8WVoxTQIwSRojFjAMIycdUFosPic/YSpBMDEANBZgNx82GTdbAHBCYVMKZAA6AgRzViASWDYFIFsIZBk9AFZ/ViVbCGxDZ0gKc15iQEx/QXUSSSMXblcfMgQnCgRzRmRWDXBDZ1IBe0Jl
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /U2Y5QnB8WVoxTQIwSRojFjAMIycdUFosPic/YSpBMDEANBZgNx82GTdbAHBCYVMKZAA6AgRzViASWDYFIFsIZBk9AFZ/ViVbCGxDZ0gKc15iQEx/QXUSSSMXblcfMgQnCgRzRmRWDXBDZ1IBe0Jl HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tn%2BsNlyUNJT8Hw5NmLlU4N7z8UNirHwzhtg5lPNwuDx0uV1AMfKTh38ylb79%2FlZG%2FggColR20vPL6ydW7bkl0KvYkyFC1klf%2FzyfZfFNjc%2FwRYPtXumDJR4eRjGX4sD6Ooy7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61ec8600b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thethesmahat.com/TWFTS1BiXjA4bRoPFSodfAU6GT0AIwomJAwDAg04LFE7PxEKKHU/OSlca3NoflhrbSAkBW56dj4VMj8lPlxibTkjBzx2djtcYmVjeU9gen58RyZ2YWsVIyo3cFB1OyQ5DW56ZnpRZ3ljeVVrc2l/
104.21.34.106204 No Content 0 B URL HTTP/2 thethesmahat.com/TWFTS1BiXjA4bRoPFSodfAU6GT0AIwomJAwDAg04LFE7PxEKKHU/OSlca3NoflhrbSAkBW56dj4VMj8lPlxibTkjBzx2djtcYmVjeU9gen58RyZ2YWsVIyo3cFB1OyQ5DW56ZnpRZ3ljeVVrc2l/
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TWFTS1BiXjA4bRoPFSodfAU6GT0AIwomJAwDAg04LFE7PxEKKHU/OSlca3NoflhrbSAkBW56dj4VMj8lPlxibTkjBzx2djtcYmVjeU9gen58RyZ2YWsVIyo3cFB1OyQ5DW56ZnpRZ3ljeVVrc2l/ HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1EYg3oi8E%2FxyYMQdzjEoXadqkZ%2BQg6LqRtRLDv4UWqQVOqQ1zdvrOzbKMR6T3XUE4qjtGrOp2fx6DMHBUg72uDBSUEW9OgFiJsW6IZJiLbY048W6rR%2BN3Q%2BF%2BRq5DO9Sny9c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61ec85d0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thethesmahat.com/SE9hUzdncAIgCi0HKxl6H3oqAARwDTk4dQ4qFgVSGyQRZ3QeLEcnXixyWWsPe3ZYdUchK1xgBW48FTJDPTxcYhEhIQc8Cm45XGMZcGFQZhl4aRRuBm47ETJQdX5HI0M8I1xiAX9/VWEEfHtZagJ4
104.21.34.106204 No Content 0 B URL HTTP/2 thethesmahat.com/SE9hUzdncAIgCi0HKxl6H3oqAARwDTk4dQ4qFgVSGyQRZ3QeLEcnXixyWWsPe3ZYdUchK1xgBW48FTJDPTxcYhEhIQc8Cm45XGMZcGFQZhl4aRRuBm47ETJQdX5HI0M8I1xiAX9/VWEEfHtZagJ4
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /SE9hUzdncAIgCi0HKxl6H3oqAARwDTk4dQ4qFgVSGyQRZ3QeLEcnXixyWWsPe3ZYdUchK1xgBW48FTJDPTxcYhEhIQc8Cm45XGMZcGFQZhl4aRRuBm47ETJQdX5HI0M8I1xiAX9/VWEEfHtZagJ4 HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VLEEJ62eP40%2F10WsjCEDILJSnbld9F0QTTFLWQwBr5zbvXf1Dl1XuhaBEH4NBpjykcKn%2Bl4LvZymhtnvn6hABpCPOS6rWGi%2Fwla6szxLAvRZ23SVJajLlpFZYlD0j0SBqhCQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61ec8660b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thethesmahat.com/OUJuRzMWfQ00DmwoIHdpCQQJBFhzGg0QXHwQAglLYAMaAWsKJUgzWl1/Vn8LCntXYUNQJlN0AR8xGiZHTDFTdQMJdUguXV8tU3UVT39eaQsXc1tpAx83U3YVTTIPIA4IZB4zR1V/X3EECXZcdAcNeldyAQ
104.21.34.106204 No Content 0 B URL HTTP/2 thethesmahat.com/OUJuRzMWfQ00DmwoIHdpCQQJBFhzGg0QXHwQAglLYAMaAWsKJUgzWl1/Vn8LCntXYUNQJlN0AR8xGiZHTDFTdQMJdUguXV8tU3UVT39eaQsXc1tpAx83U3YVTTIPIA4IZB4zR1V/X3EECXZcdAcNeldyAQ
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OUJuRzMWfQ00DmwoIHdpCQQJBFhzGg0QXHwQAglLYAMaAWsKJUgzWl1/Vn8LCntXYUNQJlN0AR8xGiZHTDFTdQMJdUguXV8tU3UVT39eaQsXc1tpAx83U3YVTTIPIA4IZB4zR1V/X3EECXZcdAcNeldyAQ HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZnAr9qSPQ5b%2F0H9RGfzdJZiKJ%2BIgnDso06FL2fB018MffZbURmgtZ2WPOd06fOTPty80oUuQOEvLr1Wc0bbrb%2BhsIe5dMaVheeUnEXUlbJpPi%2B5YVtEbQJZ%2FNd%2Bu1MEYbIgV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61ec8680b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thethesmahat.com/NnMxQ00ZTFIwcFUmWXUaXTl3JSYHAFJzBw8iAy83ZCtBCCx+Ohc3JFJOCXt0AUUHZT1fFwxya0UHUDc4RU4AZSRYFV5+a0BOAG1+Al0CcmMHVUR+fBAHQSIqC0IXMzlCHwxyewFDBXF+AkcJenwD
104.21.34.106204 No Content 0 B URL HTTP/2 thethesmahat.com/NnMxQ00ZTFIwcFUmWXUaXTl3JSYHAFJzBw8iAy83ZCtBCCx+Ohc3JFJOCXt0AUUHZT1fFwxya0UHUDc4RU4AZSRYFV5+a0BOAG1+Al0CcmMHVUR+fBAHQSIqC0IXMzlCHwxyewFDBXF+AkcJenwD
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NnMxQ00ZTFIwcFUmWXUaXTl3JSYHAFJzBw8iAy83ZCtBCCx+Ohc3JFJOCXt0AUUHZT1fFwxya0UHUDc4RU4AZSRYFV5+a0BOAG1+Al0CcmMHVUR+fBAHQSIqC0IXMzlCHwxyewFDBXF+AkcJenwD HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nompGxY9Ou2Fo2%2BZ9qgR5auVZgHt%2FdYshxQ41rkKR0BDRnySHvwN9rXXP9wyx9SuxeX136yoFedmO8rEI%2B5%2BL0zjpbxVJ7NLhr1T2%2BT3HFlWvWJc0Bjgt4anRMnLGguFuCU1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61ec8630b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/cdctuLrpNyc
IP 216.58.211.3:0
Hash a05d0c0d61ac3553a34ce8b44a9644a0
cfd06b7f326ba30aca89acd7d3b9013de12c3fc6
b6a962702e5478402a58933c6ecb6ee3f01c7ce2fbb50bd0b5ecb53b50610c5e
POST /s/gts1p5/cdctuLrpNyc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 14:07:58 GMT
age: 1371
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
file-upload.site/page.js
66.29.132.14200 OK 193 B IP 66.29.132.14:0
File type ASCII text, with no line terminators
Hash 391f261aab9787c46e979046b0e25a65
3f2eec09b02e10bff81bf689d9a380b137f87244
bf2dbac3a4aab3d31cc8e6b3e84a14203add0d903a5611f10025d7cfe158801a
GET /page.js HTTP/1.1
Host: file-upload.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 14 Dec 2022 14:30:49 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 17:24:41 GMT
accept-ranges: bytes
content-length: 193
date: Wed, 07 Dec 2022 14:30:49 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
d26adrx9c3n0mq.cloudfront.net/iT1kzVUksNl0zdjswV2hwfWsBYHppM0A6Jz9kWhYNNQpZATkYHUI7GhdpXXM9NT0OZW8jOF0ydGk8XTZ0fn9SMStybRUhOSAyDjQkKjJFNj83NlFzPC5kXjozJjVfNGx9HwZ7eWprA30+JjdXOj48fAFlJzt8AWV4f3cDcHoNfAFlPiY3BWFsfBsWZ3k3bw-dweg18AWU7OXwAFHh/bB1lYGprAzIsLDJccHsJawNkeX9oA2RsfWlVPDsqP1wtbH0fAmV8YWkVIHR+
54.230.245.209200 OK 492 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/iT1kzVUksNl0zdjswV2hwfWsBYHppM0A6Jz9kWhYNNQpZATkYHUI7GhdpXXM9NT0OZW8jOF0ydGk8XTZ0fn9SMStybRUhOSAyDjQkKjJFNj83NlFzPC5kXjozJjVfNGx9HwZ7eWprA30+JjdXOj48fAFlJzt8AWV4f3cDcHoNfAFlPiY3BWFsfBsWZ3k3bw-dweg18AWU7OXwAFHh/bB1lYGprAzIsLDJccHsJawNkeX9oA2RsfWlVPDsqP1wtbH0fAmV8YWkVIHR+
IP 54.230.245.209:0
File type ASCII text, with very long lines (668), with no line terminators
Hash edee6854596d1ae3a2424697aa084306
9421177a735cf1e98d677e05c9427e756b7a76d9
d7f832f6479e3dd0682ff09db3ba2731ce12d52db7e2a79366a8e77597c233a6
GET /iT1kzVUksNl0zdjswV2hwfWsBYHppM0A6Jz9kWhYNNQpZATkYHUI7GhdpXXM9NT0OZW8jOF0ydGk8XTZ0fn9SMStybRUhOSAyDjQkKjJFNj83NlFzPC5kXjozJjVfNGx9HwZ7eWprA30+JjdXOj48fAFlJzt8AWV4f3cDcHoNfAFlPiY3BWFsfBsWZ3k3bw-dweg18AWU7OXwAFHh/bB1lYGprAzIsLDJccHsJawNkeX9oA2RsfWlVPDsqP1wtbH0fAmV8YWkVIHR+ HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uthecrimorew.com/
HTTP/1.1 200 OK
Content-Length: 492
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ei9BkL0IJTtliE8B937aToBQF_dcCMZpC8tch9kbKOwlFxK9t5URPw==
d26adrx9c3n0mq.cloudfront.net/SbURyeWQOKxwfWxktFkRcVX1FT1JLLgEWCh15PgwgG3M8Fh4XYgYDAFB0VBUFAyNPXwEDJ09IQgwgEERQSzACFg9QJR8cDxsnBAELD2IHGFkAKwgQCAElV0siWGpCXFZdbAUQCgkrBQpBX3QcDUFfdENJSl1hQTtBX3QFEApbcFdKJkh2QgFSWWFBO0FfdA-APQV4FQ0lRQ3RbXFZdIxcaDwJhQD9WXXVCSVVddVdLVAstABwCAjxXSyJcdEdXVEsxT0g
54.230.245.209200 OK 624 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/SbURyeWQOKxwfWxktFkRcVX1FT1JLLgEWCh15PgwgG3M8Fh4XYgYDAFB0VBUFAyNPXwEDJ09IQgwgEERQSzACFg9QJR8cDxsnBAELD2IHGFkAKwgQCAElV0siWGpCXFZdbAUQCgkrBQpBX3QcDUFfdENJSl1hQTtBX3QFEApbcFdKJkh2QgFSWWFBO0FfdA-APQV4FQ0lRQ3RbXFZdIxcaDwJhQD9WXXVCSVVddVdLVAstABwCAjxXSyJcdEdXVEsxT0g
IP 54.230.245.209:0
File type ASCII text, with very long lines (861), with no line terminators
Hash 901b451295ddcfbc78b3a3a43b85fa06
a06cf514feca7363e64465a41c6df98b4f99c8a1
24899425eb02eb55b6be1a2948a1855b878ee0ec698da16635c9cf8e11d968d8
GET /SbURyeWQOKxwfWxktFkRcVX1FT1JLLgEWCh15PgwgG3M8Fh4XYgYDAFB0VBUFAyNPXwEDJ09IQgwgEERQSzACFg9QJR8cDxsnBAELD2IHGFkAKwgQCAElV0siWGpCXFZdbAUQCgkrBQpBX3QcDUFfdENJSl1hQTtBX3QFEApbcFdKJkh2QgFSWWFBO0FfdA-APQV4FQ0lRQ3RbXFZdIxcaDwJhQD9WXXVCSVVddVdLVAstABwCAjxXSyJcdEdXVEsxT0g HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uthecrimorew.com/
HTTP/1.1 200 OK
Content-Length: 624
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IMVTIfgSpF1_KeflWdyDaDAERCao_b3nRxGO9AuNdsnl2_rTGWGS2A==
d26adrx9c3n0mq.cloudfront.net/gVmFLTDI1DiUqDSIIL3EKbll4dQpwCzgjXCZcGilAP1kzOFsMV204SDJce2peNw8scRQzDyhxA3AALy4PYkc/PF09XCohVz0XKDpKOQNtOVNrDCQ2WzoNKmkAEFRlfBdkUWM7WzgFJDtBc1N7IkZzU3t9AnhRbn9wc1N7O1s4V39pARREeXxKYFVuf3BzU3-s+RHNSCn0CY097ZRdkUSwpUT0Obn50ZFF6fAJnUXppAGYHIj5XMA4zaQAQUHt5HGZHPnED
54.230.245.209200 OK 605 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/gVmFLTDI1DiUqDSIIL3EKbll4dQpwCzgjXCZcGilAP1kzOFsMV204SDJce2peNw8scRQzDyhxA3AALy4PYkc/PF09XCohVz0XKDpKOQNtOVNrDCQ2WzoNKmkAEFRlfBdkUWM7WzgFJDtBc1N7IkZzU3t9AnhRbn9wc1N7O1s4V39pARREeXxKYFVuf3BzU3-s+RHNSCn0CY097ZRdkUSwpUT0Obn50ZFF6fAJnUXppAGYHIj5XMA4zaQAQUHt5HGZHPnED
IP 54.230.245.209:0
File type ASCII text, with very long lines (858), with no line terminators
Hash b22191e651c2aa358f26f151dc88f749
062558d8416600649a0b2d49e221ac5a7b4aa3ae
f9eeeb8e46ca4e27f4fc5782eca34a0b425cc552d029298708b345b56ef95016
GET /gVmFLTDI1DiUqDSIIL3EKbll4dQpwCzgjXCZcGilAP1kzOFsMV204SDJce2peNw8scRQzDyhxA3AALy4PYkc/PF09XCohVz0XKDpKOQNtOVNrDCQ2WzoNKmkAEFRlfBdkUWM7WzgFJDtBc1N7IkZzU3t9AnhRbn9wc1N7O1s4V39pARREeXxKYFVuf3BzU3-s+RHNSCn0CY097ZRdkUSwpUT0Obn50ZFF6fAJnUXppAGYHIj5XMA4zaQAQUHt5HGZHPnED HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uthecrimorew.com/
HTTP/1.1 200 OK
Content-Length: 605
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: k58gGM4lskC8H0Jjmh0uUkbNkJXuds8VI7xVliTK2mAG2p83_aEU1Q==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1109
Cache-Control: max-age=154470
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:49 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 09:25:19 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
d26adrx9c3n0mq.cloudfront.net/nT0dyRWksKBwjVjsuFnhRd39BfFBpLQEqBz96IzYdJjIGcwwnDzU9LRoOVDETK3pCYwUuKRV4TyopEXhYaSYWJ1R7YQY1BiR6BysNKiEbKwwrYQckVCIoCCwFIyZXdy96aUJgW39vBSwHKygFNkx9dxwxTH13Q3VHf2JBB0x9dwUsB3lzV3YranVCPV97Yk-EHTH13ADNMfAZDdVxhd1tgW38gFyYCIGJAA1t/dkJ1WH92V3dZKS4AIA8gP1d3L353R2tZaTJPdA
54.230.245.209200 OK 359 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/nT0dyRWksKBwjVjsuFnhRd39BfFBpLQEqBz96IzYdJjIGcwwnDzU9LRoOVDETK3pCYwUuKRV4TyopEXhYaSYWJ1R7YQY1BiR6BysNKiEbKwwrYQckVCIoCCwFIyZXdy96aUJgW39vBSwHKygFNkx9dxwxTH13Q3VHf2JBB0x9dwUsB3lzV3YranVCPV97Yk-EHTH13ADNMfAZDdVxhd1tgW38gFyYCIGJAA1t/dkJ1WH92V3dZKS4AIA8gP1d3L353R2tZaTJPdA
IP 54.230.245.209:0
File type ASCII text, with very long lines (459), with no line terminators
Hash 9854c87c154d1ceebd44530cb03de402
1ca82de07dce0358b08d48628bd1942ed8611614
480934157e5ae3ed99d37fd62129997899f41a2fd05fb86c37c1ee3f46e32d7d
GET /nT0dyRWksKBwjVjsuFnhRd39BfFBpLQEqBz96IzYdJjIGcwwnDzU9LRoOVDETK3pCYwUuKRV4TyopEXhYaSYWJ1R7YQY1BiR6BysNKiEbKwwrYQckVCIoCCwFIyZXdy96aUJgW39vBSwHKygFNkx9dxwxTH13Q3VHf2JBB0x9dwUsB3lzV3YranVCPV97Yk-EHTH13ADNMfAZDdVxhd1tgW38gFyYCIGJAA1t/dkJ1WH92V3dZKS4AIA8gP1d3L353R2tZaTJPdA HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uthecrimorew.com/
HTTP/1.1 200 OK
Content-Length: 359
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: j3L9NLenY9za2IWvAwc3owSESIufCPkOANbSFS1DesCj3jkhD8oD3g==
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 436c14b3133d071dae2c86eb6719428f
750cc44f683530d4b8ac4e98c9cb900284b3e9d6
b5242f4a30b681bfdda0521fa12177c18d183116e8982a274c414b626b9131c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4928
Cache-Control: max-age=103925
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:49 GMT
Etag: "638f834e-118"
Expires: Thu, 08 Dec 2022 19:22:54 GMT
Last-Modified: Tue, 06 Dec 2022 18:00:46 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
d26adrx9c3n0mq.cloudfront.net/BbFl4ZEIPNhYCfRgwHFl6VW9JXXpKMwsLLBxkLRERHgoMNTcNGAwAZBgjHFlySjUZCiVRfx0KIVFoXgUmDmRMQjcNZBULOAU1FAVnXh9NSnJJa0hMNQU3HAs1H3xKVCwYfEpUc1x3SEFxLnxKVDUFN05QZ18bXVZyFG9MQXEufEpUMBp8SyVzXGxWVGtJa0-gDJw8yF0FwKmtIVXJcaEhVZ15pHg0wCT8XHGdeH0lUd0JpXhF/XQ
54.230.245.209200 OK 184 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/BbFl4ZEIPNhYCfRgwHFl6VW9JXXpKMwsLLBxkLRERHgoMNTcNGAwAZBgjHFlySjUZCiVRfx0KIVFoXgUmDmRMQjcNZBULOAU1FAVnXh9NSnJJa0hMNQU3HAs1H3xKVCwYfEpUc1x3SEFxLnxKVDUFN05QZ18bXVZyFG9MQXEufEpUMBp8SyVzXGxWVGtJa0-gDJw8yF0FwKmtIVXJcaEhVZ15pHg0wCT8XHGdeH0lUd0JpXhF/XQ
IP 54.230.245.209:0
File type ASCII text, with no line terminators
Hash daeb52560d340a75e7a586e830a5effb
31335d9a81aac96c0bf90d323bd79fa0eb016aa8
b2cb7a5229289769030226ed29cc9a7e0cc60f4a6ee4cfd617283fab5bd67497
GET /BbFl4ZEIPNhYCfRgwHFl6VW9JXXpKMwsLLBxkLRERHgoMNTcNGAwAZBgjHFlySjUZCiVRfx0KIVFoXgUmDmRMQjcNZBULOAU1FAVnXh9NSnJJa0hMNQU3HAs1H3xKVCwYfEpUc1x3SEFxLnxKVDUFN05QZ18bXVZyFG9MQXEufEpUMBp8SyVzXGxWVGtJa0-gDJw8yF0FwKmtIVXJcaEhVZ15pHg0wCT8XHGdeH0lUd0JpXhF/XQ HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://uthecrimorew.com/
HTTP/1.1 200 OK
Content-Length: 184
Connection: keep-alive
Date: Wed, 07 Dec 2022 14:30:49 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FBgddBocx6RGd6iXaHssCowrjR0AUUVvsY2Hs5CGmGikg2Ln0McjFg==
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 436c14b3133d071dae2c86eb6719428f
750cc44f683530d4b8ac4e98c9cb900284b3e9d6
b5242f4a30b681bfdda0521fa12177c18d183116e8982a274c414b626b9131c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4928
Cache-Control: max-age=103925
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:49 GMT
Etag: "638f834e-118"
Expires: Thu, 08 Dec 2022 19:22:54 GMT
Last-Modified: Tue, 06 Dec 2022 18:00:46 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
thethesmahat.com/popunder.gif
104.21.34.106301 Moved Permanently 0 B URL HTTP/1.1 thethesmahat.com/popunder.gif
IP 104.21.34.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: thethesmahat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Dec 2022 14:30:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 07 Dec 2022 15:30:49 GMT
Location: https://thethesmahat.com/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QQN87KPQYa%2BbyjeC8qt6FZr1b0nHM%2BuLWuqo%2FaxpqjVH7ntN47QG9ToT5ka4jTWBtiV9wdPeYfntK%2FsGJx4WJxFYOx23lAwhvJgBCC%2F0jlGlABEG13vs1ULFY%2FEBOfaDb%2Bte"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775df621ea6c0af6-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b4d9ed63777f5cf6b642ff91093c9b02
dc2e129d5eef9be77dc7c024fa031940c63af11d
9b05d7b876f82fe34f71b5cd0222290de8760ff0ec532d820c5e61145a283936
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B05D7B876F82FE34F71B5CD0222290DE8760FF0EC532D820C5E61145A283936"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=316
Expires: Wed, 07 Dec 2022 14:36:05 GMT
Date: Wed, 07 Dec 2022 14:30:49 GMT
Connection: keep-alive
push.services.mozilla.com/
44.240.159.184101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.159.184:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RNxibc6ZsTkWpk8mvRiMGA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: COf6hT2cVcZ6Jr7dv5faBdUJvrY=
outbursttones.com/01/10/5f/01105f188a1c32226733edcb09dd3870.js
192.243.59.20200 OK 21 kB URL HTTP/1.1 outbursttones.com/01/10/5f/01105f188a1c32226733edcb09dd3870.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60168), with no line terminators
Hash 6ed3ccab322e8f85276ce67d8f00b1ed
65ab0891a4058e5afd57e932e704d2a97ec9a332
b4097683961b26f961151ab254f193f487c2bc5d419e88ca7a37e9cbe7cc5f6c
Analyzer Verdict Alert quad9 Sinkholed
GET /01/10/5f/01105f188a1c32226733edcb09dd3870.js HTTP/1.1
Host: outbursttones.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 07 Dec 2022 14:30:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 10c7a5a0b68d0a0edd8de4eba8e37679
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b22490b02628e79842aa551994331a2e
238870b8a3e6ef3b6a761154e3abee386643597c
ef2e0268a5ed0ca7d64dfc1baa3d56d55f4062e4d84972bc9423fe56df585673
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF2E0268A5ED0CA7D64DFC1BAA3D56D55F4062E4D84972BC9423FE56DF585673"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16280
Expires: Wed, 07 Dec 2022 19:02:10 GMT
Date: Wed, 07 Dec 2022 14:30:50 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=2287533aea78431e869d3543d49ffe49
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=2287533aea78431e869d3543d49ffe49
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fa8cb28d84e6fdf9fc0f5bf2af76b478
5ab1979d6757792010a31fff477a56651af8db5d
4a59e7c539510df4ab0d2c39f723a071baf36c72cd3441bf71e14d4b13e66015
GET /gid.js?userId=2287533aea78431e869d3543d49ffe49 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 14:30:50 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://www.file-upload.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2287533aea78431e869d3543d49ffe49; expires=Thu, 07 Dec 2023 14:30:50 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f1f198f54903d0f0f8d6f4f6c296adc4
6fb599d9acf45c677393b0bff573b29c1e88111d
1d8d09e01b8a0ce6f08446db14de8f08d3a441cebfb5d4e0cb937a46046fcc5c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D8D09E01B8A0CE6F08446DB14DE8F08D3A441CEBFB5D4E0CB937A46046FCC5C"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15488
Expires: Wed, 07 Dec 2022 18:48:58 GMT
Date: Wed, 07 Dec 2022 14:30:50 GMT
Connection: keep-alive
onmarshtompor.com/?rb=MZAhylu3XKoG8Bw-RXQPs9KM2d--KEpVJttJz4H7pn2AlZ6tFc-nDYzjCUQAuK6pG0AuVQeslXIjgnHO_J96ULUN_dUB9GXUVejZ6ZDWGGKuLYU1lU6nwFg8p9YR7rtDxCJTErGzviSasF_o2CfZmmkOVfWBRwSGFd2QwjpSDVhdV3aywa7pJxp_23klabeVl_8mnFmp-qjb8naQF8OXZQRUyMHyWDSdp-QbTtl7Y39Fu__SBlVk5A%3D%3D&request_ab2=96001&zoneid=5003260&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.458.0&bs=0561ad13-d539-4e24-bf1f-1ca8b97debaa&userId=2287533aea78431e869d3543d49ffe49&m=link
139.45.197.243200 OK 1.4 kB URL HTTP/1.1 onmarshtompor.com/?rb=MZAhylu3XKoG8Bw-RXQPs9KM2d--KEpVJttJz4H7pn2AlZ6tFc-nDYzjCUQAuK6pG0AuVQeslXIjgnHO_J96ULUN_dUB9GXUVejZ6ZDWGGKuLYU1lU6nwFg8p9YR7rtDxCJTErGzviSasF_o2CfZmmkOVfWBRwSGFd2QwjpSDVhdV3aywa7pJxp_23klabeVl_8mnFmp-qjb8naQF8OXZQRUyMHyWDSdp-QbTtl7Y39Fu__SBlVk5A%3D%3D&request_ab2=96001&zoneid=5003260&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.458.0&bs=0561ad13-d539-4e24-bf1f-1ca8b97debaa&userId=2287533aea78431e869d3543d49ffe49&m=link
IP 139.45.197.243:0
File type JSON data\012- , ASCII text, with very long lines (1700), with no line terminators
Hash 0dda9f62e508c8c7d6fcbfc233aac385
772144f942732121c74f8cf1c0b4cbb1276e92da
0683bef67619fef680f98b7f5bcf0c1d6302ec091af9b0030259848bbe762bc8
GET /?rb=MZAhylu3XKoG8Bw-RXQPs9KM2d--KEpVJttJz4H7pn2AlZ6tFc-nDYzjCUQAuK6pG0AuVQeslXIjgnHO_J96ULUN_dUB9GXUVejZ6ZDWGGKuLYU1lU6nwFg8p9YR7rtDxCJTErGzviSasF_o2CfZmmkOVfWBRwSGFd2QwjpSDVhdV3aywa7pJxp_23klabeVl_8mnFmp-qjb8naQF8OXZQRUyMHyWDSdp-QbTtl7Y39Fu__SBlVk5A%3D%3D&request_ab2=96001&zoneid=5003260&js_build=iclick-v1.458.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.458.0&bs=0561ad13-d539-4e24-bf1f-1ca8b97debaa&userId=2287533aea78431e869d3543d49ffe49&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 14:30:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: b9dfc270266309e40d29d5faf39df356
Access-Control-Allow-Origin: http://www.file-upload.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=2287533aea78431e869d3543d49ffe49; expires=Thu, 07 Dec 2023 14:30:50 GMT; path=/
oaidts=1670423450; expires=Thu, 07 Dec 2023 14:30:50 GMT; path=/
syncedCookie=true; expires=Wed, 14 Dec 2022 14:30:50 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash f93fe0c44e63867b7f8553c1ca73460e
e664d98cd9803e5f179af596d8a2f50d79fc92b0
dbb9ed743e3bf5d61dd66e676c81d5e2a43c8287d61ef34d90b6c7790ca6106e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 14:30:50 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 01:33:16 GMT
Expires: Tue, 13 Dec 2022 01:33:15 GMT
Etag: "e664d98cd9803e5f179af596d8a2f50d79fc92b0"
Cache-Control: max-age=471144,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 775df6247ca4b51e-OSL
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
37.48.68.71200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 904
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 07 Dec 2022 14:30:50 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://www.file-upload.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c6e417896e533914bd9baf1b58cc8465
e4d2f1b78f9ebd1ecb7b7ac827a399dfdffea455
21b0ea689a73d8b75ca7b6e26e887bd0cbf4ac6f1477ca3b0cdb528287f86c68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4237
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:50 GMT
Last-Modified: Wed, 07 Dec 2022 13:20:13 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 82cd1ce897294f8b6283690009066d4d
239c6d29c3574a2b4d591729f0ec5691875f1649
9141e07fa8daf3d95d50d43ad596b80e671693a4dd268f39cc83456cd07e93af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 82cd1ce897294f8b6283690009066d4d
239c6d29c3574a2b4d591729f0ec5691875f1649
9141e07fa8daf3d95d50d43ad596b80e671693a4dd268f39cc83456cd07e93af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 1c4a11696c7dd2e72ae859888a5e97fe
4f6064d569f7c7b97c951afd3c28236d034b0599
0135a8d394cb5a5b612647b907bb26ef4bcaa9ca22ba0256e35668d6fcfc52a9
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 14:30:50 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1727004793%3A1670423450488634&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsG6Or9UP76mwATu78g75HRvwuUP2scGGXobj_T1a2rixymUa7Q-nlwyHbdv3_YAVOslJyxkg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-wmn5hzStYLpq5eUUvgrtnA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:X2LeMfG5XPtnDz8zcYV4AjcWSy6eSQ:_m7g6Ht6lZfi8RNn;Path=/;Expires=Fri, 06-Dec-2024 14:30:50 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 399 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 4bcbc0a52e6f2eeb05b46e6d8b76b2f9
45f33e9c30faff585d572f49ad22558ba15542de
63d09f12d98c76a66cf3802946f3b3ff690f13d772337607be8a44dd8194795d
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 14:30:50 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1577085494%3A1670423450503941&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsQ6lCDagKJKYYcNicxzENDoKUUZwvsxkzCFZpa_-VXMrkrGxYN_RvAHE-uY3TY6l04axPWEQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-ZAgGN_eGEbS3KYE1xGqDiw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 399
server: GSE
set-cookie: __Host-GAPS=1:VEmJTJi9TWwigp0PqFVlUMOBwjLUKA:RBA42tRx9E0LTMUb;Path=/;Expires=Fri, 06-Dec-2024 14:30:50 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12663
Expires: Wed, 07 Dec 2022 18:01:53 GMT
Date: Wed, 07 Dec 2022 14:30:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12663
Expires: Wed, 07 Dec 2022 18:01:53 GMT
Date: Wed, 07 Dec 2022 14:30:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12663
Expires: Wed, 07 Dec 2022 18:01:53 GMT
Date: Wed, 07 Dec 2022 14:30:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12663
Expires: Wed, 07 Dec 2022 18:01:53 GMT
Date: Wed, 07 Dec 2022 14:30:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12663
Expires: Wed, 07 Dec 2022 18:01:53 GMT
Date: Wed, 07 Dec 2022 14:30:50 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uthecrimorew.com/utx?cb=TlJREhvpzAZG&top=www.file-upload.com&tid=888399
54.192.99.67204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=TlJREhvpzAZG&top=www.file-upload.com&tid=888399
IP 54.192.99.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=TlJREhvpzAZG&top=www.file-upload.com&tid=888399 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 14:31:50 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 efc12fd327e76ab48012cf50cecfdff8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: 9JBNAxL_soOzppNwjdS-5_7uaR-TJ7_-gvC04vNgmFvSUqQFDJ5IUg==
X-Firefox-Spdy: h2
uthecrimorew.com/utx?cb=3hJoheiVA9wO&top=www.file-upload.com&tid=889766
54.192.99.67204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=3hJoheiVA9wO&top=www.file-upload.com&tid=889766
IP 54.192.99.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=3hJoheiVA9wO&top=www.file-upload.com&tid=889766 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 14:31:50 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 efc12fd327e76ab48012cf50cecfdff8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: TfOsczVoxcu5nRIAFPZIrghUwjPpM8W42a-ci5oMUVcTTJS582ii_A==
X-Firefox-Spdy: h2
uthecrimorew.com/utx?cb=2TKmBWcxBCom&top=www.file-upload.com&tid=888398
54.192.99.67204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=2TKmBWcxBCom&top=www.file-upload.com&tid=888398
IP 54.192.99.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=2TKmBWcxBCom&top=www.file-upload.com&tid=888398 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 14:31:50 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 efc12fd327e76ab48012cf50cecfdff8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: lAFEG1CuW9x18m0Kpt-OXKXgGmpv6EMWqP9EsXXWfURES1uDWBF2mQ==
X-Firefox-Spdy: h2
uthecrimorew.com/utx?cb=OujydNtthh5j&top=www.file-upload.com&tid=922253
54.192.99.67204 No Content 0 B URL HTTP/2 uthecrimorew.com/utx?cb=OujydNtthh5j&top=www.file-upload.com&tid=922253
IP 54.192.99.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=OujydNtthh5j&top=www.file-upload.com&tid=922253 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 07 Dec 2022 14:30:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 07 Dec 2022 14:31:50 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 efc12fd327e76ab48012cf50cecfdff8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: 79KfEwxheav4VbJD16qt_B155wruMNlhR5XqotMVpMhYV7qtO9ssnA==
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1577085494%3A1670423450503941&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsQ6lCDagKJKYYcNicxzENDoKUUZwvsxkzCFZpa_-VXMrkrGxYN_RvAHE-uY3TY6l04axPWEQ
142.250.74.109403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1577085494%3A1670423450503941&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsQ6lCDagKJKYYcNicxzENDoKUUZwvsxkzCFZpa_-VXMrkrGxYN_RvAHE-uY3TY6l04axPWEQ
IP 142.250.74.109:0
Hash d499d94792d2bafcec337105aafd5b1a
de01e03de8ac97a94eae8f97d9abcbc9df52fcbb
330ff691841fe8efe5ed5bc299b6f77bf2a97ade1062cf3f4e670f6851f401a9
GET /v3/signin/identifier?dsh=S1577085494%3A1670423450503941&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsQ6lCDagKJKYYcNicxzENDoKUUZwvsxkzCFZpa_-VXMrkrGxYN_RvAHE-uY3TY6l04axPWEQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 14:30:50 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-ld42MLq_rYyRiIjYnojMvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3f68d2b9508016466ba87c846b90f0db
36a6b9a97413dc573f2c65314a1647d5c5907d95
907bab092444b0f0fc89ccd5452757f7dc57ec741da5c96a185643c366fc1136
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "907BAB092444B0F0FC89CCD5452757F7DC57EC741DA5C96A185643C366FC1136"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12663
Expires: Wed, 07 Dec 2022 18:01:53 GMT
Date: Wed, 07 Dec 2022 14:30:50 GMT
Connection: keep-alive
oaphoace.net/500/5419445?excludes=&oaid=2287533aea78431e869d3543d49ffe49&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 0 B URL HTTP/2 oaphoace.net/500/5419445?excludes=&oaid=2287533aea78431e869d3543d49ffe49&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5419445?excludes=&oaid=2287533aea78431e869d3543d49ffe49&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 14:30:50 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: http://www.file-upload.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
34.160.73.230200 OK 2.6 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP 34.160.73.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2551), with no line terminators
Hash 41f66bb0ac50f2d851236170e7c71341
59bcec216302151922219b51be8ad8ab6d0b8384
ec99cca58b612ce268e6ada818dfcec0acc22dd1bbe372487be9abbdd07ce073
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 07 Dec 2022 14:30:50 GMT
Content-Type: text/html
Content-Length: 2551
Last-Modified: Tue, 06 Dec 2022 22:15:35 GMT
ETag: "638fbf07-9f7"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ksH1sTc9EjXCmWZup74uFSR+dkwy0KAqHyDjqCX5+b0zeGjsBDwHGeUXqHO1YTnGXNMqi9DZqRg/7nsDREvaAw
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=91.90.42.154;Path=/;Max-Age=86400;
country=NO;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.EXPIRED.305E185C-5D0C-4AD0-86FE-5F99F413CC83;Path=/;Max-Age=86400;
Accept-Ranges: bytes
Via: 1.1 google
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 975d829b6c1182baa9059ef46ba71c89
4cad25f5dc5997779e9bde153551bf7fa3481938
5a23467d164713da6a0ba9cff3d114780c255f12696ad50c3efc214c8895ee64
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=89044
Date: Wed, 07 Dec 2022 14:30:50 GMT
Etag: "638f4418-1d7"
Expires: Thu, 08 Dec 2022 15:14:54 GMT
Last-Modified: Tue, 06 Dec 2022 13:31:04 GMT
Server: ECS (nyb/1D10)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8DDbQtAmKD9yLinz0hpT3enKOUEgFVmeL_Pw2mAUfuonUhbOShnZPQ==
Age: 6230
uthecrimorew.com/floater?cs=bTV5ZnJfDE9WQlUCS1JCXw1IXks&abt=0&red=1&sm=83&k=download%20easeus%20technician%20edition%20sigma4pc&v=0.8.15.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_EIr7=1670423449573&crc=1
54.192.99.67200 OK 1.3 kB URL HTTP/2 uthecrimorew.com/floater?cs=bTV5ZnJfDE9WQlUCS1JCXw1IXks&abt=0&red=1&sm=83&k=download%20easeus%20technician%20edition%20sigma4pc&v=0.8.15.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_EIr7=1670423449573&crc=1
IP 54.192.99.67:0
File type ASCII text, with very long lines (2023), with no line terminators
Hash a377d1549f88ea075c08b83f78873771
40db805c291d6a063c50b91aa2c8cab17986bbbc
6d51f42d3d70497bdb7c1202eac453da6fba52d89db6c75b87e0115504b4acad
GET /floater?cs=bTV5ZnJfDE9WQlUCS1JCXw1IXks&abt=0&red=1&sm=83&k=download%20easeus%20technician%20edition%20sigma4pc&v=0.8.15.0&sts=0&prn=0&emb=0&tid=888399&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_EIr7=1670423449573&crc=1 HTTP/1.1
Host: uthecrimorew.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
content-length: 1259
date: Wed, 07 Dec 2022 14:30:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www.file-upload.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=ca046ad4-2684-4294-81fa-e5ecc9fa29fc
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 efc12fd327e76ab48012cf50cecfdff8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: HNnuJdyQaBry5a8JYA7S4kaWlIGedhqFF3dMawZNpEp6GpyovYiHgg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8bbd1cb72bc92d27ab1c3155ecfc7e3d
0aff60de45cd9932f6ae0fc5e57571b818bf637c
978523dc29efb75cf77086765ad56b8f4ba70d698f881624a7b764effb6525eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1846
Cache-Control: max-age=126413
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:50 GMT
Etag: "638fe731-116"
Expires: Fri, 09 Dec 2022 01:37:43 GMT
Last-Modified: Wed, 07 Dec 2022 01:06:57 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 278
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 67fb33e122bad1f2b32534de5fb271db
fe444b5c5f683a9699fb7ec292f15f7b2bbb7e91
aa96e41fe9d334afcf3f209972693154b6a30c904b6fb2b1b9448e2941b204dd
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:50 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
set-cookie: uid_id2=1820af9b-416f-40e6-b034-f81033336de2:1:1; expires=Sat, 04 Dec 2032 14:30:50 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
oaphoace.net/500/5419445?excludes=&oaid=2287533aea78431e869d3543d49ffe49&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 12 kB URL HTTP/2 oaphoace.net/500/5419445?excludes=&oaid=2287533aea78431e869d3543d49ffe49&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
Hash e018c24d4cb9c3b83b14637ff791afba
b26002a8e854dae6f05394d238a513570638f64a
0756efa28833e6a1e73958ddc98143a870df78fe034ab8c3298ac9cc5efb3c5c
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5419445?excludes=&oaid=2287533aea78431e869d3543d49ffe49&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: OAID=2287533aea78431e869d3543d49ffe49
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 14:30:50 GMT
content-type: application/javascript
x-trace-id: 5236d1eedbe726e176301330c207c8e0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: http://www.file-upload.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=2287533aea78431e869d3543d49ffe49; expires=Thu, 07 Dec 2023 14:30:50 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
sweptpeculiar.com/38/f0/0a/38f00a36b3d7705a00e14d2d7baaa601.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 sweptpeculiar.com/38/f0/0a/38f00a36b3d7705a00e14d2d7baaa601.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37139), with no line terminators
Hash 353117db4379205378b569def355420f
3904f64c2491f5d07e590d43a3e30b23576d45e6
58451d5b1551727d15514c37eced20e6f1d190385a7db9efdb1292925d9e9ba7
Analyzer Verdict Alert quad9 Sinkholed
GET /38/f0/0a/38f00a36b3d7705a00e14d2d7baaa601.js HTTP/1.1
Host: sweptpeculiar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 07 Dec 2022 14:30:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 72a36c6fbdef0f7427e7566150a23b95
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.google-analytics.com/ga.js
142.250.74.46200 OK 17 kB URL HTTP/1.1 www.google-analytics.com/ga.js
IP 142.250.74.46:0
Hash 5837fca6a1cc79727b35848b0e16f37a
8509e1304825c276e38d3870a5507f677544db6c
f3aa03fa2e8c0eacb7f95d785de0d80eb291f4fa822c7ac2b386508358089d5f
GET /ga.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Wed, 07 Dec 2022 12:32:52 GMT
Expires: Wed, 07 Dec 2022 14:32:52 GMT
Cache-Control: public, max-age=7200
Age: 7079
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
connect.facebook.net/en_US/sdk.js
157.240.247.8301 Moved Permanently 0 B URL HTTP/1.1 connect.facebook.net/en_US/sdk.js
IP 157.240.247.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 301 Moved Permanently
Location: https://connect.facebook.net/en_US/sdk.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Wed, 07 Dec 2022 14:30:51 GMT
Connection: keep-alive
Content-Length: 0
www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1805723371&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20EASEUS%20Technician%20Edition%20sigma4pc%20com%20rar&utmhid=1717886494&utmr=-&utmp=%2Fwrbhki8wqa3s&utmht=1670423450685&utmac=UA-42931250-7&utmcc=__utma%3D184767038.613335277.1670423451.1670423451.1670423451.1%3B%2B__utmz%3D184767038.1670423451.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=570141701&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
142.250.74.46302 Found 369 B URL HTTP/1.1 www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1805723371&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20EASEUS%20Technician%20Edition%20sigma4pc%20com%20rar&utmhid=1717886494&utmr=-&utmp=%2Fwrbhki8wqa3s&utmht=1670423450685&utmac=UA-42931250-7&utmcc=__utma%3D184767038.613335277.1670423451.1670423451.1670423451.1%3B%2B__utmz%3D184767038.1670423451.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=570141701&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
IP 142.250.74.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 8cf221b9d14d9b473695a7655ba95a15
5968a9bea2d3f3cf95be407f8c2836fcbbcf332f
3f21930d086e5e3f00c2ca051c913400aa2545862126cc898b2f3f4d0d2155d8
GET /r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1805723371&utmhn=www.file-upload.com&utmcs=UTF-8&utmsr=1280x1024&utmvp=1268x939&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20EASEUS%20Technician%20Edition%20sigma4pc%20com%20rar&utmhid=1717886494&utmr=-&utmp=%2Fwrbhki8wqa3s&utmht=1670423450685&utmac=UA-42931250-7&utmcc=__utma%3D184767038.613335277.1670423451.1670423451.1670423451.1%3B%2B__utmz%3D184767038.1670423451.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=570141701&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 302 Found
Location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371
Access-Control-Allow-Origin: *
Date: Wed, 07 Dec 2022 14:30:51 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
Server: Golfe2
Content-Length: 369
friendshipmale.com/sfp.js
172.64.163.31200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.163.31:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 14:30:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 3ce16bd3adbb8890a4340db655f12dd3
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 07 Dec 2022 14:30:51 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jwekE98NRKpjxXJVtnDJ3ZqFCdoz6MgrSu054uFnJKO7pmLgSEIybJlA8lXTMod8Rj655prlKlET9A4wVZnpxF1%2BDEvUvm3ppglIPbbFzjYfP39ux0bTnV3chbhtW%2FXN453xOzM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775df6294b0a23dc-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 1e181f9ed09fb72bf80535f26ad7b91a
df966a15abb5b870e71527d73592f7d977011eb2
741e73d12b0fa5e76d9b4a78e8e70dbe307e059a0018aca245da0db44c5a5958
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/sdk.js
157.240.247.8200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 157.240.247.8:0
File type ASCII text, with very long lines (1957)
Hash 71eab119f8ab7d92a18d4b9d8504ac75
2fe111385cfa6d62c64b2dcbece1acd5626337a5
08db9ce61060bdb9cbe7b2f255eba0581e222c9831b3fc0dd1a144731922f340
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 5d2d42124e5c884a61f151cda28266b4
etag: "95f2a2e69a3700871f2867da69306400"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 07 Dec 2022 14:32:42 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: ceqxGfirfZKhjUudhQSsdQ==
x-fb-debug: b7WgeQYC4mM0JPUg2wpAUhimW4Pi0nQ0vEcuVswNuGbgGUPKS/zH822ghzDPKLLvFMg9T8iA/i557dXwK64PZw==
priority: u=3,i
content-length: 1687
x-fb-trip-id: 1679558926
date: Wed, 07 Dec 2022 14:30:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371
108.177.14.157302 Found 367 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371
IP 108.177.14.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 26b4cfbdcb7e8bf60b09ea26171f7ed5
e4d4d15387a0f9c86228b40cb268b9954136c3b5
1781f9597319fad003d32359f78fd898e528902508d2c2a4ee32c840e7ac7d4a
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 07 Dec 2022 14:30:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 367
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 1e181f9ed09fb72bf80535f26ad7b91a
df966a15abb5b870e71527d73592f7d977011eb2
741e73d12b0fa5e76d9b4a78e8e70dbe307e059a0018aca245da0db44c5a5958
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5698
Expires: Wed, 07 Dec 2022 16:05:49 GMT
Date: Wed, 07 Dec 2022 14:30:51 GMT
Connection: keep-alive
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371
142.250.74.132302 Found 0 B URL HTTP/2 www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371
IP 142.250.74.132:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 14:30:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371&slf_rd=1&random=2330045925
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5698
Expires: Wed, 07 Dec 2022 16:05:49 GMT
Date: Wed, 07 Dec 2022 14:30:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5698
Expires: Wed, 07 Dec 2022 16:05:49 GMT
Date: Wed, 07 Dec 2022 14:30:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 604a4132da78a0c013b5818644adb121
ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566
eecab519c33596c67f2d2021dfd1af24e7fd8f2ed403f99b4ba0c265c08a259f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8701
x-amzn-requestid: 653284c3-ee7f-45f1-9513-3a6c81e1d6e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cm3-2HRWIAMFjfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c39f8-6f8969a26787a9463ba6c2ec;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 06:11:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EpyIdH9YEXjxbGhZpBIfzoZHQxMvAKl0eCFQsgMt0e1SSeWsiuey7g==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:15:06 GMT
age: 58545
etag: "ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 06:11:41 GMT
age: 29950
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167b7461-ee08-4205-a299-12e7c883b958.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167b7461-ee08-4205-a299-12e7c883b958.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4884ce2731d3033b12e4792c1bbf453e
63b6efc98cb04228d82ac28fceb97bb1cf8d82fb
8c37704d0e1fd16239e28cbdb88c5ac6a2e9cfb70f8457bfab127202f89d3788
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167b7461-ee08-4205-a299-12e7c883b958.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14896
x-amzn-requestid: 58d94b15-dce0-44c0-96b1-917f1206a39e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnA4RFkeoAMFfGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c4834-7c1667b53795d5c11a3bfdda;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:11:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tM0WOO_Ypgj2QxJSz9GHZZTsKjzsvyD6tjpp4G0ZpuGAIGmnEe4oqQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:29:22 GMT
age: 21689
etag: "63b6efc98cb04228d82ac28fceb97bb1cf8d82fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
oaphoace.net/401/5419445
139.45.197.239200 OK 40 kB IP 139.45.197.239:0
Hash 73d47c294bdaddec79220921e3f1c18a
099b62f94ebfc524d17e1758b7bc8b8e7dd8139d
1560605ea9e51844c9eb900656b355a904d3ad2ee5ae0e71aa65f7ae880299b5
Analyzer Verdict Alert quad9 Sinkholed
GET /401/5419445 HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 14:30:50 GMT
content-type: application/javascript
x-trace-id: d4b2210f60049a68f831ceefe78948d3
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=81935b99ee054afaae62fc261ae4d374; expires=Thu, 07 Dec 2023 14:30:50 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ViuPsZBEVJ-aGOcsfrl3nXu244mzMUMQVhpPeNlO7W3sBrrfuUfXpA==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:32:04 GMT
age: 57527
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b6cef-6b79-466f-a8bf-5f3864c9b0e7.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b6cef-6b79-466f-a8bf-5f3864c9b0e7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9f7b9c77a99173619ee85d0cfa8e2f8
05ba0fab4533b9837dd8558ffa5eb168e974d2b3
17184aca15041d2770fe14397fc0ab87e5f8e9f910b557031ba7fbf1349b0b9c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b6cef-6b79-466f-a8bf-5f3864c9b0e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11464
x-amzn-requestid: 04d9e95d-563e-4258-934e-add82f95a638
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGysEDmIAMFSIQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851aa-426e37fb562dc25b3449311b;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RspslnJzOcAHAL--VTgFJkFxb1PvLM6OHJmJUsdOKocI5ZPmJSLdoA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 20:03:50 GMT
age: 66421
etag: "05ba0fab4533b9837dd8558ffa5eb168e974d2b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/sdk.js?hash=882bd51fd64af65c76a1189c0cef6784
157.240.247.8200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=882bd51fd64af65c76a1189c0cef6784
IP 157.240.247.8:0
File type ASCII text, with very long lines (13192)
Hash 6de96bd47c32966ba3ce82f147e65b9e
3933c9d692d6fc1293fb6ef819d65466997b4071
f3b6e62c1ab4919b886d52f1ee6ff869ae72aa0de395b34c601285905935de3f
GET /en_US/sdk.js?hash=882bd51fd64af65c76a1189c0cef6784 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: ccaa0bbd5870581c83d75820659d0955
etag: "2c4ac2850aad8748f05186d435580912"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Thu, 07 Dec 2023 12:14:20 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: belr1HwylmujzoLxR+Zbng==
x-fb-debug: AhHcTohrJVC1gjXiZ+53GAQALI43PP0lZibp0NigKkPPuVUXxerJpwvKeI4RPCtD7D7hfDSgp/z5IT4c7Rly5g==
content-length: 86981
x-fb-trip-id: 1679558926
date: Wed, 07 Dec 2022 14:30:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371&slf_rd=1&random=2330045925
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371&slf_rd=1&random=2330045925
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-42931250-7&cid=613335277.1670423451&jid=570141701&_v=5.7.2&z=1805723371&slf_rd=1&random=2330045925 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 14:30:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8950366983a86acb8b2e8cc10bf19cff
5c661af691512fc791c15c3d76fbe0bf52d30390
c078275d2473e11fd6c6b9d990b4b84eeda0db1ed5dd8fd5155dbcb13fa543bf
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C078275D2473E11FD6C6B9D990B4B84EEDA0DB1ED5DD8FD5155DBCB13FA543BF"
Last-Modified: Wed, 07 Dec 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19498
Expires: Wed, 07 Dec 2022 19:55:50 GMT
Date: Wed, 07 Dec 2022 14:30:52 GMT
Connection: keep-alive
xml.serve-servee.com/thumbnail?i=25gSzpXXn9M_1&imgt=icon
172.64.162.38302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=25gSzpXXn9M_1&imgt=icon
IP 172.64.162.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=25gSzpXXn9M_1&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 07 Dec 2022 14:30:52 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rG%2BYYa0qMTeYWFSWkPnY%2FrYGU5S8lDs%2FlbOo9IjgXEBhzBE%2FcR3UfPbUwnMCGKb9UaHlHmhwBJFoYwZ3UUMVO2VFu9KHnF2MmJFxkki6c2IYWymXwXNPY3rCiJT3Ln4EnFKQGrqsBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df630287d23d2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
172.64.162.38200 OK 1.1 kB URL HTTP/2 static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
IP 172.64.162.38:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 4fa2beaeca8f598401f3ec6300cb860b
45634806ea1fa936c0e600b8b22f835600529b36
ef897a0bab353d84bf69ae3570347dea36236575a7b1bbd5992b8f256f856577
GET /n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:52 GMT
content-type: image/png
content-length: 1112
last-modified: Fri, 24 Apr 2020 13:59:43 GMT
accept-ranges: bytes
etag: "5ea2f0cf-458"
cache-control: max-age=86400
x-hw: 1670423452.cds246.lo4.h2,1670423452.cds216.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aE5m88iCjrJUNSIkekdZxv0qKc2IC28QhIfVbbGi5hT4z9CE8DLLgbZbZ9tVPWs56NGrW%2BebVCKp8ayy7dAo2JxWzzzwii7FWJHhwUbFM7QiofMvWUjPBTJyVZkS0p5iepXRqyH%2F6N%2B1jw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df63119ef23d2-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8950366983a86acb8b2e8cc10bf19cff
5c661af691512fc791c15c3d76fbe0bf52d30390
c078275d2473e11fd6c6b9d990b4b84eeda0db1ed5dd8fd5155dbcb13fa543bf
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C078275D2473E11FD6C6B9D990B4B84EEDA0DB1ED5DD8FD5155DBCB13FA543BF"
Last-Modified: Wed, 07 Dec 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19498
Expires: Wed, 07 Dec 2022 19:55:50 GMT
Date: Wed, 07 Dec 2022 14:30:52 GMT
Connection: keep-alive
oaphoace.net/impression/2iMscFiI95aaJW1nVkyRibxEC7ZKgPY9wKAmxNAuhGCB7DkaWk6gcBPdkcRVJ9YAV7VG6C5Pt5miOdRzokpNtw1wFtYbmx7krAsRR7SR4KhXyzLQXBjS3Nke7qwasB_SxmrFjQf8DpWTQGkmQN5hw5O29NR7-DyZ7wvqbiQXVwUQtSUFUAU95oxXnYvrSP4lG9w6rhiIdt66cDqnR23uVxZ7pkHlBewj7c0ygJC1Ne0Ijdxkj_kfyf_H1B5cVs4_SNZ2NzuXMhsL056hKFsNc3l5TRkSLT1zgaym3JqhcwR2Oa0cL1-ZNrRo4IOX9o73dCeZ-GGlcMokzrrkGXuj_oIU4uI8d7cKdiuLRWcIUF94mxLkDIQDB_8xverXXdEZcOpaH33jDsgwKwiiFyLPvbr_Sv1zpyEImgc0xz_mL088BxoffQHMpcyWDpWH6ztulMwjTK_OxYWkV60gRyawk-0j3Xa28QqOlMp5Auvw5iBy9l6r4UPRBAgdhjCgEDO5WMfSvJfAuwj0cbzEb5B9Y9AEnWw3Yb0zNRLo9momt41W_qdBefSW5Lh6vbKQk8jRaXXBtJ0c5m7zUmXkeGeXVjcuXsHUhRnQxZZ7pQ==?_z=5419445&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.239200 OK 43 B URL HTTP/2 oaphoace.net/impression/2iMscFiI95aaJW1nVkyRibxEC7ZKgPY9wKAmxNAuhGCB7DkaWk6gcBPdkcRVJ9YAV7VG6C5Pt5miOdRzokpNtw1wFtYbmx7krAsRR7SR4KhXyzLQXBjS3Nke7qwasB_SxmrFjQf8DpWTQGkmQN5hw5O29NR7-DyZ7wvqbiQXVwUQtSUFUAU95oxXnYvrSP4lG9w6rhiIdt66cDqnR23uVxZ7pkHlBewj7c0ygJC1Ne0Ijdxkj_kfyf_H1B5cVs4_SNZ2NzuXMhsL056hKFsNc3l5TRkSLT1zgaym3JqhcwR2Oa0cL1-ZNrRo4IOX9o73dCeZ-GGlcMokzrrkGXuj_oIU4uI8d7cKdiuLRWcIUF94mxLkDIQDB_8xverXXdEZcOpaH33jDsgwKwiiFyLPvbr_Sv1zpyEImgc0xz_mL088BxoffQHMpcyWDpWH6ztulMwjTK_OxYWkV60gRyawk-0j3Xa28QqOlMp5Auvw5iBy9l6r4UPRBAgdhjCgEDO5WMfSvJfAuwj0cbzEb5B9Y9AEnWw3Yb0zNRLo9momt41W_qdBefSW5Lh6vbKQk8jRaXXBtJ0c5m7zUmXkeGeXVjcuXsHUhRnQxZZ7pQ==?_z=5419445&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.239:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/2iMscFiI95aaJW1nVkyRibxEC7ZKgPY9wKAmxNAuhGCB7DkaWk6gcBPdkcRVJ9YAV7VG6C5Pt5miOdRzokpNtw1wFtYbmx7krAsRR7SR4KhXyzLQXBjS3Nke7qwasB_SxmrFjQf8DpWTQGkmQN5hw5O29NR7-DyZ7wvqbiQXVwUQtSUFUAU95oxXnYvrSP4lG9w6rhiIdt66cDqnR23uVxZ7pkHlBewj7c0ygJC1Ne0Ijdxkj_kfyf_H1B5cVs4_SNZ2NzuXMhsL056hKFsNc3l5TRkSLT1zgaym3JqhcwR2Oa0cL1-ZNrRo4IOX9o73dCeZ-GGlcMokzrrkGXuj_oIU4uI8d7cKdiuLRWcIUF94mxLkDIQDB_8xverXXdEZcOpaH33jDsgwKwiiFyLPvbr_Sv1zpyEImgc0xz_mL088BxoffQHMpcyWDpWH6ztulMwjTK_OxYWkV60gRyawk-0j3Xa28QqOlMp5Auvw5iBy9l6r4UPRBAgdhjCgEDO5WMfSvJfAuwj0cbzEb5B9Y9AEnWw3Yb0zNRLo9momt41W_qdBefSW5Lh6vbKQk8jRaXXBtJ0c5m7zUmXkeGeXVjcuXsHUhRnQxZZ7pQ==?_z=5419445&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=http%3A%2F%2Fwww.file-upload.com%2Fwrbhki8wqa3s&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: oaphoace.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: OAID=2287533aea78431e869d3543d49ffe49
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 14:30:53 GMT
content-type: image/gif
content-length: 43
x-trace-id: 39167f0bb92f7e242f80c20aae23be7e
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 42371307f417b1da1409dd473484bca1
56b3b7f13c11464d8944fd442343db2c3dd65714
47b6dce771c6583079464827a476caa6e53d9fa11a1a99c72bd718806815bdb6
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:08 GMT
expires: Thu, 30 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 586606
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
142.250.74.74200 OK 17 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP 142.250.74.74:0
Hash 49dcb3f23a58f998f11d8c2ca1b90a68
0aee92fad52d2f03484a134901a90260af43e913
92223ea8fd1122967d4b3adaec6c401be4ab899e973ed13fb3fb90520cdefcfa
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 14:30:54 GMT
date: Wed, 07 Dec 2022 14:30:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 14:30:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 61c071d75f06c0ff7197891e742017ac
da9c0355122151eed7ecab9c851da70bdd48933b
3a077fee8160980f7464b72287fc9336a0921209ae8b00a73d4565fba0b56fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A077FEE8160980F7464B72287FC9336A0921209AE8B00A73D4565FBA0B56FE2"
Last-Modified: Mon, 05 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4081
Expires: Wed, 07 Dec 2022 15:38:56 GMT
Date: Wed, 07 Dec 2022 14:30:55 GMT
Connection: keep-alive
snappedanticipation.com/sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=1820af9b-416f-40e6-b034-f81033336de2%3A1%3A1
192.243.61.225200 OK 4.1 kB URL HTTP/1.1 snappedanticipation.com/sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=1820af9b-416f-40e6-b034-f81033336de2%3A1%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5819), with no line terminators
Hash f815900cbbf548ff805437513d1fa8e9
abc17d691d1d4968462b129006a51693d350cd6d
bb786ad07fde1952640e2f34596e76d52e128be2143c9aaf5d520a831fdb4973
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=38f00a36b3d7705a00e14d2d7baaa601&uuid=1820af9b-416f-40e6-b034-f81033336de2%3A1%3A1 HTTP/1.1
Host: snappedanticipation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 14:30:56 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.file-upload.com
Access-Control-Allow-Origin: http://www.file-upload.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16537667; expires=Thu, 08 Dec 2022 14:30:56 GMT; secure; SameSite=None
uid_id2=1820af9b-416f-40e6-b034-f81033336de2:1:1; expires=Wed, 14 Dec 2022 14:30:56 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 08 Dec 2022 14:30:56 GMT; secure; SameSite=None
uncs=1; expires=Thu, 08 Dec 2022 14:30:56 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 08 Dec 2022 14:30:56 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 08 Dec 2022 14:30:56 GMT; secure; SameSite=None
slec38f00a36b3d7705a00e14d2d7baaa601=[3842223]; expires=Wed, 07 Dec 2022 14:31:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2c21a6d8eb2253fba8963d7a1b5b263f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ea6d8022d3d0fcb1a655c111694efb3c
0565f1dae70afb9f7d231824a488de4f262218f0
198fc3e66c5d81029e6781d76d0eb5bf8a3c8ae92aa3aa6a7f0fda6d95658a76
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "198FC3E66C5D81029E6781D76D0EB5BF8A3C8AE92AA3AA6A7F0FDA6D95658A76"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1081
Expires: Wed, 07 Dec 2022 14:48:57 GMT
Date: Wed, 07 Dec 2022 14:30:56 GMT
Connection: keep-alive
snappedanticipation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3o0genLx4kEcxIOCmVRPz89dZDG7GwnGJOyuxKNVXdWTMtVdTVX39CSn4IIseJm9eex8k2xQF9f9AwSZeJGAsCOoORjwX1DYkweZycC4D6ree%2FW9w%2Fd9r744yM8JRc7ONj8ye0prttSo0srbWyoRpnCV9bsVn1bptcqWSpr1a5X%2B5LK9qz5tVOk7lQ9kuGOWatSn1Kd%2BZUVZGZn%2B0hSFSh91%2FGqHVuu1qt%2Boo2%2Bf713uwTEPondOrkCJ8QvbPz%2BBCkdI4u9vSreTmfTdW3GuWWYseuL442QnMUWCeF5G1kOUHM%2BmYdyYkK8uwSTHMwUwvcOJAnA1Jt7vPnhyPKMJ3ju6YMo1ZAIuXkbRG0HqERQbITT3oMRTAoQC6xtI4ofrxhZs9wJlE3RMFp79A1WMycKfryKJv1vWql%2B5Y3SeKZM49KMSqj%2BC6o6Q5ifI9jyo4gRh9jmU%2BIUsPVtDEh9uOG2gxNlbfrtGWdThi3W%2FGS3WqWwuchrUF6O2T4MgCJpC1qYWKTWCikbQcgDmPOSTozzkkYc89RCLswprdCJKWxGPgqBdD8MwCMKw0W6Khgjq7YgiDycaBsjSAUI9QGj3kdp97KgHTxtXYPMf4bZLOOHBZQQ9UaKQBIUjKBhBoQiKjKDolUdCu5orHwrtcu7Pcm2Wg3Josu4BOzJZVybkID0nr0y9%2B%2FeTG9iRZ5WgHVHKgiYPRKtFG4xS6ddFTbQ4Y6xJfThVQrlLU6V7k0X%2B9inSSb71Fzg7gdMnCNWbYPnrYMWwVaNg28N6m2IveRwpLRfzVBsmqqGJIUyJNFtAtusd6HPy2pTK1fIxZHh6%2Fe9oGghtidSW%2BEz9RNDV94e3TUEOb5vCkScbaaZitccmK76TsUxe%2FuZDuVsYK1ZvusHX74cTYFI%2BuitdtsYSoZKuI98uKyGkXTE2lOSHVbcl%2BWbutpdzm%2BTp2uaNldU4tdI5ZZIR2ETdi%2B8hVGPyUvnH9Pu%2BIb%2BEsiPYvEScn5JZQJkThOk%2BXDrn7wyB1fMZnnoo8nJoa3z%2BqBWBlvOe8RLufz2f1wfuPrrWA8vuIYlL9GyJni7B9AAuvzzMUnt6%2FddgGuDaG3JtvUOurX5wYa5TZxXZiGgkaU3yqMOjFqOiE9U7nHV82eIN5iNz43AwLP8DAAD%2F%2FwEAAP%2F%2FonviKpYEAAA%3D
192.243.61.225200 OK 7 B URL HTTP/1.1 snappedanticipation.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3o0genLx4kEcxIOCmVRPz89dZDG7GwnGJOyuxKNVXdWTMtVdTVX39CSn4IIseJm9eex8k2xQF9f9AwSZeJGAsCOoORjwX1DYkweZycC4D6ree%2FW9w%2Fd9r744yM8JRc7ONj8ye0prttSo0srbWyoRpnCV9bsVn1bptcqWSpr1a5X%2B5LK9qz5tVOk7lQ9kuGOWatSn1Kd%2BZUVZGZn%2B0hSFSh91%2FGqHVuu1qt%2Boo2%2Bf713uwTEPondOrkCJ8QvbPz%2BBCkdI4u9vSreTmfTdW3GuWWYseuL442QnMUWCeF5G1kOUHM%2BmYdyYkK8uwSTHMwUwvcOJAnA1Jt7vPnhyPKMJ3ju6YMo1ZAIuXkbRG0HqERQbITT3oMRTAoQC6xtI4ofrxhZs9wJlE3RMFp79A1WMycKfryKJv1vWql%2B5Y3SeKZM49KMSqj%2BC6o6Q5ifI9jyo4gRh9jmU%2BIUsPVtDEh9uOG2gxNlbfrtGWdThi3W%2FGS3WqWwuchrUF6O2T4MgCJpC1qYWKTWCikbQcgDmPOSTozzkkYc89RCLswprdCJKWxGPgqBdD8MwCMKw0W6Khgjq7YgiDycaBsjSAUI9QGj3kdp97KgHTxtXYPMf4bZLOOHBZQQ9UaKQBIUjKBhBoQiKjKDolUdCu5orHwrtcu7Pcm2Wg3Josu4BOzJZVybkID0nr0y9%2B%2FeTG9iRZ5WgHVHKgiYPRKtFG4xS6ddFTbQ4Y6xJfThVQrlLU6V7k0X%2B9inSSb71Fzg7gdMnCNWbYPnrYMWwVaNg28N6m2IveRwpLRfzVBsmqqGJIUyJNFtAtusd6HPy2pTK1fIxZHh6%2Fe9oGghtidSW%2BEz9RNDV94e3TUEOb5vCkScbaaZitccmK76TsUxe%2FuZDuVsYK1ZvusHX74cTYFI%2BuitdtsYSoZKuI98uKyGkXTE2lOSHVbcl%2BWbutpdzm%2BTp2uaNldU4tdI5ZZIR2ETdi%2B8hVGPyUvnH9Pu%2BIb%2BEsiPYvEScn5JZQJkThOk%2BXDrn7wyB1fMZnnoo8nJoa3z%2BqBWBlvOe8RLufz2f1wfuPrrWA8vuIYlL9GyJni7B9AAuvzzMUnt6%2FddgGuDaG3JtvUOurX5wYa5TZxXZiGgkaU3yqMOjFqOiE9U7nHV82eIN5iNz43AwLP8DAAD%2F%2FwEAAP%2F%2FonviKpYEAAA%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3o0genLx4kEcxIOCmVRPz89dZDG7GwnGJOyuxKNVXdWTMtVdTVX39CSn4IIseJm9eex8k2xQF9f9AwSZeJGAsCOoORjwX1DYkweZycC4D6ree%2FW9w%2Fd9r744yM8JRc7ONj8ye0prttSo0srbWyoRpnCV9bsVn1bptcqWSpr1a5X%2B5LK9qz5tVOk7lQ9kuGOWatSn1Kd%2BZUVZGZn%2B0hSFSh91%2FGqHVuu1qt%2Boo2%2Bf713uwTEPondOrkCJ8QvbPz%2BBCkdI4u9vSreTmfTdW3GuWWYseuL442QnMUWCeF5G1kOUHM%2BmYdyYkK8uwSTHMwUwvcOJAnA1Jt7vPnhyPKMJ3ju6YMo1ZAIuXkbRG0HqERQbITT3oMRTAoQC6xtI4ofrxhZs9wJlE3RMFp79A1WMycKfryKJv1vWql%2B5Y3SeKZM49KMSqj%2BC6o6Q5ifI9jyo4gRh9jmU%2BIUsPVtDEh9uOG2gxNlbfrtGWdThi3W%2FGS3WqWwuchrUF6O2T4MgCJpC1qYWKTWCikbQcgDmPOSTozzkkYc89RCLswprdCJKWxGPgqBdD8MwCMKw0W6Khgjq7YgiDycaBsjSAUI9QGj3kdp97KgHTxtXYPMf4bZLOOHBZQQ9UaKQBIUjKBhBoQiKjKDolUdCu5orHwrtcu7Pcm2Wg3Josu4BOzJZVybkID0nr0y9%2B%2FeTG9iRZ5WgHVHKgiYPRKtFG4xS6ddFTbQ4Y6xJfThVQrlLU6V7k0X%2B9inSSb71Fzg7gdMnCNWbYPnrYMWwVaNg28N6m2IveRwpLRfzVBsmqqGJIUyJNFtAtusd6HPy2pTK1fIxZHh6%2Fe9oGghtidSW%2BEz9RNDV94e3TUEOb5vCkScbaaZitccmK76TsUxe%2FuZDuVsYK1ZvusHX74cTYFI%2BuitdtsYSoZKuI98uKyGkXTE2lOSHVbcl%2BWbutpdzm%2BTp2uaNldU4tdI5ZZIR2ETdi%2B8hVGPyUvnH9Pu%2BIb%2BEsiPYvEScn5JZQJkThOk%2BXDrn7wyB1fMZnnoo8nJoa3z%2BqBWBlvOe8RLufz2f1wfuPrrWA8vuIYlL9GyJni7B9AAuvzzMUnt6%2FddgGuDaG3JtvUOurX5wYa5TZxXZiGgkaU3yqMOjFqOiE9U7nHV82eIN5iNz43AwLP8DAAD%2F%2FwEAAP%2F%2FonviKpYEAAA%3D HTTP/1.1
Host: snappedanticipation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: u_pl=16537667; uid_id2=1820af9b-416f-40e6-b034-f81033336de2:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec38f00a36b3d7705a00e14d2d7baaa601=[3842223]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 14:30:56 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4908c1592e66912da367cdc9b1ba84eb
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e2b76117e448228305ba7e8618948bef
800100603fcc24f32d8a5e8e323e8415afeab545
afcefd68e69b1d09a9cb50beacacbedab49263fc14dd08040c850451a6444830
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AFCEFD68E69B1D09A9CB50BEACACBEDAB49263FC14DD08040C850451A6444830"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8096
Expires: Wed, 07 Dec 2022 16:45:52 GMT
Date: Wed, 07 Dec 2022 14:30:56 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e2b76117e448228305ba7e8618948bef
800100603fcc24f32d8a5e8e323e8415afeab545
afcefd68e69b1d09a9cb50beacacbedab49263fc14dd08040c850451a6444830
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AFCEFD68E69B1D09A9CB50BEACACBEDAB49263FC14DD08040C850451A6444830"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8096
Expires: Wed, 07 Dec 2022 16:45:52 GMT
Date: Wed, 07 Dec 2022 14:30:56 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e2b76117e448228305ba7e8618948bef
800100603fcc24f32d8a5e8e323e8415afeab545
afcefd68e69b1d09a9cb50beacacbedab49263fc14dd08040c850451a6444830
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AFCEFD68E69B1D09A9CB50BEACACBEDAB49263FC14DD08040C850451A6444830"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8096
Expires: Wed, 07 Dec 2022 16:45:52 GMT
Date: Wed, 07 Dec 2022 14:30:56 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.74200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.74:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Wed, 07 Dec 2022 14:30:56 GMT
Date: Wed, 07 Dec 2022 14:30:56 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
172.64.108.13200 OK 4.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png
IP 172.64.108.13:0
File type PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced\012- data
Hash 23e9690b0e7ac26868363a6248f44467
d7ad0eae64e0c1e65b12eda0aa9d2b91996dd64f
f362c67320d739ccf3bea21f857b9620075bd20ceacda8c51261b9612fe28395
GET /sb/notifications/software/us/windows/flash-all/ssp/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:56 GMT
content-type: image/png
content-length: 4022
last-modified: Wed, 17 Feb 2021 11:46:53 GMT
etag: "602d022d-fb6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1903150
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2F25n2FQEI%2FJjhmKmnVkqy%2BSd3UTR9GUv9ekTFwkS4higc9lqt3si4slfqmZHzGsudds6cCJNom0lGiklbYH36YJn9w%2B18p%2Bda326o6G9%2FRfq7JZlsbrEYMxiKYObMBJTRjm4CJI35Cc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df64d0b5271bd-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
snappedanticipation.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=115
192.243.61.225200 OK 0 B URL HTTP/1.1 snappedanticipation.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=115
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F50%2F77%2Fd2%2F5077d2a4de96d9464e3c0d2ecf8bb3de%2F1601543282.html&l=1209&fd=115 HTTP/1.1
Host: snappedanticipation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 14:30:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e2b76117e448228305ba7e8618948bef
800100603fcc24f32d8a5e8e323e8415afeab545
afcefd68e69b1d09a9cb50beacacbedab49263fc14dd08040c850451a6444830
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AFCEFD68E69B1D09A9CB50BEACACBEDAB49263FC14DD08040C850451A6444830"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8096
Expires: Wed, 07 Dec 2022 16:45:52 GMT
Date: Wed, 07 Dec 2022 14:30:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 69f94ae2562b6912a1f8e721bb94c028
efd05133a22b539ed568b3c75e6e8aabb281799c
b0c82753f01003c61fa71cf5542ead1fe90f11a9863592b374a8d3c13da4b306
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C82753F01003C61FA71CF5542EAD1FE90F11A9863592B374A8D3C13DA4B306"
Last-Modified: Tue, 06 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17020
Expires: Wed, 07 Dec 2022 19:14:36 GMT
Date: Wed, 07 Dec 2022 14:30:56 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/92/d4/78/92d478d8042ff325fb6dd1f4f0a51caf/1670417019.png
45.133.44.9200 OK 67 kB URL HTTP/2 cdn.cloudimagesb.com/si/92/d4/78/92d478d8042ff325fb6dd1f4f0a51caf/1670417019.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 974bec00ccda3eca066dd4d8f0946a9e
11fc0dd0e55999641f5fd84093d89ec045a41bb9
5208e6052ffc642377fda287c69488324bd90a7f1396b1025d450eb9c75bd22d
GET /si/92/d4/78/92d478d8042ff325fb6dd1f4f0a51caf/1670417019.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:56 GMT
content-type: image/png
content-length: 67428
server: nginx/1.17.6
last-modified: Wed, 07 Dec 2022 12:43:48 GMT
etag: "63908a84-10764"
expires: Fri, 09 Dec 2022 14:30:56 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
snappedanticipation.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=392
192.243.61.225200 OK 0 B URL HTTP/1.1 snappedanticipation.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=392
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fwindows%2Fflash-all%2Fssp%2F1%2Fjs%2Fscript.js&l=386&fd=392 HTTP/1.1
Host: snappedanticipation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.file-upload.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 14:30:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 30 Nov 2022 20:16:49 GMT
Expires: Thu, 30 Nov 2023 20:16:49 GMT
Cache-Control: public, max-age=31536000
Age: 584048
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 30 Nov 2022 20:16:50 GMT
Expires: Thu, 30 Nov 2023 20:16:50 GMT
Cache-Control: public, max-age=31536000
Age: 584047
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
172.64.108.13200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css
IP 172.64.108.13:0
Hash 1cfb4789ee542c008f9673311afb5f5b
c07a04fc5df96b4f2bb22b2c8c1e31b12fa0e3e1
d7f2e443d8426cf768a93ba74b9f9cbc2e571742c55b3c220c5d258fc4f19709
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:56 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 11:41:22 GMT
etag: W/"614c67e2-160c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hLKC%2FgYp6EtOkxxvtnpGqSmA9P8z1Q9%2Fk7y8OJqziByPQ5%2BbC5MqelbIIMZDEAkxOmcEdbDKiiQiTEBxrIgoLWpUu1PQMt3ywUDanr0PpyFFvl%2F5MU0Ac%2BEdbNus8txN8%2BlgCi46a%2FKd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df64cacece674-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
172.64.108.13200 OK 196 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js
IP 172.64.108.13:0
Hash b688997ce974eb342a8c4588573bb54f
56ef5cd079b909ccfafe1fdd880f6434eaeafd39
e977d89993be6091b81dd9d6cacec8c14028eb6f0d19923acce25af082e49f11
GET /sb/notifications/software/us/windows/flash-all/ssp/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:56 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:46:52 GMT
etag: W/"602d022c-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RnDc%2F8VnMm3RInUOTzYOg1MAH1ZLJtFJJxFwfokpHs5AMP%2B0OJs4eldpzJxCf%2FjMRd4d6Kh97Iy7UQAeREaVSsRrxQ%2FoKUFfagBm5l1L49dqgL4K%2FSooJSlh%2B%2B4o7LQwQ0Bigo07h1Xn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df64cacf2e674-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
172.64.108.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css
IP 172.64.108.13:0
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/notifications/software/us/windows/flash-all/ssp/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:56 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:46:51 GMT
etag: W/"602d022b-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BipnX%2B9OClsusye2l3igaH%2BNZLUKSBCqvgLESHNHEVooHFFqTLNoyBvLwP35UU6mHVtzbNydvQDvkUlKqn6KbHS5FOrDmJ3aa%2BcnzIVaIHB%2BRY3%2BJfyS13DuZPfcCIFvO1qCp%2BJlaDPj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df64c9cebe674-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
snappedanticipation.com/pixel/sbs?c=1
192.243.61.225200 OK 0 B URL HTTP/1.1 snappedanticipation.com/pixel/sbs?c=1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: snappedanticipation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Cookie: u_pl=16537667; uid_id2=1820af9b-416f-40e6-b034-f81033336de2:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec38f00a36b3d7705a00e14d2d7baaa601=[3842223]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 07 Dec 2022 14:30:57 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
inklinkor.com/tag.min.js
172.67.211.29200 OK 0 B IP 172.67.211.29:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:49 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: a3d0d09f7c275553b2d29b6d4471a3ec
cache-control: max-age=86400
last-modified: Fri, 02 Dec 2022 10:18:23 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 08 Dec 2022 13:48:05 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 2564
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wnQto8UvC03ACO36ccOayvqpdmteh%2BCGXDlM1pn%2B0fFwZtvIepnSGz55i958L2VoVco0at%2F6mtOKHEYfKNBmRMW7uhSXqe5Y81HAYVlOyauJ1KdV%2BpJ%2B78Aejz0E2lP%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df620cc53b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 3vr1Msacq6xS+SjPzLbuC29Ekv7UXEbQbMn+pSEslL0/fUm0V+kjXE82SamImwYVFFCp1Xw2Y20ASHhcD0pCTg==
date: Wed, 07 Dec 2022 14:30:50 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:50 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3582
last-modified: Wed, 07 Dec 2022 13:31:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FDE%2BhKWvnw3eD6G7ssLs2PYiWE2O0DNxQbkAoBUyitmIYFTJ4Sw9UQ9i1kBL2Oa6bW94qCpUgZF8YSJ8P1ZNls3%2FmBQ0vPicJzVSaiO3jmwETazCjzLv9BANh4LU3%2Fyz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df625fccf891e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:50 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3582
last-modified: Wed, 07 Dec 2022 13:31:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wy0gBSWwIMtpNE0xnVqYqRUeecINjdamoIRt3FIRfjEEwd%2BkL8SqQt10j1TWUmzcATgYgym7fteg6uKZFLvEc3v61bxyEM7SGdpgkhYlKTDKpP2aArxXvJc94ZZaFwUl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df625fcd6891e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:50 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3582
last-modified: Wed, 07 Dec 2022 13:31:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xK4S9AxYr7CTGhws1%2BN7MV%2FSaRoZ8K7pJY2X1%2BYR7EkYvtvefD%2B3ZyKMRhtT0k%2BSagYlEJ1%2FO3GMH%2BdX6SOT%2BrUNMHPRLGGMYJ19XH%2BYmIx1IYqjeS5pqDVQPczVRzAH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df625fcd8891e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:50 GMT
content-type: text/plain
set-cookie: csu=274460889991689@1@1670423450; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WdXMTdPXCAg3axTqjy0KJG%2BCZnf17xoqdAQWZJr3OV7agQOC2F84CbRNGzA%2BI6aZ02eotWu6RapbgtjSyEgz7KLEv%2BuvJ7KcCD6lELjTm%2Fi%2Bi%2BbYhHxWeT2swNvQt5SN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df625fcd9891e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.file-upload.com/mngez/css/app.css?v=1
104.21.79.149200 OK 0 B URL HTTP/2 www.file-upload.com/mngez/css/app.css?v=1
IP 104.21.79.149:0
GET /mngez/css/app.css?v=1 HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:48 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=253169
etag: W/"5cd288a6-3dcf1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 08 May 2019 07:43:34 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 50176499
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8xj0bgk4FZkd7Wj5AWlatL5mq2oQQjjdnXQ0uqVQ7Lhotbk9ljA1jgO8JfwNGYjVrfEwg9srHgxKTROOEbicg7VFjUf0A3nviT8WhmJnUpfuH446oQleN8eWw6KyOJdkN1qSkXzB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61b7935fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1727004793%3A1670423450488634&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsG6Or9UP76mwATu78g75HRvwuUP2scGGXobj_T1a2rixymUa7Q-nlwyHbdv3_YAVOslJyxkg
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1727004793%3A1670423450488634&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsG6Or9UP76mwATu78g75HRvwuUP2scGGXobj_T1a2rixymUa7Q-nlwyHbdv3_YAVOslJyxkg
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S-1727004793%3A1670423450488634&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsG6Or9UP76mwATu78g75HRvwuUP2scGGXobj_T1a2rixymUa7Q-nlwyHbdv3_YAVOslJyxkg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 07 Dec 2022 14:30:50 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-ll6zUdGYxqk87CHl7bzYPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.file-upload.com/assets/images/norton.png
104.21.79.149200 OK 0 B URL HTTP/2 www.file-upload.com/assets/images/norton.png
IP 104.21.79.149:0
GET /assets/images/norton.png HTTP/1.1
Host: www.file-upload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:48 GMT
content-type: image/png
cache-control: max-age=315360000
cf-bgj: csam-hash
etag: W/"5be576df-1363"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 09 Nov 2018 12:00:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 50064030
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gFFXu1emiB7N9zzNhfa6ql%2FcswZmwscRjVrFkNVGHmSKx9NzW06R3Yft5VLeWHc7FG0AO4mXH5K57cRdgrzS9gejCJJYHz1HNc7RvL0jtpK6G4kGxrWFXExG1Eb9lUBdOHYoRk98"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775df61b793afab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
GET /sb/au/50/77/d2/5077d2a4de96d9464e3c0d2ecf8bb3de/1601543282.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:56 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:28 GMT
etag: W/"6275e5b8-4b9"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 07 Dec 2022 15:30:56 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
bedrapiona.com/5/5003260/?oo=1&js_build=iclick-v1.458.0
139.45.197.234200 OK 0 B URL HTTP/2 bedrapiona.com/5/5003260/?oo=1&js_build=iclick-v1.458.0
IP 139.45.197.234:0
GET /5/5003260/?oo=1&js_build=iclick-v1.458.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.file-upload.com
Connection: keep-alive
Referer: http://www.file-upload.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 14:30:49 GMT
content-type: application/json
x-trace-id: 2669fd504e36d5ed8b094433570ed19d
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=2287533aea78431e869d3543d49ffe49; expires=Thu, 07 Dec 2023 14:30:49 GMT; path=/; secure; SameSite=None
oaidts=1670423449; expires=Thu, 07 Dec 2023 14:30:49 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.file-upload.com/
Origin: http://www.file-upload.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 07 Dec 2022 14:30:50 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www.file-upload.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3582
last-modified: Wed, 07 Dec 2022 13:31:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GwlOeh5EClaAQBmlpuk2r5aaTkqTHNljiowVbFSNLgnusDY%2FqB5Z3XCGKDtyCb8xEYawEQqn6tn67P7czsXpmhr9iDgXUWg9ssDzqAsM7n7Sufu2ozL8HIFikOQKsfox"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775df625fcd7891e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2